--- version: '1.0' owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: - vendor: ABB product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB product: B&R Products cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB product: Remote Service cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Abbott product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html notes: Details are shared with customers with an active RAP subscription. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Abbott product: GLP Track System cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - Track Sample Manager (TSM) - Track Workflow Manager (TWM) fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html notes: Abbott will provide a fix for this in a future update expected in January 2022. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Abnormal Security product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accellence Technologies product: EBÜS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - All unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-party software setups, which may be affected. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accellence Technologies product: Vimacc cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accellion product: Kiteworks cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - v7.6 release unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" to disable the possible attack vector on both CentOS 6 and CentOS 7. references: - '' last_updated: '2021-12-16T00:00:00' - vendor: Accruent product: Analytics cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: Asset Enterprise cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: BigCenter cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: EMS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: Evoco cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: Expesite cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: Famis 360 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: Lucernex cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: Maintenance Connection cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: Meridian cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: Single Sign On (SSO, Central Auth) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: SiteFM3 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: SiteFM4 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: Siterra cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: TMS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: VxField cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: VxMaintain cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: VxObserve cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Accruent product: VxSustain cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acquia product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: Backup cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '11.7' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: Cyber Backup cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '12.5' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: Cyber Files cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.6.2 onwards cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: Cyber Infrastructure cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '3.5' - 4.x cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: Cyber Protect cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '15' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: Cyber Protection Home Office cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 2017 onwards cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: DeviceLock DLP cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '9.0' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: Files Connect cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 10.7 onwards cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: MassTransit cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '8.1' - '8.2' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis product: Snap Deploy cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '5' - '6' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ActiveState product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix product: '360' cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix product: Agents cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix product: Application cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix product: IAST - ASP.NET cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix product: IAST - NodeJS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix product: IAST - PHP cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix product: IAST-Java cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - All unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: AcuSensor IAST module needs attention. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adaptec product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Addigy product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adeptia product: Connect cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '3.3' - '3.4' - '3.5' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adeptia product: Suite cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 6.9.9 - 6.9.10 - 6.9.11 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adobe product: Automated Forms Conversion Service cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adobe product: ColdFusion cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adobe product: Experience Manager 6.3 Forms on JEE cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - All versions from 6.3 GA to 6.3.3 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adobe product: Experience Manager 6.4 Forms Designer cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adobe product: Experience Manager 6.4 Forms on JEE cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - All versions from 6.4 GA to 6.4.8 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adobe product: Experience Manager 6.5 Forms Designer cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adobe product: Experience Manager 6.5 Forms on JEE cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - All versions from 6.5 GA to 6.5.11 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adobe product: Experience Manager Forms on OSGi cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adobe product: Experience Manager Forms Workbench cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ADP product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Advanced Micro Devices (AMD) product: All cves: cve-2021-4104: investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 notes: '' references: - '' last_updated: '2022-02-02T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: Active MFT cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.advsyscon.com/hc/en-us/articles/4413631831569 notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: MFT cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.advsyscon.com/hc/en-us/articles/4413631831569 notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: MFT Gateway cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.advsyscon.com/hc/en-us/articles/4413631831569 notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: MFT Server cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.advsyscon.com/hc/en-us/articles/4413631831569 notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2021-12-14T00:00:00' - vendor: AFHCAN Global LLC product: AFHCANcart cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANmobile cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANServer cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANsuite cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANupdate cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC product: AFHCANweb cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Agilysys product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ahsay product: Mobile cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 1.6+ cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ahsay product: Other products cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - version 8.5.4.86 (and above) cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ahsay product: PRD cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '2.0' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AIL product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://twitter.com/ail_project/status/1470373644279119875 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Akamai product: Enterprise Application Access (EAA) Connector cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Akamai product: SIEM Integration Connector cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - <1.7.4 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Akamai product: SIEM Splunk Connector cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - < 1.4.10 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes notes: Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Alcatel product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://dokuwiki.alu4u.com/doku.php?id=log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alertus product: Console cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 5.15.0 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alexion product: Alexion CRM cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alfresco product: Alfresco cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AlienVault product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alphatron Medical product: AmiSconnect cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alphatron Medical product: Custo Diagnostics cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '5.4' - '5.6' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alphatron Medical product: JiveX cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alphatron Medical product: Zorgbericht cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AMS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Work in progress, portion of customers may still be vulnerable. Actively monitoring this issue, and are working on addressing it for any AMS services which use Log4j2. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: API Gateway cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: Athena cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: Athena JDBC Driver cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: All versions vended to customers were not affected. references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: AWS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - Linux 1 - '2' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: AWS AppFlow cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: AWS AppSync cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: AWS Certificate Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: AWS Certificate Manager Private CA cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: AWS CloudHSM cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - < 3.4.1 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS CodeBuild cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS CodePipeline cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS Connect cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation. references: - '' last_updated: '2021-12-23T00:00:00' - vendor: Amazon product: AWS Directory Service cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-23T00:00:00' - vendor: Amazon product: AWS DynamoDB cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS ECS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. references: - '' last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS EKS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. references: - '' last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS Elastic Beanstalk cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Default configuration of applications usage of Log4j versions is not vulnerable. references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS ElastiCache cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS ELB cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS Fargate cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. references: - '' last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS Glue cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. references: - '' last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS Greengrass cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, an update for the Stream Manager feature is included in Greengrass patch versions 1.10.5 and 1.11.5. references: - '' last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS Inspector cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS IoT SiteWise Edge cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS Kinesis Data Streams cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon product: AWS KMS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS Lambda cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: Vulnerable when using aws-lambda-java-log4j2. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS Polly cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS QuickSight cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: AWS RDS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228. references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon product: AWS S3 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon product: AWS SDK cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon product: AWS Secrets Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon product: AWS Service Catalog cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: AWS SNS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon product: AWS SQS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: AWS Systems Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: AWS Systems Manager Agent cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: AWS Textract cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: Chime cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon Chime and Chime SDK services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Cloud Directory cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: CloudFront cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: CloudWatch cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Cognito cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Corretto cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: 10/19 release distribution does not include Log4j. Vulnerable only if customers applications use affected versions of Apache Log4j. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: DocumentDB cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: EC2 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: ECR Public cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon-owned images published under a Verified Account on Amazon ECR Public are not affected by the Log4j issue. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: Elastic Load Balancing cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Services have been updated. All Elastic Load Balancers, as well as Classic, Application, Network and Gateway, are not affected by this Log4j issue. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: EMR cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Many customers are estimated to be vulnerable. Vulnerable only if affected EMR releases are used and untrusted sources are configured to be processed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: EventBridge cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Fraud Detector cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Inspector cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Inspector Classic cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Kafka (MSK) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Applying updates as required, portion of customers may still be vulnerable. Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Kendra cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Keyspaces (for Apache Cassandra) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Kinesis cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Kinesis Data Analytics cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Lake Formation cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Update in progress, portion of customers may still be vulnerable. AWS Lake Formation service hosts are being updated to the latest version of Log4j. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Lex cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Linux (AL1) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Linux (AL2) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: By default not vulnerable, and a new version of Amazon Kinesis Agent which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j issue in JVM layer is available. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Lookout for Equipment cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Macie cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Macie Classic cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Managed Workflows for Apache Airflow (MWAA) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: MemoryDB for Redis cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Monitron cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: MQ cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Neptune cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: NICE cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Recommended to update EnginFrame or Log4j library. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: OpenSearch cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - R20211203-P2 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: Update released, customers need to update their clusters to the fixed release. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Pinpoint cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: RDS Aurora cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: RDS for Oracle cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Redshift cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Rekognition cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Route 53 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: SageMaker cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable only if customers applications use affected versions of Apache Log4j. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Simple Notification Service (SNS) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Systems that serve customer traffic are patched against the Log4j2 issue. Working to apply the patch to sub-systems that operate separately from SNSs systems that serve customer traffic. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Simple Queue Service (SQS) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Simple Workflow Service (SWF) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Single Sign-On cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Step Functions cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Timestream cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: Translate cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/translate/ notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: VPC cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon product: WorkSpaces/AppStream 2.0 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Not affected with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AMD product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 notes: Currently, no AMD products have been identified as affected. AMD is continuing its analysis. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Anaconda product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 4.10.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://docs.conda.io/projects/conda/en/latest/index.html notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: AOMEI product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Apache product: ActiveMQ Artemis cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://activemq.apache.org/news/cve-2021-44228 notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Apache product: Airflow cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: Airflow is written in Python references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Archiva cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 2.2.6 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: Fixed in 2.2.6. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Camel cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel 2 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel JBang cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - <=3.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel K cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel Kafka Connector cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel Karaf cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Camel Quarkus cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Cassandra cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache product: Druid cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 0.22.1 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://github.com/apache/druid/releases/tag/druid-0.22.1 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Apache product: Dubbo cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - All unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://github.com/apache/dubbo/issues/9380 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Apache product: Flink cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 1.15.0 - 1.14.2 - 1.13.5 - 1.12.7 - 1.11.6 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://flink.apache.org/2021/12/10/log4j-cve.html notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. references: - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' last_updated: '2021-12-12T00:00:00' - vendor: Apache product: Fortress cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - < 2.0.7 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: Fixed in 2.0.7. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: Geode cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 1.14.0 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: Fixed in 1.12.6, 1.13.5, 1.14.1. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: Guacamole cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: Hadoop cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: HBase cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: Hive cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 4.x unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: James cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 3.6.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: Jena cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - < 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: JMeter cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: JSPWiki cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 2.11.1 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: Kafka cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://kafka.apache.org/cve-list notes: Uses Log4j 1.2.17. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache product: Log4j 1.x cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://logging.apache.org/log4j/2.x/security.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Log4j 2.x cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 2.17.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://logging.apache.org/log4j/2.x/security.html notes: Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Maven cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: NiFi cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: Fixed in 1.15.1, 1.16.0. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: OFBiz cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - < 18.12.03 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Ozone cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - < 1.2.1 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: Fixed in 1.15.1, 1.16.0. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: SkyWalking cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - < 8.9.1 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: SOLR cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 7.4.0 to 7.7.3 - 8.0.0 to 8.11.0 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. references: - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' last_updated: '2021-12-16T00:00:00' - vendor: Apache product: Spark cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: Uses log4j 1.x references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Struts cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 2.5.28 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Struts 2 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Versions before 2.5.28.1 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://struts.apache.org/announce-2021 notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a General Availability release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). references: - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' last_updated: '2021-12-21T00:00:00' - vendor: Apache product: Tapestry cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 5.7.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Tika cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 2.0.0 and up fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: Tomcat cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://tomcat.apache.org/security-9.html notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Apache product: TrafficControl cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache product: ZooKeeper cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: APC by Schneider Electric product: Powerchute Business Edition cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - v9.5 - v10.0.1 - v10.0.2 - v10.0.3 - v10.0.4 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 notes: Mitigation instructions to remove the affected class. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: APC by Schneider Electric product: Powerchute Network Shutdown cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '4.2' - '4.3' - '4.4' - 4.4.1 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 notes: Mitigation instructions to remove the affected class. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Apereo product: CAS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 6.3.x - 6.4.x unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://apereo.github.io/2021/12/11/log4j-vuln/ notes: Other versions still in active maintainance might need manual inspection. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apereo product: Opencast cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - < 9.10 - < 10.6 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apigee product: Edge and OPDK products cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://status.apigee.com/incidents/3cgzb0q2r10p notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apollo product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.apollographql.com/t/log4j-vulnerability/2214 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Appdynamics product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Appeon product: PowerBuilder cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - Appeon PowerBuilder 2017-2021 regardless of product edition fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: AppGate product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Appian product: Appian Platform cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - All unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Application Performance Ltd product: DBMarlin cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: APPSHEET product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aptible product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Search 5.x unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aqua Security product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arbiter Systems product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arbiter.com/news/index.php?id=4403 notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: ARC Informatique product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 notes: '' references: - '' last_updated: '2022-01-13T00:00:00' - vendor: Arca Noae product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arcserve product: Arcserve Backup cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: Arcserve Continuous Availability cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: Arcserve Email Archiving cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: Arcserve UDP cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 6.5-8.3 cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: ShadowProtect cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: ShadowXafe cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: Solo cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: Arcserve product: StorageCraft OneXafe cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: ArcticWolf product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://arcticwolf.com/resources/blog/log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arduino product: IDE cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 1.8.17 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ariba product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arista product: Analytics Node for Converged Cloud Fabric cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 notes: Formerly Big Cloud Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arista product: Analytics Node for DANZ Monitoring Fabric cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 notes: Formerly Big Monitoring Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arista product: CloudVision Portal cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '>2019.1.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arista product: CloudVision Wi-Fi, virtual or physical appliance cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '>8.8' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arista product: Embedded Analytics for Converged Cloud Fabric cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '>5.3.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 notes: Formerly Big Cloud Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: AirWave Management Platform cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Analytics and Location Engine cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: ArubaOS SD-WAN Gateways cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: ArubaOS-CX Switches cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: ArubaOS-S Switches cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Central cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Central On-Prem cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: ClearPass Policy Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: EdgeConnect cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Fabric Composer (AFC) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: HP ProCurve Switches cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Instant cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Instant Access Points cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Instant On cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: IntroSpect cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - Versions 2.5.0.0 to 2.5.0.6 unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Legacy GMS Products cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Legacy NX cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Legacy VRX cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Legacy VX cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: NetEdit cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Plexxi Composable Fabric Manager (CFM) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: Silver Peak Orchestrator cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: User Experience Insight (UXI) cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: VIA Clients cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ataccama product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atera product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Bamboo Server & Data Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - On Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Bitbucket Server & Data Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - On prem unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence Server & Data Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence-CIS CSAT Pro cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - v1.7.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence-CIS WorkBench cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence-CIS-CAT Lite cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - v3.0.77 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence-CIS-CAT Pro Assessor v4 cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence-CIS-CAT Pro Assessor v4 Service cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - v1.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence-CIS-CAT Pro Dashboard cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence-CIS-Hosted CSAT cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Crowd Server & Data Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Crucible cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Fisheye cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Jira Server & Data Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Attivo Networks product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atvise product: All cves: cve-2021-4104: investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. references: - '' last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://services.audiocodes.com/app/answers/kbdetail/a_id/2225 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autodesk product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html notes: Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Automation Anywhere product: Automation 360 Cloud cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Automation Anywhere product: Automation 360 On Premise cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - '' unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Automation Anywhere product: Automation Anywhere cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - 11.x - <11.3x unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Automox product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autopsy product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Auvik product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://status.auvik.com/incidents/58bfngkz69mj notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avantra SYSLINK product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avaya product: Avaya Analytics cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '3.5' - '3.6' - 3.6.1 - '3.7' - '4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 8.1.3.2 - 8.1.3.3 - '10.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 7.0.2 - 7.0.3 - '7.1' - 7.1.1 - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '8' - 8.0.1 - 8.0.2 - '8.1' - 8.1.3 - 8.1.4 - 8.1.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura for OneCloud Private cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura Media Server cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 8.0.0 - 8.0.1 - 8.0.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura Presence Services cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '10.1' - 7.1.2 - '8' - 8.0.1 - 8.0.2 - '8.1' - 8.1.1 - 8.1.2 - 8.1.3 - 8.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura Session Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '10.1' - 7.1.3 - '8' - 8.0.1 - '8.1' - 8.1.1 - 8.1.2 - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura System Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '10.1' - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura Web Gateway cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 3.11[P] - 3.8.1[P] - 3.8[P] - 3.9.1[P] - 3.9[P] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Breeze cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '3.7' - '3.8' - 3.8.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Contact Center Select cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 7.0.2 - 7.0.3 - '7.1' - 7.1.1 - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya CRM Connector - Connected Desktop cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '2.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Device Enablement Service cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 3.1.22 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Meetings cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 9.1.10 - 9.1.11 - 9.1.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya OneCloud-Private cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Session Border Controller for Enterprise cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 8.0.1 - '8.1' - 8.1.1 - 8.1.2 - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '[PSN020554u](https://download.avaya.com/css/public/documents/101079394)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Social Media Hub cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Workforce Engagement cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '5.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Business Rules Engine cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '3.4' - '3.5' - '3.6' - '3.7' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Callback Assist cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '5' - 5.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Control Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 9.0.2 - 9.0.2.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Device Enrollment Service cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - '3.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Equinox Conferencing cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 9.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Interaction Center cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 7.3.9 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: IP Office Platform cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 11.0.4 - '11.1' - 11.1.1 - 11.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Proactive Outreach Manager cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: - 3.1.2 - 3.1.3 - '4' - 4.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.avepoint.com/company/java-zero-day-vulnerability-notification notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AVM product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C notes: devices, firmware, software incl. MyFritz Service. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AvTech RoomAlert product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://avtech.com/articles/23124/java-exploit-room-alert-link/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXIS product: OS cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://help.axis.com/axis-os notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXON product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXS Guard product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Axways Applications product: All cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.axway.com/news/1331/lang/en notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' ...