1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-18 06:47:54 +00:00
log4j-affected-db/software_lists/software_list_G.md

61 KiB
Raw Permalink Blame History

CISA Log4j (CVE-2021-44228) Affected Vendor & Software List

0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Status Descriptions

Status Description
Unknown Status unknown. Default choice.
Affected Reported to be affected by CVE-2021-44228.
Not Affected Reported to NOT be affected by CVE-2021-44228 and no further action necessary.
Fixed Patch and/or mitigations available (see provided links).
Under Investigation Vendor investigating status.

Software List

This list has been populated using information from the following sources:

  • Kevin Beaumont
  • SwitHak
  • National Cyber Security Centre - Netherlands (NCSC-NL)

NOTE: This file is automatically generated. To submit updates, please refer to CONTRIBUTING.md.

Vendor Product Affected Versions Patched Versions Status Vendor Links Notes References Reporter Last Updated
GE Digital All Unknown link This advisory is available to customers only and has not been reviewed by CISA. cisagov 2021-12-22
GE Digital Grid All Unknown link This advisory is available to customers only and has not been reviewed by CISA. cisagov 2021-12-22
GE Gas Power Asset Performance Management (APM) Fixed link GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently deploying the fixes in the production environment. cisagov 2021-12-22
GE Gas Power Baseline Security Center (BSC) Affected link GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice M1221-S01. cisagov 2021-12-22
GE Gas Power Baseline Security Center (BSC) 2.0 Fixed link GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. Customer Portal Update cisagov 2021-12-22
GE Gas Power Control Server Affected link Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. cisagov 2021-12-22
GE Gas Power MyFleet Fixed link Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 cisagov 2021-12-22
GE Gas Power OPM Performance Intelligence Fixed link Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 cisagov 2021-12-22
GE Gas Power OPM Performance Planning Fixed link Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 cisagov 2021-12-22
GE Gas Power Tag Mapping Service Fixed link Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 cisagov 2021-12-22
GE Gas Power vCenter Fixed link GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. Customer Portal Update cisagov 2021-12-22
GE Healthcare Unknown link This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. cisagov 2021-12-22
Gearset All Unknown link cisagov 2022-01-12
Genesys All Unknown link cisagov 2022-01-12
GeoServer All Unknown link cisagov 2022-01-12
GeoSolutions GeoNetwork A, l, l Fixed link cisagov 2021-12-16
GeoSolutions GeoServer Not Affected link cisagov 2021-12-16
Gerrit Code Review All Unknown link cisagov 2022-01-12
GFI Software All Unknown link cisagov 2022-01-12
GFI Software Kerio Connect Fixed link cisagov 2022-01-12
Ghidra All Unknown link cisagov 2022-01-12
Ghisler Total Commander Not Affected link Third Party plugins might contain log4j. cisagov 2022-01-12
Gigamon Fabric Manager <5.13.01.02 Fixed link Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. cisagov 2021-12-21
GitHub GitHub GitHub.com and GitHub Enterprise Cloud Fixed link cisagov 2021-12-17
GitHub GitHub Enterprise Server 3.0.22, 3.1.14, 3.2.6, 3.3.1 Fixed link cisagov 2021-12-17
GitLab All Not Affected link cisagov 2022-01-12
GitLab DAST Analyzer Not Affected link cisagov 2022-01-12
GitLab Dependency Scanning Fixed link cisagov 2022-01-12
GitLab Gemnasium-Maven Fixed link cisagov 2022-01-12
GitLab PMD OSS Fixed link cisagov 2022-01-12
GitLab SAST Fixed link cisagov 2022-01-12
GitLab Spotbugs Fixed link cisagov 2022-01-12
Globus All Unknown link cisagov 2022-01-12
GoAnywhere Agents Fixed link cisagov 2021-12-18
GoAnywhere Gateway Version 2.7.0 or later Fixed link cisagov 2021-12-18
GoAnywhere MFT Version 5.3.0 or later Fixed link cisagov 2021-12-18
GoAnywhere MFT Agents 1.4.2 or later Affected link Versions less than GoAnywhere Agent version 1.4.2 are not affected. cisagov 2021-12-18
GoAnywhere Open PGP Studio Fixed link cisagov 2021-12-18
GoAnywhere Suveyor/400 Not Affected link cisagov 2021-12-18
GoCD All Unknown link cisagov 2022-01-12
Google Chrome Not Affected link Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. cisagov 2022-01-14
Google Cloud Access Transparency Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Actifio Not Affected link Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit https://now.actifio.com for the full statement and to obtain the hotfix (available to Actifio customers only). cisagov 2021-12-21
Google Cloud AI Platform Data Labeling Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud AI Platform Neural Architecture Search (NAS) Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud AI Platform Training and Prediction Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Anthos Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. cisagov 2021-12-21
Google Cloud Anthos Config Management Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Anthos Connect Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Anthos Hub Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Anthos Identity Service Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Anthos on VMWare Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. cisagov 2021-12-21
Google Cloud Anthos Premium Software Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Anthos Service Mesh Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Apigee Not Affected link Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. cisagov 2021-12-17
Google Cloud App Engine Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. cisagov 2021-12-21
Google Cloud AppSheet Not Affected link The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. cisagov 2021-12-21
Google Cloud Artifact Registry Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Assured Workloads Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud AutoML Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud AutoML Natural Language Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud AutoML Tables Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud AutoML Translation Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud AutoML Video Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud AutoML Vision Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud BigQuery Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud BigQuery Data Transfer Service Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud BigQuery Omni Not Affected link BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. cisagov 2021-12-19
Google Cloud Binary Authorization Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Certificate Manager Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Chronicle Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Cloud Asset Inventory Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Bigtable Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-19
Google Cloud Cloud Build Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. cisagov 2021-12-21
Google Cloud Cloud CDN Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Cloud Composer Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. cisagov 2021-12-15
Google Cloud Cloud Console App Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Data Loss Prevention Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Debugger Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Deployment Manager Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud DNS Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Cloud Endpoints Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud External Key Manager (EKM) Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Functions Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. cisagov 2021-12-21
Google Cloud Cloud Hardware Security Module (HSM) Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Interconnect Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Intrusion Detection System (IDS) Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Key Management Service Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Load Balancing Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Cloud Logging Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Natural Language API Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Network Address Translation (NAT) Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Cloud Profiler Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Router Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Cloud Run Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. cisagov 2021-12-21
Google Cloud Cloud Run for Anthos Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. cisagov 2021-12-21
Google Cloud Cloud Scheduler Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud SDK Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Shell Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. cisagov 2021-12-21
Google Cloud Cloud Source Repositories Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Spanner Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-19
Google Cloud Cloud SQL Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-19
Google Cloud Cloud Storage Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Cloud Tasks Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Trace Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Traffic Director Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Cloud Translation Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Vision Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud Vision OCR On-Prem Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Cloud VPN Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud CompilerWorks Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Compute Engine Not Affected link Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. cisagov 2021-12-20
Google Cloud Contact Center AI (CCAI) Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Contact Center AI Insights Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Container Registry Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Data Catalog Not Affected link Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. cisagov 2021-12-20
Google Cloud Data Fusion Not Affected link Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” cisagov 2021-12-20
Google Cloud Database Migration Service (DMS) Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-19
Google Cloud Dataflow Not Affected link Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” cisagov 2021-12-17
Google Cloud Dataproc Not Affected link Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. cisagov 2021-12-20
Google Cloud Dataproc Metastore Not Affected link Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” cisagov 2021-12-20
Google Cloud Datastore Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-19
Google Cloud Datastream Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-19
Google Cloud Dialogflow Essentials (ES) Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Document AI Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Event Threat Detection Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Eventarc Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Filestore Not Affected link Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. cisagov 2021-12-21
Google Cloud Firebase Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Firestore Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-19
Google Cloud Game Servers Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Google Cloud Armor Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Google Cloud Armor Managed Protection Plus Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Google Cloud VMware Engine Not Affected link We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. cisagov 2021-12-11
Google Cloud Google Kubernetes Engine Not Affected link Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. cisagov 2021-12-21
Google Cloud Healthcare Data Engine (HDE) Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Human-in-the-Loop AI Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud IoT Core Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Key Access Justifications (KAJ) Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Looker Not Affected link Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. cisagov 2021-12-18
Google Cloud Media Translation API Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Memorystore Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-19
Google Cloud Migrate for Anthos Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Migrate for Compute Engine (M4CE) Not Affected link M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. cisagov 2021-12-19
Google Cloud Network Connectivity Center Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Network Intelligence Center Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Network Service Tiers Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Persistent Disk Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Pub/Sub Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-16
Google Cloud Pub/Sub Lite Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. cisagov 2021-12-16
Google Cloud reCAPTCHA Enterprise Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Recommendations AI Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Retail Search Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Risk Manager Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Secret Manager Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Security Command Center Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Service Directory Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Service Infrastructure Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Speaker ID Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Speech-to-Text Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Speech-to-Text On-Prem Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Storage Transfer Service Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Talent Solution Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Text-to-Speech Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Transcoder API Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Transfer Appliance Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Video Intelligence API Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Virtual Private Cloud Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-20
Google Cloud Web Security Scanner Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Google Cloud Workflows Not Affected link Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. cisagov 2021-12-21
Gradle All Not Affected link Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. cisagov 2022-01-12
Gradle Gradle Enterprise < 2021.3.6 Fixed link cisagov 2022-01-12
Gradle Gradle Enterprise Build Cache Node < 10.1 Fixed link cisagov 2022-01-12
Gradle Gradle Enterprise Test Distribution Agent < 1.6.2 Fixed link cisagov 2022-01-12
Grafana All Not Affected link cisagov 2022-01-12
Grandstream All Unknown link cisagov 2022-01-12
Gravitee Access Management Not Affected link cisagov 2022-01-12
Gravitee Access Management Not Affected link cisagov 2022-01-12
Gravitee Alert Engine Not Affected link cisagov 2022-01-12
Gravitee Alert Engine Not Affected link cisagov 2022-01-12
Gravitee API Management Not Affected link cisagov 2022-01-12
Gravitee API Management Not Affected link cisagov 2022-01-12
Gravitee Cockpit Not Affected link cisagov 2022-01-12
Gravwell All Not Affected link Gravwell products do not use Java. cisagov 2022-01-12
Graylog All 3.3.15, 4.0.14, 4.1.9, 4.2.3 Fixed link The vulnerable Log4j library is used to record GrayLogs own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. cisagov 2022-01-12
Graylog Graylog Server All versions >= 1.2.0 and <= 4.2.2 Fixed link cisagov 2022-01-12
GreenShot All Not Affected link cisagov 2022-01-12
GSA Cloud.gov Unknown link cisagov 2021-12-21
GuardedBox All 3.1.2 Fixed link cisagov 2022-01-12
Guidewire All Unknown link cisagov 2022-01-12