# CISA Log4j (CVE-2021-44228) Vulnerability Guidance This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the [official Apache release](https://logging.apache.org/log4j/2.x/security.html) and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.

**Official CISA Guidance & Resources:**
CISA Director Jen Easterly's Statement: [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability).
CISA Current Activity Alert: [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)

CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the log4j vulnerability, please feel free to open an issue [here](https://github.com/cisagov/log4j-affected-db/issues). We have a template available for your submission. Please also feel free to submit a pull request. # Status Descriptions |Status| Description | |------|-------------| | Unknown | Status unknown. Default choice. | | Affected| Reported to be affected by CVE-2021-44228. | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | | Fixed | Patch and/or mitigations available (see provided links). | | Under Investigation | Vendor investigating status. | # Software List | Vendor | Product | Version | Status | Update Available | Vendor Link | Notes | Other References | Last Updated | |:--------------|:----------------|:---------------:|:---------------:|:-----------------|-------------|-------|:-----------------|--------------:| | AIL | AIL | all | Not Affected | No | [source](https://twitter.com/ail_project/status/1470373644279119875) | | | 12/14/21 | | Apache | Cassandra | all | Not Affected | No | [source](https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr) | | | 12/14/21 | | Apache | Druid | 0.22.1 | Fixed | Yes | [source](https://github.com/apache/druid/pull/12051) | | | 12/14/21 | | Apache | Flink | 1.15.0, 1.14.1, 1.13.4 | Fixed | Yes | [source](https://issues.apache.org/jira/browse/FLINK-25240) | | | 12/14/21 | | Apache | Log4j | 2.15.0 | Fixed | Yes | [source](https://logging.apache.org/log4j/2.x/security.html) | | | 12/14/21 | | Apache | Kafka | Unknown | Affected | No | [source](https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv) | Only vulnerable in certain configuration | | 12/14/21 | | Apache | SOLR | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | Yes | [source](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Versions before 7.4 also vulnerable when using several configurations | | 12/14/21 | | Apache | Tika | 2.0.0 and up | Affected | No | [source](https://tika.apache.org/2.0.0/index.html) | | | 12/14/21 | | Apache | Tomcat | | Not Affected | No | [source](https://tomcat.apache.org/tomcat-9.0-doc/logging.html) | | | 12/14/21 | | Apache | Zookeeper | | Not Affected | No | [source](https://issues.apache.org/jira/browse/ZOOKEEPER-4423) | Zookeeper uses Log4j 1.2 version | | 12/14/21 | | Apereo | CAS | 6.3.x & 6.4.x | Fixed | Yes | [source](https://apereo.github.io/2021/12/11/log4j-vuln/) | Other versions still in active maintainance might need manual inspection | | 12/14/21 | | Apereo | Opencast | < 9.10, < 10.6 | Fixed | Yes | [source](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | 12/14/21 | | Apigee | Edge and OPDK products | All version | Not Affected | No | [source](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | 12/14/21 | | Aptible | Aptible | ElasticSearch 5.x | Fixed | Yes | [source](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | 12/14/21 | | Atlassian | Jira Server & Data Center | On prem | Affected | No | [source](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | Only vulnerable when using non-default config, cloud version still under investigation | | 12/14/21 | | Atlassian | Confluence Server & Data Center | On prem | Affected | No | [source](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | Only vulnerable when using non-default config, cloud version still under investigation | | 12/14/21 | | Atlassian | Bamboo Server & Data Center | On prem | Affected | No | [source](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | Only vulnerable when using non-default config, cloud version still under investigation | | 12/14/21 | | Atlassian | Crowd Server & Data Center | On prem | Affected | No | [source](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | Only vulnerable when using non-default config, cloud version still under investigation | | 12/14/21 | | Atlassian | Fisheye | On prem | Affected | No | [source](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | Only vulnerable when using non-default config, cloud version still under investigation | | 12/14/21 | | Atlassian | Crucible | On prem | Affected | No | [source](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | Only vulnerable when using non-default config, cloud version still under investigation | | 12/14/21 | | Amazon | EC2 | Amazon Linux 1 & 2 | Affected | No | [source](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Default packages not vulnerable | | 12/14/21 | | Amazon | OpenSearch | Unknown | Fixed | Yes | [source](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | 12/14/21 | | Amazon | AWS Lambda | Unknown | Fixed | Yes | [source](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Vulnerable when using aws-lambda-java-log4j2 | | 12/14/21 | | Amazon | AWS CloudHSM | < 3.4.1. | Fixed | Yes | [source](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | 12/14/21 | | Azure | Data lake store java | < 2.3.10 | Fixed | Yes | [source](https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310) | | | 12/14/21 | | APC | PowerChute Business Edition | Unknow to 10.0.2.301 | Affected | No | | | | 12/14/21 | | APC | PowerChute Network Shutdown | Unknow to 4.2.0 | Affected | No | | | | 12/14/21 | | Akamai | Siem Splunk Connector | Unknown to latest | Affected | No | [source](https://github.com/akamai/siem-splunk-connector) | | 12/14/21 | | Avaya | | | Affected | No | [source](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | 12/14/21 | | Backblaze | Cloud | N/A (SaaS) | Fixed | Yes | [source](https://help.backblaze.com/hc/en-us/articles/4412580603419) | Cloud service patched | | 12/14/21 | | BigBlueButton | BigBlueButton | Unknown | Not Affected | No | [source](https://github.com/bigbluebutton/bigbluebutton/issues/13897) | | | 12/14/21 | | Bitdefender | GravityZone On-Premises | Unknown | Not Affected | No | [source](https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability) | | | 12/14/21 | | Bitnami | Unknown | Unknown | Fixed | Yes | [source](https://docs.bitnami.com/general/security/security-2021-12-10/) | | | 12/14/21 | | Brian Pangburn | SwingSet | < 4.0.6 | Fixed | Yes | [source](https://github.com/bpangburn/swingset/releases/tag/swingset-4.0.6) | | | 12/14/21 | | Broadcom | CA Advanced Protection | 9.1 & 9.1.01 | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Endpoint Protection Manager (SEPM) | 14.3 | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Advanced Secure Gateway (ASG) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | BCAAA | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Content Analysis (CA)(SEPM) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Cloud Workload Protection (CWP) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Cloud Workload Protection for Storage (CWP:S) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Critical System Protection (CSP) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Email Security Service (ESS) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | HSM Agent | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Industrial Control System Protection (ICSP) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Integrated Cyber Defense Manager (ICDm) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Integrated Secure Gateway (ISG) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Layer7 API Developer Portal | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Management Center (MC) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | PacketShaper (PS) S-Series | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | PolicyCenter (PC) S-Series | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Privileged Access Manager | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Privileged Access Manager Server Control | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Privileged Identity Manager | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Reporter | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Secure Access Cloud (SAC) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | SiteMinder (CA Single Sign-On) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | SSL Visibility (SSLV) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Endpoint Detection and Response (EDR) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Endpoint Encryption (SEE) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Endpoint Protection (SEP) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Endpoint Protection (SEP) for Mobile | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Mail Security for Microsoft Exchange (SMSMSE) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Messaging Gateway (SMG) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Protection Engine (SPE) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Protection for SharePoint Servers (SPSS) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | VIP Authentication Hub | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Web Isolation (WI) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Web Security Service (WSS)) | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | WebPulse | Unknown | Fixed | Yes | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | CloudSOC Cloud Access Security Broker (CASB) | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Control Compliance Suite (CCS) | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Data Center Security (DCS) | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Data Loss Prevention (DLP) | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Ghost Solution Suite (GSS) | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | IT Management Suite | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Layer7 API Gateway | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Layer7 Mobile API Gateway | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | ProxySG | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Security Analytics (SA) | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Directory | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec Identity Governance and Administration (IGA) | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | Symantec PGP Solutions | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Broadcom | VIP | Unknown | Not Affected | No | [source](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | 12/14/21 | | Carbon Black | Cloud Workload Appliance | Unknown | Not Affected | No | [source](https://community.carbonblack.com/t5/Documentation-Downloads/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134) | More information on pages linked bottom of blogpost (behind login) | | 12/14/21 | | Carbon Black | EDR Servers | Unknown | Not Affected | No | [source](https://community.carbonblack.com/t5/Documentation-Downloads/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134) | More information on pages linked bottom of blogpost (behind login) | | 12/14/21 | | Cerberus | FTP | Unknown | Not Affected | No | [source](https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability) | | | 12/14/21 | | Cerebrate | Cerebrate | All | Not Affected | No | [source](https://twitter.com/cerebrateproje1/status/1470347775141421058) | | | 12/14/21 | | Checkpoint | Quantum Security Gateway | Unknown | Not Affected | No | [source](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS) | | | 12/14/21 | | Checkpoint | Quantum Security Management | Unknown | Not Affected | No | [source](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS) | | | 12/14/21 | | Checkpoint | CloudGuard | Unknown | Not Affected | No | [source](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS) | | | 12/14/21 | | Checkpoint | Infinity Portal | Unknown | Not Affected | No | [source](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS) | | | 12/14/21 | | Checkpoint | Harmony Endpoint & Harmony Mobile | Unknown | Not Affected | No | [source](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS) | | | 12/14/21 | | Checkpoint | SMB | Unknown | Not Affected | No | [source](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS) | | | 12/14/21 | | Checkpoint | ThreatCloud | Unknown | Not Affected | No | [source](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS) | | | 12/14/21 | | Chef | Infra Server | All | Not Affected | No | [source](https://www.chef.io/blog/is-chef-vulnerable-to-cve-2021-44228-(log4j)) | | | 12/14/21 | | Chef | Automate | All | Not Affected | No | [source](https://www.chef.io/blog/is-chef-vulnerable-to-cve-2021-44228-(log4j)) | | | 12/14/21 | | Chef | Backend | All | Not Affected | No | [source](https://www.chef.io/blog/is-chef-vulnerable-to-cve-2021-44228-(log4j)) | | | 12/14/21 | | Cisco | General Cisco Disclaimer | Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly | Not Affected | No | | | | 12/14/21 | | Cisco | AnyConnect Secure Mobility Client | All versions | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco SocialMiner | All versions | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Extensible Network Controller (XNC) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Nexus Data Broker | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Nexus Insights | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Wide Area Application Services (WAAS) | All versions | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco AMP Virtual Private Cloud Appliance | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Adaptive Security Appliance (ASA) Software | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Advanced Web Security Reporting Application | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Content Security Management Appliance (SMA) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Email Security Appliance (ESA) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Firepower 4100 Series | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Firepower 9300 Security Appliances | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Firepower Management Center | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Firepower Threat Defense (FTD) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Identity Services Engine (ISE) | Unknown | Affected | No | [source](https://tools.cisco.com/bugsearch/bug/CSCwa47133) | | | 12/14/21 | | Cisco | Cisco Web Security Appliance (WSA) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco ACI Multi-Site Orchestrator | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Application Policy Infrastructure Controller (APIC) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco CloudCenter Suite Admin | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco CloudCenter Workload Manager | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Connected Grid Device Manager | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Connected Mobile Experiences | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Crosswork Change Automation | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco DNA Assurance | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Data Center Network Manager (DCNM) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Elastic Services Controller (ESC) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Modeling Labs | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Network Planner | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Network Services Orchestrator (NSO) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Nexus Dashboard (formerly Cisco Application Services Engine) | <2.1.2 | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | Patch expected 7-jan-2022 | | 12/14/21 | | Cisco | Cisco Optical Network Planner | Unknown | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Policy Suite | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Central for Service Providers | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Collaboration Assurance | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Collaboration Manager | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Collaboration Provisioning | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Infrastructure | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime License Manager | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Network Registrar | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Optical for Service Providers | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Provisioning | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Service Catalog | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco UCS Performance Manager | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco WAN Automation Engine (WAE) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco ACI Virtual Edge | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco ASR 5000 Series Routers | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco DNA Center | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Enterprise NFV Infrastructure Software (NFVIS) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco GGSN Gateway GPRS Support Node | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco IOS and IOS XE Software | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco IOx Fog Director | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco IP Services Gateway (IPSG) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco MDS 9000 Series Multilayer Switches | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco MME Mobility Management Entity | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Mobility Unified Reporting and Analytics System | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Network Assurance Engine | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Network Convergence System 2000 Series | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Nexus 5500 Platform Switches | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Nexus 5600 Platform Switches | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Nexus 6000 Series Switches | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Nexus 7000 Series Switches | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco PDSN/HA Packet Data Serving Node and Home Agent | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco PGW Packet Data Network Gateway | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco SD-WAN vEdge 1000 Series Routers | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco SD-WAN vEdge 2000 Series Routers | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco SD-WAN vEdge 5000 Series Routers | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco SD-WAN vEdge Cloud Router Platform | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco SD-WAN vManage | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Secure Network Analytics (SNA), formerly Stealthwatch | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco System Architecture Evolution Gateway (SAEGW) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco HyperFlex System | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco UCS Manager | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco BroadWorks | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Broadcloud Calling | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Computer Telephony Integration Object Server (CTIOS) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Contact Center Domain Manager (CCDM) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Contact Center Management Portal (CCMP) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Emergency Responder | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Enterprise Chat and Email | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Finesse | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Packaged Contact Center Enterprise | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Paging Server (InformaCast) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Paging Server | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Attendant Console Advanced | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Attendant Console Business Edition | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Attendant Console Department Edition | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Attendant Console Enterprise Edition | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Attendant Console Premium Edition | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Contact Center Enterprise | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Contact Center Express | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Customer Voice Portal | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Intelligent Contact Management Enterprise | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified SIP Proxy Software | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Virtualized Voice Browser | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Exony Virtualized Interaction Manager (VIM) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Expressway Series | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Meeting Server | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco TelePresence Management Suite | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco TelePresence Video Communication Server (VCS) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Vision Dynamic Signage Director | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Mobility Services Engine | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco CX Cloud Agent Software | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Cloud Email Security | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Cognitive Intelligence | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Common Services Platform Collector | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Connectivity | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco DNA Spaces | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Defense Orchestrator | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Intersight | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco IoT Operations Dashboard | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Kinetic for Cities | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Network Assessment (CNA) Tool | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Umbrella | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Managed Services Accelerator (MSX) Network Access Control Service | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | AppDynamics | <21.12.0 | Fixed | Yes | [source](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | 12/14/21 | | Cisco | Cisco Webex Meetings Server | Unknown | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Evolved Programmable Network Manager | Unknown | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Integrated Management Controller (IMC) Supervisor | Unknown | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Intersight Virtual Appliance | Unknown | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco UCS Director | Unknown | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Contact Center Enterprise - Live Data server | Unknown | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Video Surveillance Operations Manager | Unknown | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Communications Manager Cloud | Unknown | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Webex Cloud-Connected UC (CCUC) | Unknown | Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Duo | Unknown | Fixed | Yes | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Jabber Guest | All versions | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Cloud Services Platform 2100 | All versions | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Cloud Services Platform 5000 Series | All versions | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Tetration Analytics | All versions | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Adaptive Security Device Manager | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Registered Envelope Service | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Business Process Automation | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco CloudCenter Action Orchestrator | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Container Platform | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Access Registrar | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Cable Provisioning | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Collaboration Deployment | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime IP Express | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Network Registrar | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Prime Performance Manager | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Security Manager | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco UCS Central Software | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco IOS XR Software | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Nexus 3000 Series Switches | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Nexus 9000 Series Switches in standalone NX-OS mode | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco UCS C-Series Rack Servers - Integrated Management Controller | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Hosted Collaboration Mediation Fulfillment | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Communications Domain Manager | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unified Intelligence Center | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unity Connection | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Unity Express | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Ultra Packet Core | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | Cisco | Cisco Smart Software Manager On-Prem | Unknown | Not Affected | No | [source](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | 12/14/21 | | CIS-CAT | CIS-CAT Pro Assessor | 4.12.0 and below | Affected | No | [proof] () | Found by manual scanning | | 12/14/21 | | Citrix | NetScaler ADC | Unknown | Affected | No | [source](https://support.citrix.com/article/CTX335705) | Implementation not using WlonNS feature, is not impacted | | 12/14/21 | | Citrix | NetScaler Gateway | Unknown | Affected | No | [source](https://support.citrix.com/article/CTX335705) | | | 12/14/21 | | Citrix | Analytics | Unknown | Affected | No | [source](https://support.citrix.com/article/CTX335705) | | | 12/14/21 | | Citrix | Application Delivery Management (NetScaler MAS) | Unknown | Not Affected | No | [source](https://support.citrix.com/article/CTX335705) | | | 12/14/21 | | Citrix | Hypervisor (XenServer) | Unknown | Not Affected | No | [source](https://support.citrix.com/article/CTX335705) | | | 12/14/21 | | Citrix | SD-WAN | Unknown | Not Affected | No | [source](https://support.citrix.com/article/CTX335705) | | | 12/14/21 | | Citrix | Virtual Apps and Desktops (XenApp & XenDesktop) | Unknown | Not Affected | No | [source](https://support.citrix.com/article/CTX335705) | | | 12/14/21 | | Citrix | Workspace | Unknown | Not Affected | No | [source](https://support.citrix.com/article/CTX335705) | | | 12/14/21 | | Citrix | Workspace App | Unknown | Not Affected | No | [source](https://support.citrix.com/article/CTX335705) | | | 12/14/21 | | Citrix | Sharefile | Unknown | Not Affected | No | [source](https://support.citrix.com/article/CTX335705) | | | 12/14/21 | | cPanel | cPanel | Unknown | Not Affected | No | [source](https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/) | | | 12/14/21 | | Commvault | All products | All versions | Not Affected | No | [source](https://community.commvault.com/technical-q-a-2/log4j-been-used-in-commvault-1985?postid=11745#post11745) | | | 12/14/21 | | Commvault | Cloud Apps & Oracle & MS-SQL | All supported versions | Not Affected | No | [source](https://documentation.commvault.com/11.24/essential/146231_security_vulnerability_and_reporting.html) | | | 12/14/21 | | Connect2id | Connect2id server | < 12.5.1 | Fixed | Yes | [source](https://connect2id.com/blog/connect2id-server-12-5-1) | | | 12/14/21 | | Connectwise | Perch | Unknown | Fixed | Yes | [source](https://www.connectwise.com/company/trust/advisories) | | | 12/14/21 | | Connectwise | Manage on-premise's Global Search | Unknown | Fixed | Yes | [source](https://www.connectwise.com/company/trust/advisories) | | | 12/14/21 | | Connectwise | Marketplace | Unknown | Fixed | Yes | [source](https://www.connectwise.com/company/trust/advisories) | | | 12/14/21 | | Connectwise | Global search capability of Manage Cloud | Unknown | Fixed | Yes | [source](https://www.connectwise.com/company/trust/advisories) | | | 12/14/21 | | Connectwise | StratoZen | Unknown | Fixed | Yes | [source](https://www.connectwise.com/company/trust/advisories) | Urgent action for self-hosted versions | | 12/14/21 | | Contrast | Hosted SaaS Enviroments | All | Fixed | Yes | [source](https://support.contrastsecurity.com/hc/en-us/articles/4412612486548) | | | 12/14/21 | | Contrast | On-premises (EOP) Environments | All | Fixed | Yes | [source](https://support.contrastsecurity.com/hc/en-us/articles/4412612486548) | | | 12/14/21 | | Contrast | Java Agent | All | Not Affected | No | [source](https://support.contrastsecurity.com/hc/en-us/articles/4412612486548) | | | 12/14/21 | | Contrast | Scan | All | Fixed | Yes | [source](https://support.contrastsecurity.com/hc/en-us/articles/4412612486548) | | | 12/14/21 | | ControlUp | All products | All versions | Fixed | Yes | [source](https://status.controlup.com/incidents/qqyvh7b1dz8k) | | | 12/14/21 | | Coralogix | Coralogix | Unknown | Fixed | Yes | [source](https://status.coralogix.com/incidents/zzfn8t0fzdy2?u=1q9952ycm1gr) | | | 12/14/21 | | Couchbase | Couchbase ElasticSearch connector | < 4.3.3 & 4.2.13 | Fixed | Yes | [source](https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402) | | | 12/14/21 | | Cryptshare | Cryptshare Server | All | Not Affected | No | [source](https://www.cryptshare.com/nl/support/cryptshare-support/) | | | 12/14/21 | | Cryptshare | Cryptshare for Outlook | All | Not Affected | No | [source](https://www.cryptshare.com/nl/support/cryptshare-support/) | | | 12/14/21 | | Cryptshare | Cryptshare for Notes | All | Not Affected | No | [source](https://www.cryptshare.com/nl/support/cryptshare-support/) | | | 12/14/21 | | Cryptshare | Cryptshare for NTA 7516 | All | Not Affected | No | [source](https://www.cryptshare.com/nl/support/cryptshare-support/) | | | 12/14/21 | | Cryptshare | Cryptshare .NET API | All | Not Affected | No | [source](https://www.cryptshare.com/nl/support/cryptshare-support/) | | | 12/14/21 | | Cryptshare | Cryptshare Java API | All | Not Affected | No | [source](https://www.cryptshare.com/nl/support/cryptshare-support/) | | | 12/14/21 | | Cryptshare | Cryptshare Robot | All | Not Affected | No | [source](https://www.cryptshare.com/nl/support/cryptshare-support/) | | | 12/14/21 | | Cyberark | PAS Self Hosted | | Not Affected | No | [source](https://cyberark-customers.force.com ) | | | 12/14/21 | | Cybereason | All Cybereason products | Unknown | Not Affected | No | [source](https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228) | | | 12/14/21 | | DatadogHQ | Datadog Agent | 6 < [6.32.2](https://github.com/DataDog/datadog-agent/releases/tag/6.32.2), 7 < [7.32.2](https://github.com/DataDog/datadog-agent/releases/tag/7.32.2) | Fixed | Yes | [source](vendor-statements/DatadogHQ%20-%20Our_response_to_log4j_vulnerability.pdf) | JMX monitoring component leverages an impacted version of log4j | | 12/14/21 | | Datto | All Datto products | Unknown | Not Affected | No | [source](https://www.datto.com/blog/dattos-response-to-log4shell) | | | 12/14/21 | | Debian | Apache-log4j.1.2 | stretch, buster, bullseye | Fixed | Yes | [source](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | 12/14/21 | | Debian | Apache-log4j2 | stretch, buster, bullseye | Fixed | Yes | [source](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | 12/14/21 | | Dell | BSAFE Crypto-C Micro Edition | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | BSAFE Crypto-J | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | BSAFE Micro Edition Suite | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Centera | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Chassis Management Controller (CMC) | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Cloudlink | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Cloud Mobility for Dell EMC Storage | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Data Domain OS | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | Disk Library for Mainframe | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Embedded NAS | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC Cloud Disaster Recovery | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | EMC DataIQ | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC ECS | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | EMC Integrated System for Microsoft Azure Stack Hub | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC License Manager | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC NetWorker | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC Networking Onie | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC ObjectScale | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | EMC PowerFlex Appliance | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerFlex Manager | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerFlex Rack | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerMax | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerPath Management Appliance | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerPath | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerProtect Cyber Recovery | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerProtect Data Manager | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerProtect DP Series Appliance (iDPA) | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | EMC PowerScale OneFS | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerShell for PowerMax | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerShell for Powerstore | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerShell for Unity | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC PowerStore | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | EMC PowerSwitch Z9264F-ON BMC, Dell EMC PowerSwitch Z9432F-ON BMC | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | EMC RecoverPoint | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | EMC Repository Manager (DRM) | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC SourceOne | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC SRM vApp | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC Streaming Data Platform | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | EMC Systems Update (DSU) | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC Unity | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | EMC Virtual Storage Integrator | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC VPLEX | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | EMC VxRail | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | EMC XtremIO | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Enterprise Hybrid Cloud | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | GeoDrive | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Hybrid Client (DHC) | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | ImageAssist | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Insight IQ | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Integrated Dell Remote Access Controller (iDRAC) | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | IsilonSD Management Server | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Mainframe Enablers | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | MyDell Mobile | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | NetWorker Management Console | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | NetWorker MM for Hyper-V | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Networking N-Series | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Networking OS9 | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Networking OS | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Networking SD-WAN Edge | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Networking W-Series | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Networking X-Series | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | OMIMSSC (OpenManage Integration for Microsoft System Center) | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | OpenManage Change Management | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | OpenManage Enterprise | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | OpenManage Integration for Microsoft System Center for System Center Operations Manager | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | OpenManage Integration with Microsoft Windows Admin Center | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Open Management Enterprise - Modular | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | Open Manage Mobile | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | OpenManage Network Integration | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Open Manage Server Administrator | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | PowerEdge BIOS | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Remotely Anywhere | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Secure Connect Gateway (SCG) 5.0 Appliance | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Smart Fabric Storage Software | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Solutions Enabler | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Sonic | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | SRS Policy Manager | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | SRS VE | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | SupportAssist Client Commercial | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | SupportAssist Client Consumer | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | SupportAssist Enterprise | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Unisphere Central | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | Unisphere for PowerMax | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Vblock | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | ViPR Controller | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | VNX2 | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | VNX Control Station | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Vsan Ready Nodes | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | VxBlock | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | VxFlex Ready Nodes | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Wyse Management Suite Import Tool | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Wyse Management Suite | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Dell | Wyse Proprietary OS (ThinOS) | Unknown | Not Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/14/21 | | Dell | Wyse Windows Embedded | Unknown | Affected | No | [source](https://www.dell.com/support/kbdoc/nl-nl/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Fix Release Timeline TBD | | 12/14/21 | | Docker | Docker infrastructure | Unknown | Not Affected | No | [source](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) | Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. | | 12/14/21 | | Dropwizard | Dropwizard | Unknown | Not Affected | No | [source](https://twitter.com/dropwizardio/status/1469285337524580359) | Only vulnerable if you manually added Log4j | | 12/14/21 | | Dynatrace | Dynatrace Cloud Services | Unknown | Fixed | Yes | [source](https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282) | | | 12/14/21 | | Dynatrace | ActiveGates | 1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926 | Fixed | Yes | [source](https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282) | | | 12/14/21 | | EAL | ATS Classic | All Versions | Fixed | Yes | See vendor-statements | | | 12/14/21 | | Elastic | APM Java Agent | 1.17.0-1.28.0 | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | Only vulnerable with specific configuration | | 12/14/21 | | Elastic | APM Server | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Beats | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Cmd | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Elastic Agent | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Elastic Cloud | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Elastic Cloud Enterprise | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Elastic Cloud on Kubernetes | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Elastic Endgame | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Elastic Maps Service | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Elasticsearch | < 6.8.21, < 7.16.1 | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | Information leakage vulnerability | | 12/14/21 | | Elastic | Endpoint Security | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Enterprise Search | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Fleet Server | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Kibana | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Logstash | < 6.8.21, < 7.16.1 | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Machine Learning | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | Elastic | Swiftype | | Fixed | Yes | [source](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/14/21 | | ELO | Digital Office | | Fixed | Yes | [source](http://www.elo.com) | | | 12/14/21 | | ESET | All products | Unknown | Not Affected | No | [source](https://forum.eset.com/topic/30691-log4j-vulnerability/) | | | 12/14/21 | | Esri | ArcGIS Enterprise and related products | < 10.8.0 | Affected | No | [source](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | | | 12/14/21 | | EVL Labs | JGAAP | <8.0.2 | Fixed | Yes | [source](https://github.com/evllabs/JGAAP/releases/tag/v8.0.2) | | | 12/14/21 | | eXtreme Hosting | All products | Unknown | Not Affected | No | [source](https://extremehosting.nl/log4shell-log4j/) | | | 12/14/21 | | F5 | All products | | Not Affected | No | [source](https://support.f5.com/csp/article/K19026212) | F5 products themselves are not vulnerable, but F5 published guidance on mitigating through BIG-IP ASM/Advanced WAF and NGINX App Protect | | 12/14/21 | | FileCap | All products | <5.1.0 | Affected | No | [source](https://mailchi.mp/3f82266e0717/filecap-update-version-511) | Fix: 5.1.1 | | 12/14/21 | | Fiix | CMMS core | V5 | Fixed | Yes | [source](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | 12/14/21 | | Forcepoint | DLP Manager | | Fixed | Yes | [source](https://support.forcepoint.com) | | | 12/14/21 | | Forcepoint | Forcepoint Cloud Security Gateway (CSG) | | Not Affected | No | [source](https://support.forcepoint.com) | | | 12/14/21 | | Forcepoint | Next Generation Firewall (NGFW) | | Not Affected | No | [source](https://support.forcepoint.com) | | | 12/14/21 | | Forcepoint | Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder | | Not Affected | No | [source](https://support.forcepoint.com) | | | 12/14/21 | | Forcepoint | One Endpoint | | Not Affected | No | [source](https://support.forcepoint.com) | | | 12/14/21 | | Forcepoint | Security Manager (Web, Email and DLP) | | Fixed | Yes | [source](https://support.forcepoint.com) | | | 12/14/21 | | ForgeRock | Autonomous Identity | | Fixed | Yes | [source](https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa) | all other ForgeRock products not vuln | | 12/14/21 | | Fortinet | FortiAIOps | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiAnalyzer Cloud | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiAnalyzer | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiAP | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiAuthenticator | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiCASB | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiConvertor | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiDeceptor | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiEDR Agent | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiEDR Cloud | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiGate Cloud | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiGSLB Cloud | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiMail | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiManager Cloud | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiManager | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiNAC | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiNAC | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiOS (includes FortiGate & FortiWiFi) | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiPhish Cloud | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiPolicy | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiPortal | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiRecorder | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiSIEM | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiSOAR | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiSwitch Cloud in FortiLANCloud | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiSwitch & FortiSwitchManager | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiToken Cloud | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiVoice | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | FortiWeb Cloud | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | Fortinet | ShieldX | | Affected | No | [source](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | 12/14/21 | | F-Secure | Endpoint Proxy | 13-15 | Fixed | Yes | [source](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | 12/14/21 | | F-Secure | Policy Manager | 13-15 | Fixed | Yes | [source](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | 12/14/21 | | F-Secure | Policy Manager Proxy | 13-15 | Fixed | Yes | [source](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | 12/14/21 | | FusionAuth | FusionAuth | 1.32 | Fixed | Yes | [source](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | 12/14/21 | | Genesys | All products | | Fixed | Yes | [source](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | 12/14/21 | | GFI Software | Kerio Connect | | Affected | No | [source](https://forums.gfi.com/index.php?t=msg&th=39096&start=0&) | | | 12/14/21 | | GoAnywhere | MFT | Unknown | Fixed | Yes | [source](https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps) | | | 12/14/21 | | GoAnywhere | Gateway | Unknown | Fixed | Yes | [source](https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps) | | | 12/14/21 | | GoAnywhere | Agents | Unknown | Fixed | Yes | [source](https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps) | | | 12/14/21 | | Graylog | Graylog | < 3.3.15,<4.0.14,<4.1.9,<4.2.3 | Fixed | Yes | [source](https://www.graylog.org/post/graylog-update-for-log4j) | | | 12/14/21 | | GuardedBox | GuardedBox | <3.1.2 | Fixed | Yes | [source](https://twitter.com/GuardedBox/status/1469739834117799939) | | | 12/14/21 | | HackerOne | Unknown | Unknown | Fixed | Yes | [source](https://twitter.com/jobertabma/status/1469490881854013444) | | | 12/14/21 | | Hashicorp | All products | | Fixed | Yes | [source](https://support.hashicorp.com/hc/en-us/articles/4412469195795-CVE-2021-44228-Log4J-has-no-impact-on-HashiCorp-Products) | | | 12/14/21 | | HCL Software | BigFix Compliance | Unknown | Fixed | Yes | [source](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | | | 12/14/21 | | HCL Software | BigFix Inventory | Unknown | Fixed | Yes | [source](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | | | 12/14/21 | | HCL Software | BigFix Compliance | Unknown | Fixed | Yes | [source](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | | | 12/14/21 | | HCL Software | BigFix Compliance | Unknown | Fixed | Yes | [source](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | | | 12/14/21 | | Hexagon | M.App Enterprise | Unknown | Fixed | Yes | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | Might be vulnerable only when used with Geoprocessing Server | | 12/14/21 | | Hexagon | ERDAS APOLLO Advantage & Professional | Unknown | Fixed | Yes | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | | | 12/14/21 | | Hexagon | GeoMedia | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | | | 12/14/21 | | Hexagon | IMAGINE | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | | | 12/14/21 | | Hexagon | ImageStation | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | | | 12/14/21 | | Hexagon | GeoMedia WebMap | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | | | 12/14/21 | | Hexagon | Geospatial Portal | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | | | 12/14/21 | | Hexagon | Geospatial SDI | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | | | 12/14/21 | | Hexagon | GeoMedia SmartClient | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | | | 12/14/21 | | Hexagon | ERDAS APOLLO Essentials | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | | | 12/14/21 | | Hexagon | M.App Enterprise standalone or with Luciad Fusion | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | | | 12/14/21 | | Hexagon | Luciad Fusion | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | The only risk is if Log4J was implemented outside of the default product install | | 12/14/21 | | Hexagon | Luciad Lightspeed | Unknown | Not Affected | No | [source](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2) | The only risk is if Log4J was implemented outside of the default product install | | 12/14/21 | | Hitachi Vantara | Pentaho | v8.3.x, v9.2.x | Not Affected | No | [source](https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho-) | | | 12/14/21 | | HostiFi | Unifi hosting | Unknown | Fixed | Yes | [source](https://twitter.com/hostifi_net/status/1440311322592231436) | Hosted Unifi solution | | 12/14/21 | | Huawei | All products | | Fixed | Yes | [source](https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en) | | | 12/14/21 | | IBM | All products | | Fixed | Yes | [source](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/) | | | 12/14/21 | | IBM | Curam SPM | 8.0.0, 7.0.11 | Affected | No | [source](https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-cram-social-program-management-cve-2019-17571/) | | | 12/14/21 | | IBM | Sterling Order Management | Unknown | Not Affected | No | [source](https://www.ibm.com/support/pages/node/6525544) | | | 12/14/21 | | IBM | Sterling Fulfillment Optimizer | Unknown | Affected | No | [source](https://www.ibm.com/support/pages/node/6525544) | | | 12/14/21 | | IBM | Sterling Inventory Visibility | Unknown | Affected | No | [source](https://www.ibm.com/support/pages/node/6525544) | | | 12/14/21 | | IBM | Websphere | 8.5 | Affected | No | [source](https://www.ibm.com/support/pages/node/6525706/) | fix: PH42728 | | 12/14/21 | | IBM | Websphere | 9.0 | Affected | No | [source](https://www.ibm.com/support/pages/node/6525706/) | fix: PH42728 | | 12/14/21 | | Inductive Automation | Ignition | All versions | Affected | No | [source](https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day) | | | 12/14/21 | | Informatica | Axon | 7.2.x | Fixed | Yes | [source](https://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products) | | | 12/14/21 | | Informatica | Data Privacy Management | 10.5, 10.5.1 | Fixed | Yes | [source](https://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products) | | | 12/14/21 | | Informatica | Information Deployment Manager | | Fixed | Yes | [source](https://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products) | | | 12/14/21 | | Informatica | Metadata Manager | 10.4, 10.4.1, 10.5, 10.5.1 | Fixed | Yes | [source](https://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products) | | | 12/14/21 | | Informatica | PowerCenter | 10.5.1 | Fixed | Yes | [source](https://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products) | | | 12/14/21 | | Informatica | PowerExchange for CDC (Publisher) and Mainframe | 10.5.1 | Fixed | Yes | [source](https://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products) | | | 12/14/21 | | Informatica | Product 360 | All versions | Fixed | Yes | [source](https://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products) | | | 12/14/21 | | Informatica | Secure Agents (Cloud hosted) | Unknown | Fixed | Yes | [source](https://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-updates-for-Informatica-Cloud-and-Cloud-Hosted-Software) | Fixed agents may need to be restarted | | 12/14/21 | | IronNet | All products | All verisons | Fixed | Yes | [source](https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability) | | | 12/14/21 | | Ivanti | All products | All versions | Fixed | Yes | [source](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping) | No products are deemed affected at this moment | | 12/14/21 | | JFrog | all products | | Fixed | Yes | [source](https://twitter.com/jfrog/status/1469385793823199240) | | | 12/14/21 | | Jamf Nation | Jamf Cloud | Unknown | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | | | 12/14/21 | | Jamf Nation | Jamf Pro (hosted on-prem) | < 10.34.1 | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | <10.14 vulnerable, 10.14-10.34 patch, >= 10.34.1 fix | | 12/14/21 | | Jamf Nation | Health Care Listener | Unknown | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | | | 12/14/21 | | Jamf Nation | Jamf Connect | Unknown | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | | | 12/14/21 | | Jamf Nation | Jamf Data Policy | Unknown | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | | | 12/14/21 | | Jamf Nation | Jamf Infrastructure Manager | Unknown | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | | | 12/14/21 | | Jamf Nation | Jamf Now | Unknown | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | | | 12/14/21 | | Jamf Nation | Jamf Private Access | Unknown | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | | | 12/14/21 | | Jamf Nation | Jamf Protect | Unknown | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | | | 12/14/21 | | Jamf Nation | Jamf School | Unknown | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | | | 12/14/21 | | Jamf Nation | Jamf Threat Defense | Unknown | Fixed | Yes | [source](https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740) | | | 12/14/21 | | Jazz/IBM | JazzSM DASH | Unknown | Fixed | Yes | [source](https://www.ibm.com/support/pages/node/6525552) | DASH on WebSphere Application Server requires mitigations | | 12/14/21 | | Jenkins | Jenkins CI | Unknown | Fixed | Yes | [source](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | Invidivual plugins not developed as part of Jenkins core *may* be vulnerable. | | 12/14/21 | | JetBrains | YouTrack Standalone | >= 2019.2 <= 2021.4.34389 | Fixed | Yes | | email, [mitigation](https://www.jetbrains.com/help/youtrack/standalone/Configure-JVM-Options.html#set-jvm-options-jar) | | 12/14/21 | | Jetbrains | TeamCity | Unknown | Fixed | Yes | [source](https://youtrack.jetbrains.com/issue/TW-74298) | | | 12/14/21 | | Jitsi | jitsi-videobridge | v2.1-595-g3637fda42 | Fixed | Yes | [source](https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md) | | | 12/14/21 | | Kaseya | AuthAnvil | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | BMS | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | ID Agent DarkWeb ID and BullPhish ID | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | IT Glue | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | MyGlue | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | Network Glue | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | Passly | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | RocketCyber | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | Spannign Salesforce Backup | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | Spanning O365 Backup | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | Unitrends | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | VSA SaaS and VSA On-Premises | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | Vorex | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Kaseya | products not listed above | Unknown | Fixed | Yes | [source](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | 12/14/21 | | Keycloak | Keycloak | all version | Fixed | Yes | [source](https://github.com/keycloak/keycloak/discussions/9078) | | | 12/14/21 | | LeanIX | All products | All versions | Fixed | Yes | [source](https://www.leanix.net/en/blog/log4j-vulnerability-log4shell) | | | 12/14/21 | | Lightbend | Akka | Unknown | Fixed | Yes | [source](https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275) | | | 12/14/21 | | Lightbend | Akka Serverless | Unknown | Fixed | Yes | [source](https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275) | | | 12/14/21 | | Lightbend | Lagom Framework | Unknown | Fixed | Yes | [source](https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275) | Users that switched from logback to log4j are affected | | 12/14/21 | | Lightbend | Play Framework | Unknown | Fixed | Yes | [source](https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275) | Users that switched from logback to log4j are affected | | 12/14/21 | | LogicMonitor | LogicMonitor SaaS Platform | Unknown | Fixed | Yes | | Automatic update before 13th December [source](https://communities.logicmonitor.com/topic/7472-logicmonitor-collectors-running-vulnerable-version-of-log4j-are-affected-by-log4shell-cve-2021-44228-vulnerability/) | | 12/14/21 | | The Linux Foundation | XCP-ng | All versions | Not Affected | No | [source](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | 12/14/21 | | LiquidFiles | LiquidFiles | All versions | Not Affected | No | [source](https://mailchi.mp/liquidfiles/liquidfiles-log4j) | | | 12/14/21 | | Mailcow | Mailcow Solr Docker | < 1.8 | Fixed | Yes | [source](https://community.mailcow.email/d/1229-cve-2021-44228-vulnerability-solr) | | | 12/14/21 | | ManageEngine | ADAudit Plus | Unknown | Fixed | Yes | | Third party components bundle log4j | | 12/14/21 | | ManageEngine | ADManager Plus | Unknown | Fixed | Yes | [source](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | Mitigation: set `-Dlog4j2.formatMsgNoLookups=true` in `jvm.options`. | | 12/14/21 | | ManageEngine | Desktop Central | Unknown | Fixed | Yes | [source](https://pitstop.manageengine.com/portal/en/community/topic/log4j-security-issue) | | | 12/14/21 | | McAfee | Data Exchange Layer (DXL) | Unknown | Fixed | Yes | [source](https://kc.mcafee.com/corporate/index?page=content&id=KB95091) | | | 12/14/21 | | McAfee | Enterprise Security Manager (ESM) | Unknown | Fixed | Yes | [source](https://kc.mcafee.com/corporate/index?page=content&id=KB95091) | | | 12/14/21 | | McAfee | McAfee Active Response (MAR) | Unknown | Fixed | Yes | [source](https://kc.mcafee.com/corporate/index?page=content&id=KB95091) | | | 12/14/21 | | McAfee | Network Security Manager (NSM) | Unknown | Fixed | Yes | [source](https://kc.mcafee.com/corporate/index?page=content&id=KB95091) | | | 12/14/21 | | McAfee | Network Security Platform (NSP) | Unknown | Fixed | Yes | [source](https://kc.mcafee.com/corporate/index?page=content&id=KB95091) | | | 12/14/21 | | McAfee | Threat Intelligence Exchange (TIE) | Unknown | Fixed | Yes | [source](https://kc.mcafee.com/corporate/index?page=content&id=KB95091) | | | 12/14/21 | | McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | Unknown | Fixed | Yes | [source](https://kc.mcafee.com/corporate/index?page=content&id=KB95091) | | | 12/14/21 | | McAfee | ePolicy Orchestrator Application Server (ePO) | <= 5.10 CU10 | Fixed | Yes | [source](https://kc.mcafee.com/corporate/index?page=content&id=KB95091) | | | 12/14/21 | | McAfee | ePolicy Orchestrator Application Server (ePO) | 5.10 CU11 | Fixed | Yes | [source](https://kc.mcafee.com/corporate/index?page=content&id=KB95091) | | | 12/14/21 | | Memurai | All products | | Fixed | Yes | [source](https://www.memurai.com/blog/apache-log4j2-cve-2021-44228) | | | 12/14/21 | | Metabase | Metabase | <0.41.4 | Fixed | Yes | [source](https://github.com/metabase/metabase/releases/tag/v0.41.4) | Mitigations available for earlier versions | | 12/14/21 | | Microsoft | | | Fixed | Yes | [source](https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/), [IOCs](https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/Log4J_IPIOC_Dec112021.yaml) | Microsoft provided additional guidance for preventing, detecting and hunting for exploitation | | 12/14/21 | | Microsoft | Azure AD | Unknown | Fixed | Yes | [source](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | ADFS itself is not vulnerable, federation providers may be | | 12/14/21 | | Microsoft | Azure App Service | Unknown | Fixed | Yes | [source](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | This product itself is not vulnerable, Microsoft provides guidance on remediation for hosted applications | | 12/14/21 | | Microsoft | Azure Application Gateway | Unknown | Fixed | Yes | [source](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | | | 12/14/21 | | Microsoft | Azure Front Door | Unknown | Fixed | Yes | [source](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | | | 12/14/21 | | Microsoft | Azure WAF | Unknown | Fixed | Yes | [source](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | | | 12/14/21 | | Microsoft | Kafka Connect for Azure Cosmo DB | < 1.2.1 | Fixed | Yes | [source](https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md) | | | 12/14/21 | | Minecraft | Java edition | <1.18.1 | Fixed | Yes | [source](https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition) | Mitigations available for earlier versions | | 12/14/21 | | MISP | MISP | All | Not Affected | No | [source](https://twitter.com/MISPProject/status/1470051242038673412) | | | 12/14/21 | | MONARC | MONARC | All | Not Affected | No | [source](https://twitter.com/MONARCproject/status/1470349937443491851) | | | 12/14/21 | | MongoDB | Atlas Search | Unknown | Fixed | Yes | [source](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered. | | 12/14/21 | | MongoDB | Atlas | Unknown | Not Affected | No | [source](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | Including Atlas Database, Data Lake, Charts | | 12/14/21 | | MongoDB | Enterprise Advanced | Unknown | Not Affected | No | [source](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators. | | 12/14/21 | | MongoDB | Community Edition | Unknown | Not Affected | No | [source](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | Including Community Server, Cloud Manager, Community Kubernetes Operators. | | 12/14/21 | | MongoDB | Drivers | Unknown | Not Affected | No | [source](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | 12/14/21 | | MongoDB | Tools | Unknown | Not Affected | No | [source](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors | | 12/14/21 | | MongoDB | Realm | Unknown | Not Affected | No | [source](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | including Realm Database, Sync, Functions, APIs | | 12/14/21 | | Moodle | Moodle | All | Not Affected | No | [source](https://moodle.org/mod/forum/discuss.php?d=429966) | | | 12/14/21 | | -------------------- | -------------------------------------------------------------------- | :--------: | Not Affected | No | -----------------------------------------------------------------------------------------------------------------: | ------------------------------------------------ | | 12/14/21 | | N-able | Backup | Unknown | Not Affected | No | [source](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | 12/14/21 | | N-able | MSP Manager | Unknown | Not Affected | No | [source](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | 12/14/21 | | N-able | Mail Assure | Unknown | Not Affected | No | [source](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | 12/14/21 | | N-able | N-central | Unknown | Not Affected | No | [source](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | 12/14/21 | | N-able | Passportal | Unknown | Not Affected | No | [source](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | 12/14/21 | | N-able | RMM | Unknown | Fixed | Yes | [source](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | 12/14/21 | | N-able | Risk Intelligence | Unknown | Affected | No | [source](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | 12/14/21 | | N-able | Take Control | Unknown | Affected | No | [source](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | 12/14/21 | | Neo4j | Neo4j | > 4.2 | Affected | No | [source](https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856) | Workaround is available, but not released yet. | | 12/14/21 | | Nelson | Nelson | 0.16.185 | Affected | No | [source](https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala) | Workaround is available, but not released yet. | | 12/14/21 | | NetApp | Brocade SAN Naviator | Unknown | Affected | No | [source](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | 12/14/21 | | NetApp | Cloud Manager | Unknown | Affected | No | [source](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | 12/14/21 | | NetApp | Element Plug-in for vCenter Server | Unknown | Affected | No | [source](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | 12/14/21 | | NetApp | Management Services for Element Software and NetApp HCI | Unknown | Affected | No | [source](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | 12/14/21 | | NetApp | NetApp HCI Compute Node | Unknown | Affected | No | [source](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | 12/14/21 | | NetApp | NetApp SolidFire & HCI Management Node | Unknown | Affected | No | [source](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | 12/14/21 | | NetApp | NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO) | Unknown | Affected | No | [source](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | 12/14/21 | | NetApp | NetApp SolidFire, Enterprise SDS & HCI Storage | Unknown | Affected | No | [source](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | 12/14/21 | | NetApp | NetApp SolidFireStorage Replication Adapter | Unknown | Affected | No | [source](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | 12/14/21 | | Netflix | atlas | 1.6.6 | Fixed | Yes | [source](https://github.com/Netflix/atlas/commit/5baff2b656a45886b85968a4b66f33bd36c648be) | | | 12/14/21 | | Netflix | dgs-framework | < 4.9.11 | Fixed | Yes | [fix](https://github.com/Netflix/dgs-framework/releases/tag/v4.9.11) | | | 12/14/21 | | Netflix | spectator | < 1.0.9 | Fixed | Yes | [fix](https://github.com/Netflix/spectator/releases/tag/v1.0.9) | | | 12/14/21 | | Netflix | zuul | Unknown | Fixed | Yes | [source](https://github.com/Netflix/zuul/commit/280f20cd51deb7e72275625d5ec556aae06f6a29) | | | 12/14/21 | | NetIQ | Access Manager | > 4.5.x & > 5.0.x | Fixed | Yes | [workaround](https://portal.microfocus.com/s/article/KM000002997) | | | 12/14/21 | | Netwrix | Netwrix Auditor | | Not Affected | No | [source](http://www.publicnow.com/view/EA90CB461F5F0A1BA339E2AC55C719CA5AD58CE4) | | | 12/14/21 | | New Relic | Java Agent | 6.5.1 & 7.4.1 | Fixed | Yes | [source](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-03/) | | | 12/14/21 | | NextGen Healthcare | Mirth | Unknown | Fixed | Yes | [source](https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526) | | | 12/14/21 | | NSA | Ghidra | < 10.1 | Fixed | Yes | [source](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning), [fix](https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.1_build) | | | 12/14/21 | | Nutanix | AOS | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patch pending | | 12/14/21 | | Nutanix | AHV | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Investigating | | 12/14/21 | | Nutanix | Prism Central | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patch pending | | 12/14/21 | | Nutanix | Flow Security Central | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | 12/14/21 | | Nutanix | Files | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Investigating | | 12/14/21 | | Nutanix | Objects | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Investigating | | 12/14/21 | | Nutanix | Volumes | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patch pending | | 12/14/21 | | Nutanix | Mine | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Investigating | | 12/14/21 | | Nutanix | Era | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Investigating | | 12/14/21 | | Nutanix | X-Ray | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Investigating | | 12/14/21 | | Nutanix | LCM | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Investigating | | 12/14/21 | | Nutanix | Move | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Investigating | | 12/14/21 | | Nutanix | NCC | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Investigating | | 12/14/21 | | Nutanix | Foundation | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Investigating | | 12/14/21 | | Nutanix | Karbon | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patch pending | | 12/14/21 | | Nutanix | Leap | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patch pending | | 12/14/21 | | Nutanix | Calm | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patch pending | | 12/14/21 | | Nutanix | Beam | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patch pending | | 12/14/21 | | Nutanix | Frame | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | 12/14/21 | | Nutanix | Sizer | Unknown | Fixed | Yes | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | See advisory | | 12/14/21 | | Nutanix | Insights | All versions | Affected | No | [source](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patch pending | | 12/14/21 | | NXLog | NXLog Manager | 5.x | Affected | No | [source](https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228) | | | 12/14/21 | | Obsidian Dynamics | kafdrop | all | Affected | No | [source](https://github.com/obsidiandynamics/kafdrop/issues/315) | | | 12/14/21 | | Okta | AD Agent | Unknown | Affected | No | [source](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/14/21 | | Okta | Access Gateway | Unknown | Affected | No | [source](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/14/21 | | Okta | Advanced Server Access | Unknown | Affected | No | [source](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/14/21 | | Okta | Browser Plugin | Unknown | Affected | No | [source](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/14/21 | | Okta | IWA Web Agent | Unknown | Affected | No | [source](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/14/21 | | Okta | LDAP Agent | Unknown | Affected | No | [source](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/14/21 | | Okta | Mobile | Unknown | Affected | No | [source](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/14/21 | | Okta | On-Prem MFA Agent | <1.4.6 | Fixed | Yes | [source](https://sec.okta.com/articles/2021/12/log4shell), [fix](https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228) | | | 12/14/21 | | Okta | Radius Server Agent | 2.17.0 | Fixed | Yes | [source/fix](https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228) | | | 12/14/21 | | Okta | Verify | Unknown | Fixed | Yes | [source](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/14/21 | | Okta | Workflow | Unknown | Fixed | Yes | [source](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/14/21 | | Okta | RADIUS Server Agent | <2.17.0 | Fixed | Yes | [source](https://sec.okta.com/articles/2021/12/log4shell), [fix](https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228) | | | 12/14/21 | | OpenMRS | Talk | 2.4.0-2.4.1 | Affected | No | [source](https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341) | Mitigations are available, pending a new release | | 12/14/21 | | OpenNMS | Horizon (including derived Sentinels) | < 29.0.3 | Fixed | Yes | [source](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) | Workarounds are available too for earlier versions | | 12/14/21 | | OpenNMS | Meridian (including derived Minions and Sentinels) | < 2021.1.8, 2020.1.15, 2019.1.27 | Fixed | Yes | [source](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) | Workarounds are available too for earlier versions | | 12/14/21 | | OpenNMS | Minion appliance | Unknown | Fixed | Yes | [source](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) | | | 12/14/21 | | OpenNMS | PoweredBy OpenNMS | Unknown | Fixed | Yes | [source](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) | | | 12/14/21 | | OpenSearch | OpenSearch | < 1.2.1 | Fixed | Yes | [source](https://opensearch.org/blog/releases/2021/12/update-to-1-2-1/) | | | 12/14/21 | | Oracle | Database | Unknown | Fixed | Yes | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Fusion Middleware | Unknown | Fixed | Yes | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 209768.1](https://support.oracle.com/rs?type=doc&id=209768.1), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle Enterprise Manager | Unknown | Fixed | Yes | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 209768.1](https://support.oracle.com/rs?type=doc&id=209768.1), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle WebLogic Server | Unknown | Fixed | Yes | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 209768.1](https://support.oracle.com/rs?type=doc&id=209768.1), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle HTTP Server | Unknown | Fixed | Yes | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 209768.1](https://support.oracle.com/rs?type=doc&id=209768.1), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle Internet Directory | Unknown | Fixed | Yes | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 209768.1](https://support.oracle.com/rs?type=doc&id=209768.1), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle SOA Suite | Unknown | Affected | No | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle Fusion Middleware Infrastructure | Unknown | Affected | No | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle Access Manager | Unknown | Affected | No | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle eBusiness Suite | Unknown | Affected | No | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle Policy Automation (OPA) | Unknown | Affected | No | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | NoSQL Database | Unknown | Affected | No | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle WebCenter Portal | Unknown | Affected | No | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1) | | | 12/14/21 | | Oracle | Oracle Data Integrator (ODI) | Unknown | Fixed | Yes | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1), [Support Note 2827793.1](https://support.oracle.com/rs?type=doc&id=2827793.1) | [Patch Available, Support Note 2827793.1] () | | 12/14/21 | | Oracle | Oracle WebCenter Sites | Unknown | Fixed | Yes | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1), [Support Note 2827793.1](https://support.oracle.com/rs?type=doc&id=2827793.1) | [Patch Available, Support Note 2827793.1] () | | 12/14/21 | | Oracle | Oracle Enterprise Repository | Unknown | Fixed | Yes | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1), [Support Note 2827793.1](https://support.oracle.com/rs?type=doc&id=2827793.1) | [Patch Available, Support Note 2827793.1] () | | 12/14/21 | | Oracle | Oracle JDeveloper | Unknown | Fixed | Yes | [source](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html), [Support note 2827611.1](https://support.oracle.com/rs?type=doc&id=2827611.1), [Support Note 2827793.1](https://support.oracle.com/rs?type=doc&id=2827793.1) | [Patch Available, Support Note 2827793.1] () | | 12/14/21 | | openHAB | openHAB | 3.0.4, 3.1.1 | Fixed | Yes | [source](https://github.com/openhab/openhab-distro/security/advisories/GHSA-j99j-qp89-pcfq) | | | 12/14/21 | | OTRS | All products | | Fixed | Yes | [source](https://portal.otrs.com/external) | | | 12/14/21 | | OWASP | ZAP | < 2.11.1 | Fixed | Yes | [source](https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/) | | | 12/14/21 | | PagerDuty | Rundeck | 3.3+ | Fixed | Yes | [source](https://github.com/rundeck/rundeck/pull/7427) | No statement from PagerDuty yet. | | 12/14/21 | | Palo Alto | WildFire Appliance | | Fixed | Yes | [source](https://security.paloaltonetworks.com/CVE-2021-44228) | | | 12/14/21 | | Palo Alto | Prisma Cloud Compute | | Fixed | Yes | [source](https://security.paloaltonetworks.com/CVE-2021-44228) | | | 12/14/21 | | Palo Alto | Prisma Cloud | | Fixed | Yes | [source](https://security.paloaltonetworks.com/CVE-2021-44228) | | | 12/14/21 | | Palo Alto | PAN-OS | | Fixed | Yes | [source](https://security.paloaltonetworks.com/CVE-2021-44228) | | | 12/14/21 | | Palo Alto | GlobalProtect App | | Fixed | Yes | [source](https://security.paloaltonetworks.com/CVE-2021-44228) | | | 12/14/21 | | Palo Alto | Cortex XSOAR | | Fixed | Yes | [source](https://security.paloaltonetworks.com/CVE-2021-44228) | | | 12/14/21 | | Palo Alto | Cortex XDR Agent | | Fixed | Yes | [source](https://security.paloaltonetworks.com/CVE-2021-44228) | | | 12/14/21 | | Palo Alto | CloudGenix | | Fixed | Yes | [source](https://security.paloaltonetworks.com/CVE-2021-44228) | | | 12/14/21 | | Palo Alto | Bridgecrew | | Fixed | Yes | [source](https://security.paloaltonetworks.com/CVE-2021-44228) | | | 12/14/21 | | PaperCut | PaperCut MF | >= 21.0 | Fixed | Yes | [source](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | 12/14/21 | | PaperCut | PaperCut NG | >= 21.0 | Fixed | Yes | [source](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | 12/14/21 | | PaperCut | PaperCut Hive | | Not Affected | No | [source](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | 12/14/21 | | PaperCut | PaperCut Pocket | | Not Affected | No | [source](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | 12/14/21 | | PaperCut | PaperCut Views | | Not Affected | No | [source](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | 12/14/21 | | PaperCut | PaperCut Print Logger | | Not Affected | No | [source](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | 12/14/21 | | PaperCut | PaperCut MobilityPrint | | Not Affected | No | [source](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | 12/14/21 | | PaperCut | PaperCut MultiVerse | | Not Affected | No | [source](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | 12/14/21 | | PaperCut | PaperCut Online Services | | Not Affected | No | [source](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | 12/14/21 | | Parallels | Remote Application Server | All versions | Not Affected | No | [source](https://kb.parallels.com/en/128696) | | | 12/14/21 | | Pega | Pega Platform | On Prem | Fixed | Yes | [source](https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability) | | | 12/14/21 | | Planon Software | Planon Universe | all | Not Affected | No | [source](https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/) | | | 12/14/21 | | Plex | Industrial IoT | | Not Affected | No | [source](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | Mitigation already applied, patch will be issued today | | 12/14/21 | | Postgres | PostgreSQL JDBC | | Not Affected | No | [source](https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/) | | | 12/14/21 | | Progress | OpenEdge | | Fixed | Yes | [source](https://www.progress.com/security), [mitigations](https://knowledgebase.progress.com/articles/Knowledge/Is-OpenEdge-vulnerable-to-CVE-2021-44228-Log4j) | | | 12/14/21 | | Progress | DataDirect Hybrid Data Pipeline | | Fixed | Yes | [source](https://www.progress.com/security), [mitigations](https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j) | | | 12/14/21 | | Portex | Portex | <3.0.2 | Fixed | Yes | [source](https://github.com/katjahahn/PortEx/releases) | | | 12/14/21 | | Pulse Secure | Pulse Secure Virtual Traffic Manager | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Pulse Secure Services Director | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Pulse Secure Web Application Firewall | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Pulse Connect Secure | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Ivanti Connect Secure (ICS) | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Pulse Policy Secure | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Pulse Desktop Client | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Pulse Mobile Client | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Pulse One | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Pulse ZTA | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Ivanti Neurons for ZTA | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Pulse Secure | Ivanti Neurons for secure Access | | Fixed | Yes | [source](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/) | | | 12/14/21 | | Puppet | Continuous Delivery for Puppet Enterprise | 3.x, < 4.10.2 | Fixed | Yes | [source](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/), [workaround](https://puppet.com/docs/continuous-delivery/4.x/cd_release_notes.html#cd_release_notes-version-4-10-3),[mitigations](https://support.puppet.com/hc/en-us/articles/360046708133-Puppet-Response-to-CVE-2021-44228-FAQ/) | Update available for version 4.x, mitigations for 3.x which is EOL | | 12/14/21 | | Puppet | Puppet agents | | Fixed | Yes | [source](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | 12/14/21 | | Puppet | Puppet Enterprise | | Fixed | Yes | [source](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | 12/14/21 | | PTV xServer internet 1 / PTV xServer internet 2 | PTV xServer internet 1 / PTV xServer internet 2 | Unknown | Fixed | Yes | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV TLN planner internet | PTV TLN planner internet | Unknown | Fixed | Yes | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Route Optimizer SaaS / Demonstrator | PTV Route Optimizer SaaS / Demonstrator | Unknown | Fixed | Yes | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Developer | PTV Developer | Unknown | Fixed | Yes | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Visum Publisher | PTV Visum Publisher | Unknown | Fixed | Yes | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV xServer 2.x (on prem) | PTV xServer 2.x (on prem) | Unknown | Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV xServer 1.34 (on prem) | PTV xServer 1.34 (on prem) | Unknown | Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV MaaS Modeller | PTV MaaS Modeller | Unknown | Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Route Optimiser CL | PTV Route Optimiser CL | Unknown | Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Route Optimiser ST | PTV Route Optimiser ST | Unknown | Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Map&Market | PTV Map&Market | Unknown | Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Arrival Board / Trip Creator / EM Portal | PTV Arrival Board / Trip Creator / EM Portal | Unknown | Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Drive&Arrive | PTV Drive&Arrive | Unknown | Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV xServer < 1.34 (on prem) | PTV xServer < 1.34 (on prem) | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Road Editor | PTV Road Editor | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Map&Guide internet | PTV Map&Guide internet | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Map&Guide intranet | PTV Map&Guide intranet | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Navigator Licence Manager | PTV Navigator Licence Manager | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Navigator App | PTV Navigator App | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Drive&Arrive App | PTV Drive&Arrive App | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Visum | PTV Visum | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Vissim | PTV Vissim | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Vistro | PTV Vistro | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Viswalk | PTV Viswalk | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Balance and PTV Epics | PTV Balance and PTV Epics | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Hyperpath | PTV Hyperpath | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV TRE and PTV Tre-Addin | PTV TRE and PTV Tre-Addin | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | PTV Optima | PTV Optima | Unknown | Not Affected | No | [source](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | 12/14/21 | | QlikTech International | Compose | | Not Affected | No | [source](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | 12/14/21 | | QlikTech International | Nprinting | | Not Affected | No | [source](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | 12/14/21 | | QlikTech International | QEM products | | Not Affected | No | [source](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | 12/14/21 | | QlikTech International | Qlik Replicate | | Not Affected | No | [source](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | 12/14/21 | | QlikTech International | Qlik Sense Enterprise | | Not Affected | No | [source](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | 12/14/21 | | QlikTech International | QlikView | | Not Affected | No | [source](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | 12/14/21 | | QOS.ch | SLF4J Simple Logging Facade for Java | | Not Affected | No | [source](http://slf4j.org/log4shell.html) | SLF4J API doesn't protect against the vulnerability when using a vulnerable version of log4j | | 12/14/21 | | Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6 | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5 | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat OpenStack Platform 13 (Queens) opendaylight | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat OpenShift Logging logging-elasticsearch6-container | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat build of Quarkus | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat Descision Manager 7 | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat Process Automation 7 | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | A-MQ Clients 2 | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat CodeReady Studio 12 | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat Data Grid 8 | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat Integration Camel K | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat Integration Camel Quarkus | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat JBoss A-MQ Streaming | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat JBoss Fuse 7 | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat OpenShift Application Runtimes | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat Single Sign-On 7 | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Red Hat | Red Hat JBoss Enterprise Application Platform 6 | | Affected | No | [source](https://access.redhat.com/security/cve/cve-2021-44228) | | | 12/14/21 | | Redis | Redis Enterprise & Open Source | all | Affected | No | [source](https://redis.com/security/notice-apache-log4j2-cve-2021-44228/) | Redis Enterprise and Open Source Redis (self-managed software product) does not use Java and is therefore not impacted by this vulnerability | | 12/14/21 | | RSA | SecurID Authentication Manager | | Affected | No | [source](https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501) | Version 8.6 Patch 1 contains a version of log4j that is vulnerable, but this vulnerability is not exploitable. | | 12/14/21 | | RSA | SecurID Authentication Manager Prime | | Affected | No | [source](https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501) | | | 12/14/21 | | RSA | SecurID Authentication Manager WebTier | | Affected | No | [source](https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501) | | | 12/14/21 | | RSA | SecurID Identity Router (On-Prem component of Cloud Authentication Service) | | Affected | No | [source](https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501) | | | 12/14/21 | | RSA | SecurID Governance and Lifecycle (SecurID G&L) | | Affected | No | [source](https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501) | | | 12/14/21 | | RSA | SecurID Governance and Lifecycle Cloud (SecurID G&L Cloud) | | Affected | No | [source](https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501) | | | 12/14/21 | | Safe | FME Server | | Affected | No | [source](https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j) | | | 12/14/21 | | Salesforce | All products | | Affected | No | [source](https://status.salesforce.com/generalmessages/826) | | | 12/14/21 | | SAS Institute | JMP | | Not Affected | No | [source](https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html) | | | 12/14/21 | | SAS Institute | SAS Profile | | Fixed | Yes | [source](https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html) | | | 12/14/21 | | SAS Institute | SAS Cloud Solutions | | Fixed | Yes | [source](https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html) | | | 12/14/21 | | Security Onion Solutions | Security Onion | 2.3.90 20211210 | Fixed | Yes | [source](https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html) | | | 12/14/21 | | Shibboleth | Shibboleth IdP/SP | | Fixed | Yes | [source](https://shibboleth.net/pipermail/announce/2021-December/000253.html) | | | 12/14/21 | | SolarWinds | Database Performance Analyzer | 2021.1.x, 2021.3.x, 2022.1.x | Fixed | Yes | [source](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228), [workaround](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | | 12/14/21 | | SolarWinds | Server & Application Monitor | >= 2020.2.6 | Fixed | Yes | [source](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228), [workaround](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | | 12/14/21 | | SolarWinds | Orion Platform core | | Not Affected | No | [source](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | | | 12/14/21 | | SonarSource | SonarQube | | Fixed | Yes | [source](https://community.sonarsource.com/t/sonarqube-sonarcloud-and-the-log4j-vulnerability/54721) | | | 12/14/21 | | SonarSource | SonarCloud | | Fixed | Yes | [source](https://community.sonarsource.com/t/sonarqube-sonarcloud-and-the-log4j-vulnerability/54721) | | | 12/14/21 | | SonicWall | Gen5 Firewalls (EOS) | | Fixed | Yes | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | Gen6 Firewalls | | Fixed | Yes | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | Gen7 Firewalls | | Fixed | Yes | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | SonicWall Switch | | Fixed | Yes | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | SMA 100 | | Fixed | Yes | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | SMA 1000 | 12.1.0, 12.4.1 | Fixed | Yes | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | Email Security | 10.x | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | MSW | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | NSM | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | Analyzer | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | Analytics | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | GMS | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | Capture Client & Capture Client Portal | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | CAS | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | WAF | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | Access Points | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | WNM | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | Capture Security Appliance | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | WXA | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | SonicWall | SonicCore | | Affected | No | [source](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | | | 12/14/21 | | Sophos | Sophos Central | | Affected | No | [source](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | | | 12/14/21 | | Sophos | Sophos Firewall | All | Affected | No | [source](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | | | 12/14/21 | | Sophos | SG UTM | All | Affected | No | [source](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | | | 12/14/21 | | Sophos | SG UTM Manager (SUM) | All | Affected | No | [source](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | | | 12/14/21 | | Sophos | Sophos ZTNA | | Affected | No | [source](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | | | 12/14/21 | | Sophos | Cloud Optix | | Fixed | Yes | [source](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | | | 12/14/21 | | Sophos | Sophos Home | | Fixed | Yes | [source](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | | | 12/14/21 | | Sophos | Sophos Mobile | | Fixed | Yes | [source](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | | | 12/14/21 | | Sophos | Sophos Mobile EAS Proxy | 9.7.2 | Fixed | Yes | [source](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | | | 12/14/21 | | Sophos | Reflexion | | Fixed | Yes | [source](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | | | 12/14/21 | | Splunk | Add-On: Java Management Extensions | 3.0.0, 2.1.0 | Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Add-On: JBoss | 3.0.0, 2.1.0 | Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Add-On: Tomcat | 3.0.0, 2.1.0 | Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Data Stream Processor | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | IT Service Intelligence (ITSI) | 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x | Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Connect for Kafka | <2.0.4 | Fixed | Yes | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Enterprise | All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used. | Fixed | Yes | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Enterprise Amazon Machine Image (AMI) | see Splunk Enterprise | Fixed | Yes | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Enterprise Docker Container | see Splunk Enterprise | Fixed | Yes | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Logging Library for Java | <1.11.1 | Fixed | Yes | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Stream Processor Service | Current | Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Admin Config Service | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Analytics Workspace | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Behavior Analytics | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Dashboard Studio | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Developer Tools: AppInspect | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Enterprise Security | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Intelligence Management (TruSTAR) | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | KV Service | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Mission Control | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | MLTK | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Operator for Kubernetes | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Security Analytics for AWS | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | SignalFx Smart Agent | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | SOAR Cloud (Phantom) | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | SOAR (On-Premises) | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Application Performance Monitoring | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Augmented Reality | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Cloud Data Manager (SCDM) | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Connect for Kubernetes | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Connect for SNMP | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Connect for Syslog | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk DB Connect | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Enterprise Cloud | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Heavyweight Forwarder (HWF) | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Infrastructure Monitoring | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Log Observer | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Mint | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Mobile | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Network Performance Monitoring | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk On-Call/Victor Ops | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Open Telemetry Distributions | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Profiling | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Real User Monitoring | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Secure Gateway (Spacebridge) | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Synthetics | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk TV | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk Universal Forwarder (UF) | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Splunk | Splunk User Behavior Analytics (UBA) | all | Not Affected | No | [source](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/14/21 | | Stardog | Stardog | <7.8.1 | Fixed | Yes | [source](https://community.stardog.com/t/stardog-7-8-1-available/3411) | | | 12/14/21 | | Synacor | Zimbra | 8.8.15 and 9.x | Not Affected | No | [source](https://forums.zimbra.org/viewtopic.php?f=15&t=70240&start=10#p303354) | Zimbra stated (in their private support portal) they're not vulnerable. Currently supported Zimbra versions ship 1.2.6 | | 12/14/21 | | Synology | DSM | | Not Affected | No | [source](https://www.synology.com/en-global/security/advisory/Synology_SA_21_30) | The base DSM is not affected. Software installed via the package manager may be vulnerable. | | 12/14/21 | | Talend | Talend Component Kit | | Fixed | Yes | [source](https://jira.talendforge.org/browse/TCOMP-2054) | | | 12/14/21 | | Tealium | All products | | Fixed | Yes | [source](https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824) | | | 12/14/21 | | TheHive | Cortex | all | Not Affected | No | [source](https://blog.strangebee.com/apache-log4j-cve-2021-44228/) | | | 12/14/21 | | TheHive | TheHive | all | Not Affected | No | [source](https://blog.strangebee.com/apache-log4j-cve-2021-44228/) | | | 12/14/21 | | Topicus Security | Topicus KeyHub | all | Not Affected | No | [source](https://blog.topicus-keyhub.com/topicus-keyhub-is-not-vulnerable-to-cve-2021-44228/) | | | 12/14/21 | | TrendMicro | ActiveUpdate | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Apex Central (including as a Service) | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Apex One (all versions including Mac and Saas) | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Cloud App Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Cloud Edge | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Cloud One - Application Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Cloud One - Common Services | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Cloud One - Conformity | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Cloud One - Container Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Cloud One - File Storage Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Cloud One - Network Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Cloud One - Workload Secuity | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Cloud Sandbox | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Deep Discovery Advisor | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Deep Discovery Analyzer | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Deep Discovery Director | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Deep Discovery Email Inspector | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Deep Discovery Inspector | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Deep Discovery Web Inspector | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Deep Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Endpoint Application Control | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Fraudbuster | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Home Network Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Housecall | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Instant Messaging Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Internet Security for Mac (Consumer) | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Interscan Messaging Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Interscan Messaging Security Virtual Appliance (IMSVA) | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Interscan Web Security Suite | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Interscan Web Security Virtual Appliance (IWSVA) | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Mobile Secuirty for Enterprise | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | MyAccount (Consumer Sign-on) | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Network Viruswall | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | OfficeScan | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Password Manager | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Phish Insight | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Policy Manager | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Portable Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | PortalProtect | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Remote Manager | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Rescue Disk | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Rootkit Buster | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Safe Lock | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Safe Lock 2.0 | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Sandbox as a Service | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | ScanMail for Domino | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | ScanMail for Exchange | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Secuirty for Mac | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Security for NAS | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | ServerProtect (all versions) | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Smart Home Network | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Smart Protection Complete | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Smart Protection for Endpoints | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Smart Protection Server (SPS) | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | TippingPoint (all variations) | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | TMUSB | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Trend Micro Email Security & HES | | Fixed | Yes | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Trend Micro ID Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Trend Micro Remote Manager | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Trend Micro Web Security | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Vision One | | Fixed | Yes | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Vulnerability Protection | | Fixed | Yes | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Worry-Free Business Security (on-prem) | | Fixed | Yes | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | TrendMicro | Worry-Free Business Security Services | | Not Affected | No | [source](https://success.trendmicro.com/solution/000289940) | | | 12/14/21 | | Ubiquiti | UniFi Network Application | 6.5.54 | Fixed | Yes | [source](https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1) | | | 12/14/21 | | US Signal | Remote Management and Monitoring platform | | Fixed | Yes | [source](https://ussignal.com/blog/apache-log4j-vulnerability) | | | 12/14/21 | | USoft | USoft | 9.1.1F | Affected | No | [proof]() | Found by manual scanning | | 12/14/21 | | Veeam | All products | | Affected | No | [source](https://community.veeam.com/blogs-and-podcasts-57/log4j-vulnerability-what-do-you-need-to-know-1851) | Veeam is still investigating, but it looks like the Veeam products don't use log4j | | 12/14/21 | | VMware | API Portal for VMware Tanzu | 1.x | Affected | No | [source](https://kb.vmware.com/s/article/87068) | | | 12/14/21 | | VMware | AppDefense Appliance | 2.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-AppDefense/ta-p/109180) | | | 12/14/21 | | VMware | App Metrics | 2.1.1 | Fixed | Yes | [source](https://kb.vmware.com/s/article/87068), [fix](https://network.pivotal.io/products/apm) | | | 12/14/21 | | VMware | Carbon Black Cloud Workload Appliance | 1.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-VMware-Carbon-Black-Cloud/ta-p/109167) | | | 12/14/21 | | VMware | Carbon Black EDR Server | 7.x, 6.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Mitigation-Steps-for-VMware-Carbon-Black-EDR/ta-p/109168), [fix](https://community.carbonblack.com/t5/Endpoint-Detection-and-Response/VMware-Carbon-Black-EDR-Announcing-General-Availability-of-EDR/td-p/109189) | Fixed in 7.6.0 | | 12/14/21 | | VMware | Cloud Foundation | 4.x, 3.x | Fixed | Yes | [source](https://kb.vmware.com/s/article/87068), [workaround](https://kb.vmware.com/s/article/87095) | | | 12/14/21 | | VMware | Cloud Gateway for VMware Tanzu | 1.x | Affected | No | [source](https://kb.vmware.com/s/article/87068) | | | 12/14/21 | | VMware | Cloud Services for VMware Tanzu | 3.x | Affected | No | [source](https://kb.vmware.com/s/article/87068) | | | 12/14/21 | | VMware | HCX | 4.x, 3.x | Affected | No | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/14/21 | | VMware | Healthwatch for Tanzu Application Service | 2.1.7, 1.8.6 | Fixed | Yes | [source](https://kb.vmware.com/s/article/87068), [fix](https://network.pivotal.io/products/p-healthwatch) | | | 12/14/21 | | VMware | Horizon | 8.x, 7.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87073) | | | 12/14/21 | | VMware | Horizon Cloud Connector | 1.x, 2.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [fix](https://customerconnect.vmware.com/downloads/details?downloadGroup=HCS-CC-210&productId=716&rPId=79131#product_downloads) | | | 12/14/21 | | VMware | Horizon DaaS | 9.1.x, 9.0.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87101) | | | 12/14/21 | | VMware | Identity Manager | 3.3.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87093) | | | 12/14/21 | | VMware | NSX Data Center for vSphere | 6.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87099) | | | 12/14/21 | | VMware | NSX-T Data Center | 3.x, 2.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87086) | | | 12/14/21 | | VMware | Single Sign-On for VMware Tanzu Application Service | 1.x | Affected | No | [source](https://kb.vmware.com/s/article/87068) | | | 12/14/21 | | VMware | Site Recovery Manager | 8.x | Affected | No | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87098) | | | 12/14/21 | | VMware | Spring Boot | < 2.5.8, < 2.6.2 | Fixed | Yes | [source](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | 12/14/21 | | VMware | Spring Cloud Gateway for Kubernetes | 1.x | Affected | No | [source](https://kb.vmware.com/s/article/87068) | | | 12/14/21 | | VMware | Tanzu Application Service for VMs | 2.x | Fixed | Yes | [source](https://kb.vmware.com/s/article/87068), [workaround](https://community.pivotal.io/s/article/Workaround-instructions-to-address-CVE-2021-44228-in-Tanzu-Application-Service-2-7-through-2-12?language=en_US), [fix](https://network.pivotal.io/products/elastic-runtime) | | | 12/14/21 | | VMware | Tanzu GemFire | 8.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://community.pivotal.io/s/article/Workaround-to-address-CVE-2021-44228-Apache-Log4j-Remote-Code-Execution-for-all-GemFire-versions?language=en_US) | | | 12/14/21 | | VMware | Tanzu Greenplum | 6.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://community.pivotal.io/s/article/Workaround-to-address-CVE-2021-44228-Apache-Log4j-Remote-Code-Execution-for-All-Greenplum-Versions?language=en_US) | | | 12/14/21 | | VMware | Tanzu Kubernetes Grid Integrated Edition | 2.x | Fixed | Yes | [source](https://kb.vmware.com/s/article/87068), [workaround](https://community.pivotal.io/s/article/Workaround-instructions-to-address-CVE-2021-44228-in-Tanzu-Application-Service-2-7-through-2-12?language=en_US) | | | 12/14/21 | | VMware | Tanzu Observability by Wavefront Nozzle | 3.0.3 | Fixed | Yes | [source](https://kb.vmware.com/s/article/87068), [fix](https://network.pivotal.io/products/wavefront-nozzle) | | | 12/14/21 | | VMware | Tanzu Operations Manager | 2.x | Fixed | Yes | [source](https://kb.vmware.com/s/article/87068), [workaround](https://community.pivotal.io/s/article/5004y00001mPn2N1639255611105?language=en_US), [fix](https://network.pivotal.io/products/ops-manager/) | | | 12/14/21 | | VMware | Tanzu SQL with MySQL for VMs | 2.x, 1.x | Affected | No | [source](https://kb.vmware.com/s/article/87068) | | | 12/14/21 | | VMware | Telco Cloud Automation | 2.x, 1.x | Affected | No | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/14/21 | | VMware | Unified Access Gateway | 21.x, 20.x, 3.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87092) | | | 12/14/21 | | VMware | vCenter Cloud Gateway | 1.x | Fixed | Yes | [source](https://kb.vmware.com/s/article/87068), [workaround](https://kb.vmware.com/s/article/87081) | | | 12/14/21 | | VMware | vCenter Server | 6.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87096?lang=en_US) | Running on: Windows | | 12/14/21 | | VMware | vCenter Server | 7.x, 6.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87081?lang=en_US) | Running on: Virtual Appliance | | 12/14/21 | | VMware | vCloud Director | all | Not Affected | No | [source](https://kb.vmware.com/s/article/87068?lang=en_US) | | | 12/14/21 | | VMware | vCloud Workstation | all | Not Affected | No | [source](https://kb.vmware.com/s/article/87068?lang=en_US) | | | 12/14/21 | | VMware | vRealize Automation | 8.x, 7.x | Affected | No | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/14/21 | | VMware | vRealize Lifecycle Manager | 8.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87097) | | | 12/14/21 | | VMware | vRealize Log Insight | 8.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87089) | | | 12/14/21 | | VMware | vRealize Operations | 8.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87076) | | | 12/14/21 | | VMware | vRealize Operations Cloud Proxy | Any | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87080) | | | 12/14/21 | | VMware | vRealize Orchestrator | 8.x, 7.x | Affected | No | [source](https://kb.vmware.com/s/article/87068) | | | 12/14/21 | | VMware | vSphere ESXi | Unknown | Affected | No | [source](https://kb.vmware.com/s/article/87068) | | | 12/14/21 | | VMware | Workspace ONE Access | 21.x, 20.x | Fixed | Yes | [source](https://www.vmware.com/security/advisories/VMSA-2021-0028.html), [workaround](https://kb.vmware.com/s/article/87090) | | | 12/14/21 | | VMware | Workspace ONE Access Connector (VMware Identity Manager Connector) | 19.03.0.1, 20.x, 21.x | Fixed | Yes | [source](https://kb.vmware.com/s/article/87068), [workaround](https://kb.vmware.com/s/article/87091) | | | 12/14/21 | | Watcher | [Watcher](https://github.com/thalesgroup-cert/Watcher) | all | Not Affected | No | [source](https://twitter.com/felix_hrn/status/1470387338001977344) | | | 12/14/21 | | Wind River | Wind River Linux | <= 8 | Not Affected | No | [source](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | "contain package log4j, but their version is 1.2.x, too old to be affected" | | 12/14/21 | | Wind River | Wind River Linux | > 8 | Not Affected | No | [source](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | no support for log4j | | 12/14/21 | | WitFoo | WitFoo Precinct | 6.x | Fixed | Yes | [source](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable | | 12/14/21 | | Wowza | Wowza Streaming Engine | 4.7.8, 4.8.x | Fixed | Yes | [source](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | 12/14/21 | | Yahoo | Vespa | | Not Affected | No | [source](https://blog.vespa.ai/log4j-vulnerability/) | Your Vespa application may still be affected if log4j is included in your application package | | 12/14/21 | | Zabbix | Zabbix | | Not Affected | No | [source](https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/) | Zabbix is aware of this vulnerability, has completed verification, and can conclude that the only product where we use Java is Zabbix Java Gateway, which does not utilize the log4j library, thereby is not impacted by this vulnerability. | | 12/14/21 | | Zammad | Zammad | | Fixed | Yes | [source](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | Most of Zammad instances make use of Elasticsearch which might be vulnerable. | | 12/14/21 | | Zerto | Virtual Replication Appliance | | Not Affected | No | [source](https://help.zerto.com/kb/000004822) | | | 12/14/21 | | Zerto | Zerto Cloud Appliance | | Not Affected | No | [source](https://help.zerto.com/kb/000004822) | | | 12/14/21 | | Zerto | Zerto Cloud Manager | | Not Affected | No | [source](https://help.zerto.com/kb/000004822) | | | 12/14/21 | | Zerto | Zerto Virtual Manager | | Not Affected | No | [source](https://help.zerto.com/kb/000004822) | | | 12/14/21 | | Zesty | Zesty.io | | Not Affected | No | [source](https://www.zesty.io/mindshare/company-announcements/log4j-exploit/) | | | 12/14/21 |