--- version: '1.0' owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: - vendor: ABB product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB product: ABB Remote Service cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - ABB Remote Platform (RAP) fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: - AlarmInsight KPI Dashboards 1.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB product: B&R Products cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: - See Vendor Advisory fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Abbott product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Abnormal Security product: Abnormal Security cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accellence product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accellence.de/en/articles/national-vulnerability-database-62 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accellion product: Kiteworks cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - v7.6 release unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to disable the possible attack vector on both CentOS 6 and CentOS 7."' references: - '' last_updated: '2021-12-16T00:00:00' - vendor: Acquia product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ActiveState product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adaptec product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Addigy product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adeptia product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adobe ColdFusion product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ADP product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: Active MFT cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.advsyscon.com/hc/en-us/articles/4413631831569 notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: MFT cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.advsyscon.com/hc/en-us/articles/4413631831569 notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: MFT Gateway cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.advsyscon.com/hc/en-us/articles/4413631831569 notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: MFT Server cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.advsyscon.com/hc/en-us/articles/4413631831569 notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2021-12-14T00:00:00' - vendor: AFAS Software product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANcart cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANmobile cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANServer cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANsuite cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANupdate cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANweb cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Agilysys product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Akamai product: SIEM Splunk Connector cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://splunkbase.splunk.com/app/4310/ notes: v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Alcatel product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://dokuwiki.alu4u.com/doku.php?id=log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alertus product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alexion product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alfresco product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AlienVault product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alphatron Medical product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.alphatronmedical.com/home.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Athena cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - Linux 1 - '2' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: [] notes: 'Notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: AWS API Gateway cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - All unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: AWS CloudHSM cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - < 3.4.1. fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS Connect cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - All unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation references: - '' last_updated: '2021-12-23T00:00:00' - vendor: Amazon product: AWS DynamoDB cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Unknown unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS EKS, ECS, Fargate cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - Unknown fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: To help mitigate the impact of the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions references: - '' last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS ElastiCache cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Unknown unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS ELB cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Unknown unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS Inspector cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Unknown unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS Kinesis Data Stream cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - Unknown fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher) references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon product: AWS Lambda cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - Unknown fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS Lambda cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - Unknown fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS RDS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Unknown unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228 references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS S3 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Unknown unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon product: AWS SNS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Unknown unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon product: AWS SQS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Unknown unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: CloudFront cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: CloudWatch cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: EC2 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - Amazon Linux 1 & 2 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: ELB cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: KMS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: OpenSearch cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - Unknown fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: RDS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Route 53 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: S3 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Translate cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/translate/ notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: VPC cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AMD product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 notes: Currently, no AMD products have been identified as affected. AMD is continuing its analysis. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Anaconda product: Anaconda cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 4.10.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://docs.conda.io/projects/conda/en/latest/index.html notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Apache product: ActiveMQ Artemis cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://activemq.apache.org/news/cve-2021-44228 notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Apache product: Airflow cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://github.com/apache/airflow/tree/main/airflow notes: Airflow is written in Python references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Camel cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 3.14.1.3.11.5 - 3.7.7 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel 2 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel JBang cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - <=3.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel K cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel Karaf cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel Quarkus cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: CamelKafka Connector cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Druid cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - < druid 0.22.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://github.com/apache/druid/releases/tag/druid-0.22.1 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Apache product: Flink cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - < 1.14.2 - 1.13.5 - 1.12.7 - 1.11.6 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://flink.apache.org/2021/12/10/log4j-cve.html notes: 'To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.' references: - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' last_updated: '2021-12-12T00:00:00' - vendor: Apache product: Kafka cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://kafka.apache.org/cve-list notes: The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, not v2. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: Kafka cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - Unknown fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://logging.apache.org/log4j/2.x/security.html notes: Only vulnerable in certain configuration(s) references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Log4j cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - < 2.15.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://logging.apache.org/log4j/2.x/security.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Solr cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 7.4.0 to 7.7.3 - 8.0.0 to 8.11.0 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 notes: Update to 8.11.1 or apply fixes as described in Solr security advisory references: - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' last_updated: '2021-12-16T00:00:00' - vendor: Apache product: Struts 2 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: - Versions before 2.5.28.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://struts.apache.org/announce-2021 notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). references: - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' last_updated: '2021-12-21T00:00:00' - vendor: Apache product: Tomcat cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: - 9.0.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://tomcat.apache.org/security-9.html notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) references: - '' last_updated: '2021-12-21T00:00:00' - vendor: APC by Schneider Electric product: Powerchute Business Edition cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - v9.5 - v10.0.1 - v10.0.2 - v10.0.3 - v10.0.4 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 notes: Mitigation instructions to remove the affected class. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: APC by Schneider Electric product: Powerchute Network Shutdown cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '4.2' - '4.3' - '4.4' - 4.4.1 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 notes: Mitigation instructions to remove the affected class. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Apereo product: CAS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 6.3.x & 6.4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://apereo.github.io/2021/12/11/log4j-vuln/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apereo product: Opencast cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - < 9.10 - < 10.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apigee product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://status.apigee.com/incidents/3cgzb0q2r10p notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apollo product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.apollographql.com/t/log4j-vulnerability/2214 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Appdynamics product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Appeon product: PowerBuilder cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - Appeon PowerBuilder 2017-2021 regardless of product edition fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: [] notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: AppGate product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Appian product: Appian Platform cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - All unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Application Performance Ltd product: DBMarlin cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: - Not Affected fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: [] notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Application Performance Ltd product: DBMarlin cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: APPSHEET product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aptible product: Aptible cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - ElasticSearch 5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aqua Security product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arbiter Systems product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arbiter.com/news/index.php?id=4403 notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: ARC Informatique product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 notes: '' references: - '' last_updated: '2022-01-13T00:00:00' - vendor: Arca Noae product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arcserve product: Arcserve Backup cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: Arcserve Continuous Availability cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: Arcserve Email Archiving cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: Arcserve UDP cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 6.5-8.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: ShadowProtect cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: ShadowXafe cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: Solo cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: StorageCraft OneXafe cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: ArcticWolf product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://arcticwolf.com/resources/blog/log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arduino product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ariba product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arista product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ataccama product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atera product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Bamboo Server & Data Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Bitbucket Server & Data Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence Server & Data Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Crowd Server & Data Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Crucible cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Fisheye cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Jira Server & Data Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Attivo networks product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atvise product: All cves: cve-2021-4104: investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. references: - '' last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://services.audiocodes.com/app/answers/kbdetail/a_id/2225 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autodesk product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html notes: Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Automox product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autopsy product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Auvik product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://status.auvik.com/incidents/58bfngkz69mj notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avantra SYSLINK product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avaya product: Avaya Analytics cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '3.5' - '3.6' - 3.6.1 - '3.7' - '4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura for OneCloud Private cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Application Enablement Services cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 8.1.3.2 - 8.1.3.3 - '10.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Contact Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 7.0.2 - 7.0.3 - '7.1' - 7.1.1 - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Device Services cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '8' - '8.1' - 8.1.4 - 8.1.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Device Services cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 8.0.1 - 8.0.2 - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Media Server cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 8.0.0 - 8.0.1 - 8.0.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Presence Services cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '10.1' - 7.1.2 - '8' - 8.0.1 - 8.0.2 - '8.1' - 8.1.1 - 8.1.2 - 8.1.3 - 8.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Session Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '10.1' - 7.1.3 - '8' - 8.0.1 - '8.1' - 8.1.1 - 8.1.2 - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® System Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '10.1' - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Web Gateway cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 3.11[P] - 3.8.1[P] - 3.8[P] - 3.9.1 [P] - 3.9[P] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Breeze™ cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '3.7' - '3.8' - 3.8.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Contact Center Select cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 7.0.2 - 7.0.3 - '7.1' - 7.1.1 - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya CRM Connector - Connected Desktop cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '2.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Device Enablement Service cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 3.1.22 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Meetings cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 9.1.10 - 9.1.11 - 9.1.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya one cloud private -UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya OneCloud-Private cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Session Border Controller for Enterprise cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 8.0.1 - '8.1' - 8.1.1 - 8.1.2 - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '[PSN020554u](https://download.avaya.com/css/public/documents/101079394)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Social Media Hub cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Workforce Engagement cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '5.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Business Rules Engine cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '3.4' - '3.5' - '3.6' - '3.7' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Callback Assist cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '5' - 5.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Control Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 9.0.2 - 9.0.2.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Device Enrollment Service cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '3.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Equinox™ Conferencing cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 9.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Interaction Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 7.3.9 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: IP Office™ Platform cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 11.0.4 - '11.1' - 11.1.1 - 11.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Proactive Outreach Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 3.1.2 - 3.1.3 - '4' - 4.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.avepoint.com/company/java-zero-day-vulnerability-notification notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AVM product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AvTech RoomAlert product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://avtech.com/articles/23124/java-exploit-room-alert-link/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AWS New product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXON product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXS Guard product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Axways Applications product: '' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.axway.com/news/1331/lang/en notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' ...