1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-18 06:47:54 +00:00
log4j-affected-db/software_lists/software_list_A.md

90 KiB
Raw Permalink Blame History

CISA Log4j (CVE-2021-44228) Affected Vendor & Software List

0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Status Descriptions

Status Description
Unknown Status unknown. Default choice.
Affected Reported to be affected by CVE-2021-44228.
Not Affected Reported to NOT be affected by CVE-2021-44228 and no further action necessary.
Fixed Patch and/or mitigations available (see provided links).
Under Investigation Vendor investigating status.

Software List

This list has been populated using information from the following sources:

  • Kevin Beaumont
  • SwitHak
  • National Cyber Security Centre - Netherlands (NCSC-NL)

NOTE: This file is automatically generated. To submit updates, please refer to CONTRIBUTING.md.

Vendor Product Affected Versions Patched Versions Status Vendor Links Notes References Reporter Last Updated
ABB AlarmInsight Cloud Not Affected link cisagov 2022-01-12
ABB B&R Products Not Affected link cisagov 2022-01-12
ABB Remote Service Fixed link cisagov 2022-01-12
Abbott All Unknown link Details are shared with customers with an active RAP subscription. cisagov 2021-12-15
Abbott GLP Track System Track Sample Manager (TSM), Track Workflow Manager (TWM) Affected link Abbott will provide a fix for this in a future update expected in January 2022. cisagov 2021-12-15
Abnormal Security All Not Affected link cisagov 2022-01-12
Accellence Technologies EBÜS All Fixed link EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-party software setups, which may be affected. cisagov 2022-01-12
Accellence Technologies Vimacc Not Affected link cisagov 2022-01-12
Accellion Kiteworks v7.6 release Fixed link As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" to disable the possible attack vector on both CentOS 6 and CentOS 7. cisagov 2021-12-16
Accruent Analytics Fixed link cisagov 2022-01-12
Accruent Asset Enterprise Not Affected link cisagov 2022-01-12
Accruent BigCenter Fixed link cisagov 2022-01-12
Accruent EMS Not Affected link cisagov 2022-01-12
Accruent Evoco Fixed link cisagov 2022-01-12
Accruent Expesite Fixed link cisagov 2022-01-12
Accruent Famis 360 Fixed link cisagov 2022-01-12
Accruent Lucernex Fixed link cisagov 2022-01-12
Accruent Maintenance Connection Not Affected link cisagov 2022-01-12
Accruent Meridian Fixed link cisagov 2022-01-12
Accruent Single Sign On (SSO, Central Auth) Not Affected link cisagov 2022-01-12
Accruent SiteFM3 Fixed link cisagov 2022-01-12
Accruent SiteFM4 Fixed link cisagov 2022-01-12
Accruent Siterra Fixed link cisagov 2022-01-12
Accruent TMS Not Affected link cisagov 2022-01-12
Accruent VxField Not Affected link cisagov 2022-01-12
Accruent VxMaintain Fixed link cisagov 2022-01-12
Accruent VxObserve Fixed link cisagov 2022-01-12
Accruent VxSustain Fixed link cisagov 2022-01-12
Acquia All Unknown link cisagov 2022-01-12
Acronis Backup Not Affected link cisagov 2022-01-12
Acronis Cyber Backup Not Affected link cisagov 2022-01-12
Acronis Cyber Files Not Affected link cisagov 2022-01-12
Acronis Cyber Infrastructure Not Affected link cisagov 2022-01-12
Acronis Cyber Protect Not Affected link cisagov 2022-01-12
Acronis Cyber Protection Home Office Not Affected link cisagov 2022-01-12
Acronis DeviceLock DLP Not Affected link cisagov 2022-01-12
Acronis Files Connect Not Affected link cisagov 2022-01-12
Acronis MassTransit Not Affected link cisagov 2022-01-12
Acronis Snap Deploy Not Affected link cisagov 2022-01-12
ActiveState All Unknown link cisagov 2022-01-12
Acunetix 360 Not Affected link cisagov 2022-01-12
Acunetix Agents Not Affected link cisagov 2022-01-12
Acunetix Application Not Affected link cisagov 2022-01-12
Acunetix IAST - ASP.NET Not Affected link cisagov 2022-01-12
Acunetix IAST - NodeJS Not Affected link cisagov 2022-01-12
Acunetix IAST - PHP Not Affected link cisagov 2022-01-12
Acunetix IAST-Java All Fixed link AcuSensor IAST module needs attention. cisagov 2022-01-12
Adaptec All Unknown link cisagov 2022-01-12
Addigy All Unknown link cisagov 2022-01-12
Adeptia Connect 3.3, 3.4, 3.5 Fixed link cisagov 2022-01-12
Adeptia Suite 6.9.9, 6.9.10, 6.9.11 Fixed link cisagov 2022-01-12
Adobe Automated Forms Conversion Service Affected link cisagov 2022-01-12
Adobe ColdFusion Fixed link cisagov 2022-01-12
Adobe Experience Manager 6.3 Forms on JEE All versions from 6.3 GA to 6.3.3 Fixed link cisagov 2022-01-12
Adobe Experience Manager 6.4 Forms Designer Affected link cisagov 2022-01-12
Adobe Experience Manager 6.4 Forms on JEE All versions from 6.4 GA to 6.4.8 Fixed link cisagov 2022-01-12
Adobe Experience Manager 6.5 Forms Designer Fixed link cisagov 2022-01-12
Adobe Experience Manager 6.5 Forms on JEE All versions from 6.5 GA to 6.5.11 Fixed link cisagov 2022-01-12
Adobe Experience Manager Forms on OSGi Not Affected link cisagov 2022-01-12
Adobe Experience Manager Forms Workbench Not Affected link cisagov 2022-01-12
ADP All Unknown link cisagov 2022-01-12
Advanced Micro Devices (AMD) All Not Affected link cisagov 2022-02-02
Advanced Systems Concepts (formally Jscape) Active MFT Not Affected link This advisory is available to customers only and has not been reviewed by CISA cisagov 2021-12-14
Advanced Systems Concepts (formally Jscape) MFT Not Affected link This advisory is available to customers only and has not been reviewed by CISA cisagov 2021-12-14
Advanced Systems Concepts (formally Jscape) MFT Gateway Not Affected link This advisory is available to customers only and has not been reviewed by CISA cisagov 2021-12-14
Advanced Systems Concepts (formally Jscape) MFT Server Not Affected link This advisory is available to customers only and has not been reviewed by CISA cisagov 2021-12-14
AFHCAN Global LLC AFHCANcart Not Affected link cisagov 2022-01-12
AFHCAN Global LLC AFHCANmobile Not Affected link cisagov 2022-01-12
AFHCAN Global LLC AFHCANServer Not Affected link cisagov 2022-01-12
AFHCAN Global LLC AFHCANsuite Not Affected link cisagov 2022-01-12
AFHCAN Global LLC AFHCANupdate Not Affected link cisagov 2022-01-12
AFHCAN Global LLC AFHCANweb Not Affected link cisagov 2022-01-12
Agilysys All Unknown link cisagov 2022-01-12
Ahsay Mobile Not Affected link cisagov 2022-01-12
Ahsay Other products Not Affected link cisagov 2022-01-12
Ahsay PRD Not Affected link cisagov 2022-01-12
AIL All Not Affected link cisagov 2022-01-12
Akamai Enterprise Application Access (EAA) Connector Not Affected link cisagov 2021-12-15
Akamai SIEM Integration Connector <1.7.4 Fixed link Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. cisagov 2021-12-15
Akamai SIEM Splunk Connector < 1.4.10 Fixed link Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector. cisagov 2021-12-15
Alcatel All Unknown link cisagov 2022-01-12
Alertus Console 5.15.0 Fixed link cisagov 2022-01-12
Alexion Alexion CRM Not Affected link cisagov 2022-01-12
Alfresco Alfresco Not Affected link cisagov 2022-01-12
AlienVault All Unknown link cisagov 2022-01-12
Alphatron Medical AmiSconnect Not Affected link cisagov 2022-01-12
Alphatron Medical Custo Diagnostics 5.4, 5.6 Affected link cisagov 2022-01-12
Alphatron Medical JiveX Not Affected link cisagov 2022-01-12
Alphatron Medical Zorgbericht Not Affected link cisagov 2022-01-12
Amazon AMS Fixed link Work in progress, portion of customers may still be vulnerable. Actively monitoring this issue, and are working on addressing it for any AMS services which use Log4j2. cisagov 2022-01-12
Amazon API Gateway Fixed link cisagov 2021-12-20
Amazon Athena Fixed link cisagov 2021-12-20
Amazon Athena JDBC Driver Not Affected link All versions vended to customers were not affected. cisagov 2021-12-20
Amazon AWS Not Affected link Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 AWS Forum. AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. cisagov 2021-12-15
Amazon AWS AppFlow Fixed link cisagov 2021-12-20
Amazon AWS AppSync Fixed link Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Amazon AWS Certificate Manager Fixed link cisagov 2021-12-20
Amazon AWS Certificate Manager Private CA Fixed link cisagov 2021-12-20
Amazon AWS CloudHSM < 3.4.1 Fixed link CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. cisagov 2022-01-12
Amazon AWS CodeBuild Fixed link Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2022-01-12
Amazon AWS CodePipeline Fixed link Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2022-01-12
Amazon AWS Connect Fixed link Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation. cisagov 2021-12-23
Amazon AWS Directory Service Fixed link cisagov 2021-12-23
Amazon AWS DynamoDB Fixed link cisagov 2021-12-17
Amazon AWS ECS Fixed link To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. cisagov 2021-12-16
Amazon AWS EKS Fixed link To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. cisagov 2021-12-16
Amazon AWS Elastic Beanstalk Not Affected link Default configuration of applications usage of Log4j versions is not vulnerable. cisagov 2021-12-17
Amazon AWS ElastiCache Fixed link cisagov 2021-12-17
Amazon AWS ELB Fixed link cisagov 2021-12-16
Amazon AWS Fargate Fixed link Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. cisagov 2021-12-16
Amazon AWS Glue Fixed link Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. cisagov 2021-12-16
Amazon AWS Greengrass Fixed link Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, an update for the Stream Manager feature is included in Greengrass patch versions 1.10.5 and 1.11.5. cisagov 2021-12-16
Amazon AWS Inspector Fixed link cisagov 2021-12-17
Amazon AWS IoT SiteWise Edge Fixed link Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). cisagov 2021-12-17
Amazon AWS Kinesis Data Streams Fixed link We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. cisagov 2021-12-14
Amazon AWS KMS Fixed link cisagov 2022-01-12
Amazon AWS Lambda Fixed link Vulnerable when using aws-lambda-java-log4j2. cisagov 2022-01-12
Amazon AWS Polly Fixed link cisagov 2022-01-12
Amazon AWS QuickSight Fixed link cisagov 2022-01-12
Amazon AWS RDS Fixed link Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228. cisagov 2021-12-17
Amazon AWS S3 Fixed link cisagov 2021-12-14
Amazon AWS SDK Not Affected link cisagov 2021-12-14
Amazon AWS Secrets Manager Fixed link cisagov 2021-12-14
Amazon AWS Service Catalog Fixed link cisagov 2021-12-20
Amazon AWS SNS Fixed link Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNSs systems that serve customer traffic. cisagov 2021-12-14
Amazon AWS SQS Fixed link cisagov 2021-12-15
Amazon AWS Systems Manager Fixed link cisagov 2021-12-15
Amazon AWS Systems Manager Agent Not Affected link cisagov 2021-12-15
Amazon AWS Textract Fixed link cisagov 2021-12-15
Amazon Chime Fixed link Amazon Chime and Chime SDK services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2022-01-12
Amazon Cloud Directory Fixed link cisagov 2022-01-12
Amazon CloudFront Fixed link cisagov 2022-01-12
Amazon CloudWatch Fixed link cisagov 2022-01-12
Amazon Cognito Fixed link cisagov 2022-01-12
Amazon Corretto Not Affected link 10/19 release distribution does not include Log4j. Vulnerable only if customers applications use affected versions of Apache Log4j. cisagov 2022-01-12
Amazon DocumentDB Fixed link cisagov 2022-01-12
Amazon EC2 Fixed link Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. cisagov 2021-12-15
Amazon ECR Public Fixed link Amazon-owned images published under a Verified Account on Amazon ECR Public are not affected by the Log4j issue. cisagov 2021-12-15
Amazon Elastic Load Balancing Fixed link Services have been updated. All Elastic Load Balancers, as well as Classic, Application, Network and Gateway, are not affected by this Log4j issue. cisagov 2021-12-15
Amazon EMR Fixed link Many customers are estimated to be vulnerable. Vulnerable only if affected EMR releases are used and untrusted sources are configured to be processed. cisagov 2022-01-12
Amazon EventBridge Fixed link cisagov 2022-01-12
Amazon Fraud Detector Fixed link cisagov 2022-01-12
Amazon Inspector Fixed link cisagov 2022-01-12
Amazon Inspector Classic Fixed link cisagov 2022-01-12
Amazon Kafka (MSK) Fixed link Applying updates as required, portion of customers may still be vulnerable. Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. cisagov 2022-01-12
Amazon Kendra Fixed link cisagov 2022-01-12
Amazon Keyspaces (for Apache Cassandra) Fixed link cisagov 2022-01-12
Amazon Kinesis Fixed link cisagov 2022-01-12
Amazon Kinesis Data Analytics Fixed link cisagov 2022-01-12
Amazon Lake Formation Fixed link Update in progress, portion of customers may still be vulnerable. AWS Lake Formation service hosts are being updated to the latest version of Log4j. cisagov 2022-01-12
Amazon Lex Fixed link cisagov 2022-01-12
Amazon Linux (AL1) Not Affected link By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. cisagov 2022-01-12
Amazon Linux (AL2) Fixed link By default not vulnerable, and a new version of Amazon Kinesis Agent which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j issue in JVM layer is available. cisagov 2022-01-12
Amazon Lookout for Equipment Fixed link cisagov 2022-01-12
Amazon Macie Fixed link cisagov 2022-01-12
Amazon Macie Classic Fixed link cisagov 2022-01-12
Amazon Managed Workflows for Apache Airflow (MWAA) Fixed link cisagov 2022-01-12
Amazon MemoryDB for Redis Fixed link cisagov 2022-01-12
Amazon Monitron Fixed link cisagov 2022-01-12
Amazon MQ Fixed link cisagov 2022-01-12
Amazon Neptune Fixed link cisagov 2022-01-12
Amazon NICE Fixed link Recommended to update EnginFrame or Log4j library. cisagov 2022-01-12
Amazon OpenSearch R20211203-P2 Fixed link Update released, customers need to update their clusters to the fixed release. cisagov 2022-01-12
Amazon Pinpoint Fixed link cisagov 2022-01-12
Amazon RDS Aurora Fixed link cisagov 2022-01-12
Amazon RDS for Oracle Fixed link cisagov 2022-01-12
Amazon Redshift Fixed link cisagov 2022-01-12
Amazon Rekognition Fixed link cisagov 2022-01-12
Amazon Route 53 Fixed link cisagov 2022-01-12
Amazon SageMaker Fixed link Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable only if customers applications use affected versions of Apache Log4j. cisagov 2022-01-12
Amazon Simple Notification Service (SNS) Fixed link Systems that serve customer traffic are patched against the Log4j2 issue. Working to apply the patch to sub-systems that operate separately from SNSs systems that serve customer traffic. cisagov 2022-01-12
Amazon Simple Queue Service (SQS) Fixed link cisagov 2022-01-12
Amazon Simple Workflow Service (SWF) Fixed link cisagov 2022-01-12
Amazon Single Sign-On Fixed link cisagov 2022-01-12
Amazon Step Functions Fixed link cisagov 2022-01-12
Amazon Timestream Fixed link cisagov 2022-01-12
Amazon Translate Not Affected link Service not identified on AWS Log4j Security Bulletin cisagov 2022-01-12
Amazon VPC Fixed link cisagov 2022-01-12
Amazon WorkSpaces/AppStream 2.0 Fixed link Not affected with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info. cisagov 2022-01-12
AMD All Not Affected link Currently, no AMD products have been identified as affected. AMD is continuing its analysis. cisagov 2021-12-22
Anaconda All Not Affected link cisagov 2021-12-21
AOMEI All Not Affected link cisagov 2021-12-21
Apache ActiveMQ Artemis Not Affected link ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. web/console.war/WEB-INF/lib). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See ARTEMIS-3612 for more information on that task. cisagov 2021-12-21
Apache Airflow Not Affected link Airflow is written in Python cisagov 2022-01-12
Apache Archiva 2.2.6 Fixed link Fixed in 2.2.6. cisagov 2022-01-12
Apache Camel Not Affected link Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. cisagov 2021-12-13
Apache Camel 2 Not Affected link cisagov 2021-12-13
Apache Camel JBang <=3.1.4 Affected link cisagov 2021-12-13
Apache Camel K Not Affected link cisagov 2021-12-13
Apache Camel Kafka Connector Not Affected link cisagov 2021-12-13
Apache Camel Karaf Affected link The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. cisagov 2021-12-13
Apache Camel Quarkus Not Affected link cisagov 2021-12-13
Apache Cassandra Not Affected link cisagov 2021-12-13
Apache Druid 0.22.1 Fixed link cisagov 2021-12-12
Apache Dubbo All Fixed link cisagov 2021-12-12
Apache Flink 1.15.0, 1.14.2, 1.13.5, 1.12.7, 1.11.6 Fixed link To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html cisagov 2021-12-12
Apache Fortress < 2.0.7 Fixed link Fixed in 2.0.7. cisagov 2021-12-14
Apache Geode 1.14.0 Fixed link Fixed in 1.12.6, 1.13.5, 1.14.1. cisagov 2021-12-14
Apache Guacamole Not Affected link cisagov 2021-12-14
Apache Hadoop Not Affected link cisagov 2021-12-14
Apache HBase Affected link cisagov 2021-12-14
Apache Hive 4.x Fixed link cisagov 2021-12-14
Apache James 3.6.0 Affected link cisagov 2021-12-14
Apache Jena < 4.3.1 Fixed link cisagov 2021-12-14
Apache JMeter All Affected link cisagov 2021-12-14
Apache JSPWiki 2.11.1 Fixed link cisagov 2021-12-14
Apache Kafka Not Affected link Uses Log4j 1.2.17. cisagov 2021-12-14
Apache Log4j 1.x Not Affected link cisagov 2022-01-12
Apache Log4j 2.x 2.17.1 Affected link Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). cisagov 2022-01-12
Apache Maven Not Affected link cisagov 2022-01-12
Apache NiFi Not Affected link Fixed in 1.15.1, 1.16.0. cisagov 2022-01-12
Apache OFBiz < 18.12.03 Fixed link cisagov 2022-01-12
Apache Ozone < 1.2.1 Fixed link Fixed in 1.15.1, 1.16.0. cisagov 2022-01-12
Apache SkyWalking < 8.9.1 Fixed link cisagov 2022-01-12
Apache SOLR 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 Fixed link Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. Apache Solr 8.11.1 downloads cisagov 2021-12-16
Apache Spark Not Affected link Uses log4j 1.x cisagov 2022-01-12
Apache Struts 2.5.28 Affected link cisagov 2022-01-12
Apache Struts 2 Versions before 2.5.28.1 Fixed link The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a General Availability release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). Apache Struts Release Downloads cisagov 2021-12-21
Apache Tapestry 5.7.3 Affected link cisagov 2022-01-12
Apache Tika 2.0.0 and up Affected link cisagov 2022-01-12
Apache Tomcat Unknown link Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the log4j 2.x security page cisagov 2021-12-21
Apache TrafficControl Affected link cisagov 2022-01-12
Apache ZooKeeper Not Affected link cisagov 2022-01-12
APC by Schneider Electric Powerchute Business Edition v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 Fixed link Mitigation instructions to remove the affected class. cisagov 2021-12-15
APC by Schneider Electric Powerchute Network Shutdown 4.2, 4.3, 4.4, 4.4.1 Fixed link Mitigation instructions to remove the affected class. cisagov 2021-12-15
Apereo CAS 6.3.x, 6.4.x Fixed link Other versions still in active maintainance might need manual inspection. cisagov 2022-01-12
Apereo Opencast < 9.10, < 10.6 Fixed link cisagov 2022-01-12
Apigee Edge and OPDK products Not Affected link cisagov 2022-01-12
Apollo All Unknown link cisagov 2022-01-12
Appdynamics All Unknown link cisagov 2022-01-12
Appeon PowerBuilder Appeon PowerBuilder 2017-2021 regardless of product edition Affected link cisagov 2021-12-15
AppGate All Unknown link cisagov 2022-01-12
Appian Appian Platform All Fixed link cisagov 2021-12-22
Application Performance Ltd DBMarlin Unknown link cisagov 2021-12-15
APPSHEET All Unknown link cisagov 2022-01-12
Aptible All Search 5.x Fixed link cisagov 2022-01-12
Aqua Security All Unknown link cisagov 2022-01-12
Arbiter Systems All Not Affected link cisagov 2021-12-22
ARC Informatique All Not Affected link cisagov 2022-01-13
Arca Noae All Unknown link cisagov 2022-01-12
Arcserve Arcserve Backup Not Affected link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US cisagov 2021-12-14
Arcserve Arcserve Continuous Availability Not Affected link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US cisagov 2021-12-14
Arcserve Arcserve Email Archiving Not Affected link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US cisagov 2021-12-14
Arcserve Arcserve UDP Not Affected link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US cisagov 2021-12-14
Arcserve ShadowProtect Not Affected link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US cisagov 2021-12-14
Arcserve ShadowXafe Not Affected link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US cisagov 2021-12-14
Arcserve Solo Not Affected link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US cisagov 2021-12-14
Arcserve StorageCraft OneXafe Not Affected link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US cisagov 2021-12-14
ArcticWolf All Unknown link cisagov 2022-01-12
Arduino IDE 1.8.17 Fixed link cisagov 2022-01-12
Ariba All Unknown link cisagov 2022-01-12
Arista Analytics Node for Converged Cloud Fabric >7.0.0 Affected link Formerly Big Cloud Fabric cisagov 2022-01-12
Arista Analytics Node for DANZ Monitoring Fabric >7.0.0 Affected link Formerly Big Monitoring Fabric cisagov 2022-01-12
Arista CloudVision Portal >2019.1.0 Affected link cisagov 2022-01-12
Arista CloudVision Wi-Fi, virtual or physical appliance >8.8 Affected link cisagov 2022-01-12
Arista Embedded Analytics for Converged Cloud Fabric >5.3.0 Affected link Formerly Big Cloud Fabric cisagov 2022-01-12
Aruba Networks AirWave Management Platform Not Affected link cisagov 2022-01-12
Aruba Networks Analytics and Location Engine Not Affected link cisagov 2022-01-12
Aruba Networks ArubaOS SD-WAN Gateways Not Affected link cisagov 2022-01-12
Aruba Networks ArubaOS Wi-Fi Controllers and Gateways Not Affected link cisagov 2022-01-12
Aruba Networks ArubaOS-CX Switches Not Affected link cisagov 2022-01-12
Aruba Networks ArubaOS-S Switches Not Affected link cisagov 2022-01-12
Aruba Networks Central Not Affected link cisagov 2022-01-12
Aruba Networks Central On-Prem Not Affected link cisagov 2022-01-12
Aruba Networks ClearPass Policy Manager Not Affected link cisagov 2022-01-12
Aruba Networks EdgeConnect Not Affected link cisagov 2022-01-12
Aruba Networks Fabric Composer (AFC) Not Affected link cisagov 2022-01-12
Aruba Networks HP ProCurve Switches Not Affected link cisagov 2022-01-12
Aruba Networks Instant Not Affected link cisagov 2022-01-12
Aruba Networks Instant Access Points Not Affected link cisagov 2022-01-12
Aruba Networks Instant On Not Affected link cisagov 2022-01-12
Aruba Networks IntroSpect Versions 2.5.0.0 to 2.5.0.6 Fixed link cisagov 2022-01-12
Aruba Networks Legacy GMS Products Fixed link cisagov 2022-01-12
Aruba Networks Legacy NX Not Affected link cisagov 2022-01-12
Aruba Networks Legacy VRX Not Affected link cisagov 2022-01-12
Aruba Networks Legacy VX Not Affected link cisagov 2022-01-12
Aruba Networks NetEdit Not Affected link cisagov 2022-01-12
Aruba Networks Plexxi Composable Fabric Manager (CFM) Not Affected link cisagov 2022-01-12
Aruba Networks Silver Peak Orchestrator Fixed link cisagov 2022-01-12
Aruba Networks User Experience Insight (UXI) Not Affected link cisagov 2022-01-12
Aruba Networks VIA Clients Not Affected link cisagov 2022-01-12
Ataccama All Unknown link cisagov 2022-01-12
Atera All Unknown link cisagov 2022-01-12
Atlassian Bamboo Server & Data Center On Prem Affected link Only vulnerable when using non-default config, cloud version fixed. cisagov 2022-01-12
Atlassian Bitbucket Server & Data Center On prem Fixed link This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. cisagov 2022-01-12
Atlassian Confluence Server & Data Center On prem Affected link Only vulnerable when using non-default config, cloud version fixed. cisagov 2022-01-12
Atlassian Confluence-CIS CSAT Pro v1.7.1 Affected link cisagov 2022-01-12
Atlassian Confluence-CIS WorkBench Not Affected link cisagov 2022-01-12
Atlassian Confluence-CIS-CAT Lite v4.13.0 Affected link cisagov 2022-01-12
Atlassian Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable v3.0.77 Affected link cisagov 2022-01-12
Atlassian Confluence-CIS-CAT Pro Assessor v4 v4.13.0 Affected link cisagov 2022-01-12
Atlassian Confluence-CIS-CAT Pro Assessor v4 Service v1.13.0 Affected link cisagov 2022-01-12
Atlassian Confluence-CIS-CAT Pro Dashboard Not Affected link cisagov 2022-01-12
Atlassian Confluence-CIS-Hosted CSAT Not Affected link cisagov 2022-01-12
Atlassian Crowd Server & Data Center On prem Affected link This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. cisagov 2022-01-12
Atlassian Crucible On prem Affected link This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. cisagov 2022-01-12
Atlassian Fisheye On prem Affected link This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. cisagov 2022-01-12
Atlassian Jira Server & Data Center On prem Affected link This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. cisagov 2022-01-12
Attivo Networks All Unknown link cisagov 2022-01-12
Atvise All Not Affected link The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. cisagov 2022-01-17
AudioCodes All Unknown link cisagov 2022-01-12
Autodesk All Unknown link Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the Autodesk Trust Center as we learn more. cisagov 2021-12-21
Automation Anywhere Automation 360 Cloud Fixed link This advisory is available to customer only and has not been reviewed by CISA. cisagov 2022-01-12
Automation Anywhere Automation 360 On Premise Fixed link This advisory is available to customer only and has not been reviewed by CISA. cisagov 2022-01-12
Automation Anywhere Automation Anywhere 11.x, <11.3x Fixed link This advisory is available to customer only and has not been reviewed by CISA. cisagov 2022-01-12
Automox All Unknown link cisagov 2022-01-12
Autopsy All Unknown link cisagov 2022-01-12
Auvik All Unknown link cisagov 2022-01-12
Avantra SYSLINK All Unknown link cisagov 2022-01-12
Avaya Avaya Analytics 3.5, 3.6, 3.6.1, 3.7, 4 Affected link cisagov 2021-12-14
Avaya Avaya Aura Application Enablement Services 8.1.3.2, 8.1.3.3, 10.1 Affected link PSN020551u cisagov 2021-12-14
Avaya Avaya Aura Contact Center 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 Affected link cisagov 2021-12-14
Avaya Avaya Aura Device Services 8, 8.0.1, 8.0.2, 8.1, 8.1.3, 8.1.4, 8.1.5 Affected link cisagov 2021-12-14
Avaya Avaya Aura for OneCloud Private Affected link Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. cisagov 2021-12-14
Avaya Avaya Aura Media Server 8.0.0, 8.0.1, 8.0.2 Affected link PSN020549u cisagov 2021-12-14
Avaya Avaya Aura Presence Services 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 Affected link cisagov 2021-12-14
Avaya Avaya Aura Session Manager 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 Affected link PSN020550u cisagov 2021-12-14
Avaya Avaya Aura System Manager 10.1, 8.1.3 Affected link PSN005565u cisagov 2021-12-14
Avaya Avaya Aura Web Gateway 3.11[P], 3.8.1[P], 3.8[P], 3.9.1[P], 3.9[P] Affected link cisagov 2021-12-14
Avaya Avaya Breeze 3.7, 3.8, 3.8.1 Affected link cisagov 2021-12-14
Avaya Avaya Contact Center Select 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 Affected link cisagov 2021-12-14
Avaya Avaya CRM Connector - Connected Desktop 2.2 Affected link cisagov 2021-12-14
Avaya Avaya Device Enablement Service 3.1.22 Affected link cisagov 2021-12-14
Avaya Avaya Meetings 9.1.10, 9.1.11, 9.1.12 Affected link cisagov 2021-12-14
Avaya Avaya OneCloud-Private 2 Affected link cisagov 2021-12-14
Avaya Avaya OneCloud-Private-UCaaS - Mid Market Aura 1 Affected link cisagov 2021-12-14
Avaya Avaya Session Border Controller for Enterprise 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 Affected link PSN020554u cisagov 2021-12-14
Avaya Avaya Social Media Hub Affected link cisagov 2021-12-14
Avaya Avaya Workforce Engagement 5.3 Affected link cisagov 2021-12-14
Avaya Business Rules Engine 3.4, 3.5, 3.6, 3.7 Affected link cisagov 2021-12-14
Avaya Callback Assist 5, 5.0.1 Affected link cisagov 2021-12-14
Avaya Control Manager 9.0.2, 9.0.2.1 Affected link cisagov 2021-12-14
Avaya Device Enrollment Service 3.1 Affected link cisagov 2021-12-14
Avaya Equinox Conferencing 9.1.2 Affected link cisagov 2021-12-14
Avaya Interaction Center 7.3.9 Affected link cisagov 2021-12-14
Avaya IP Office Platform 11.0.4, 11.1, 11.1.1, 11.1.2 Affected link cisagov 2021-12-14
Avaya Proactive Outreach Manager 3.1.2, 3.1.3, 4, 4.0.1 Affected link cisagov 2021-12-14
AVEPOINT All Unknown link cisagov 2022-01-12
AVM All Not Affected link devices, firmware, software incl. MyFritz Service. cisagov 2022-01-12
AvTech RoomAlert All Unknown link cisagov 2022-01-12
AXIS OS Not Affected link cisagov 2022-01-12
AXON All Unknown link cisagov 2022-01-12
AXS Guard All Unknown link cisagov 2022-01-12
Axways Applications All Unknown link cisagov 2022-01-12