You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61 KiB
61 KiB
CISA Log4j (CVE-2021-44228) Affected Vendor & Software List
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Status Descriptions
| Status | Description |
|---|---|
| Unknown | Status unknown. Default choice. |
| Affected | Reported to be affected by CVE-2021-44228. |
| Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
| Fixed | Patch and/or mitigations available (see provided links). |
| Under Investigation | Vendor investigating status. |
Software List
This list has been populated using information from the following sources:
- Kevin Beaumont
- SwitHak
- National Cyber Security Centre - Netherlands (NCSC-NL)
NOTE: This file is automatically generated. To submit updates, please refer to
CONTRIBUTING.md.
| Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated |
|---|---|---|---|---|---|---|---|---|---|
| GE Digital | All | Unknown | link | This advisory is available to customers only and has not been reviewed by CISA. | cisagov | 2021-12-22 | |||
| GE Digital Grid | All | Unknown | link | This advisory is available to customers only and has not been reviewed by CISA. | cisagov | 2021-12-22 | |||
| GE Gas Power | Asset Performance Management (APM) | Fixed | link | GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently deploying the fixes in the production environment. | cisagov | 2021-12-22 | |||
| GE Gas Power | Baseline Security Center (BSC) | Affected | link | GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. | cisagov | 2021-12-22 | |||
| GE Gas Power | Baseline Security Center (BSC) 2.0 | Fixed | link | GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | Customer Portal Update | cisagov | 2021-12-22 | ||
| GE Gas Power | Control Server | Affected | link | Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. | cisagov | 2021-12-22 | |||
| GE Gas Power | MyFleet | Fixed | link | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | cisagov | 2021-12-22 | |||
| GE Gas Power | OPM Performance Intelligence | Fixed | link | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | cisagov | 2021-12-22 | |||
| GE Gas Power | OPM Performance Planning | Fixed | link | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | cisagov | 2021-12-22 | |||
| GE Gas Power | Tag Mapping Service | Fixed | link | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | cisagov | 2021-12-22 | |||
| GE Gas Power | vCenter | Fixed | link | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | Customer Portal Update | cisagov | 2021-12-22 | ||
| GE Healthcare | Unknown | link | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | cisagov | 2021-12-22 | ||||
| Gearset | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Genesys | All | Unknown | link | cisagov | 2022-01-12 | ||||
| GeoServer | All | Unknown | link | cisagov | 2022-01-12 | ||||
| GeoSolutions | GeoNetwork | A, l, l | Fixed | link | cisagov | 2021-12-16 | |||
| GeoSolutions | GeoServer | Not Affected | link | cisagov | 2021-12-16 | ||||
| Gerrit Code Review | All | Unknown | link | cisagov | 2022-01-12 | ||||
| GFI Software | All | Unknown | link | cisagov | 2022-01-12 | ||||
| GFI Software | Kerio Connect | Fixed | link | cisagov | 2022-01-12 | ||||
| Ghidra | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Ghisler | Total Commander | Not Affected | link | Third Party plugins might contain log4j. | cisagov | 2022-01-12 | |||
| Gigamon | Fabric Manager | <5.13.01.02 | Fixed | link | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | cisagov | 2021-12-21 | ||
| GitHub | GitHub | GitHub.com and GitHub Enterprise Cloud | Fixed | link | cisagov | 2021-12-17 | |||
| GitHub | GitHub Enterprise Server | 3.0.22, 3.1.14, 3.2.6, 3.3.1 | Fixed | link | cisagov | 2021-12-17 | |||
| GitLab | All | Not Affected | link | cisagov | 2022-01-12 | ||||
| GitLab | DAST Analyzer | Not Affected | link | cisagov | 2022-01-12 | ||||
| GitLab | Dependency Scanning | Fixed | link | cisagov | 2022-01-12 | ||||
| GitLab | Gemnasium-Maven | Fixed | link | cisagov | 2022-01-12 | ||||
| GitLab | PMD OSS | Fixed | link | cisagov | 2022-01-12 | ||||
| GitLab | SAST | Fixed | link | cisagov | 2022-01-12 | ||||
| GitLab | Spotbugs | Fixed | link | cisagov | 2022-01-12 | ||||
| Globus | All | Unknown | link | cisagov | 2022-01-12 | ||||
| GoAnywhere | Agents | Fixed | link | cisagov | 2021-12-18 | ||||
| GoAnywhere | Gateway | Version 2.7.0 or later | Fixed | link | cisagov | 2021-12-18 | |||
| GoAnywhere | MFT | Version 5.3.0 or later | Fixed | link | cisagov | 2021-12-18 | |||
| GoAnywhere | MFT Agents | 1.4.2 or later | Affected | link | Versions less than GoAnywhere Agent version 1.4.2 are not affected. | cisagov | 2021-12-18 | ||
| GoAnywhere | Open PGP Studio | Fixed | link | cisagov | 2021-12-18 | ||||
| GoAnywhere | Suveyor/400 | Not Affected | link | cisagov | 2021-12-18 | ||||
| GoCD | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Chrome | Not Affected | link | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | cisagov | 2022-01-14 | ||||
| Google Cloud | Access Transparency | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Actifio | Not Affected | link | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit https://now.actifio.com for the full statement and to obtain the hotfix (available to Actifio customers only). | cisagov | 2021-12-21 | |||
| Google Cloud | AI Platform Data Labeling | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | AI Platform Neural Architecture Search (NAS) | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | AI Platform Training and Prediction | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Anthos | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | cisagov | 2021-12-21 | |||
| Google Cloud | Anthos Config Management | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Anthos Connect | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Anthos Hub | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Anthos Identity Service | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Anthos on VMWare | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | cisagov | 2021-12-21 | |||
| Google Cloud | Anthos Premium Software | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Anthos Service Mesh | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Apigee | Not Affected | link | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | cisagov | 2021-12-17 | |||
| Google Cloud | App Engine | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | cisagov | 2021-12-21 | |||
| Google Cloud | AppSheet | Not Affected | link | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | cisagov | 2021-12-21 | |||
| Google Cloud | Artifact Registry | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Assured Workloads | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | AutoML | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | AutoML Natural Language | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | AutoML Tables | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | AutoML Translation | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | AutoML Video | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | AutoML Vision | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | BigQuery | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | BigQuery Data Transfer Service | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | BigQuery Omni | Not Affected | link | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | cisagov | 2021-12-19 | |||
| Google Cloud | Binary Authorization | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Certificate Manager | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Chronicle | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Cloud Asset Inventory | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Bigtable | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-19 | |||
| Google Cloud | Cloud Build | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud CDN | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Cloud Composer | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | cisagov | 2021-12-15 | |||
| Google Cloud | Cloud Console App | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Data Loss Prevention | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Debugger | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Deployment Manager | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud DNS | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Cloud Endpoints | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud External Key Manager (EKM) | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Functions | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Hardware Security Module (HSM) | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Interconnect | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Intrusion Detection System (IDS) | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Key Management Service | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Load Balancing | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Cloud Logging | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Natural Language API | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Network Address Translation (NAT) | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Cloud Profiler | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Router | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Cloud Run | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Run for Anthos | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Scheduler | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud SDK | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Shell | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Source Repositories | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Spanner | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-19 | |||
| Google Cloud | Cloud SQL | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-19 | |||
| Google Cloud | Cloud Storage | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Cloud Tasks | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Trace | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Traffic Director | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Cloud Translation | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Vision | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud Vision OCR On-Prem | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Cloud VPN | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | CompilerWorks | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Compute Engine | Not Affected | link | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | cisagov | 2021-12-20 | |||
| Google Cloud | Contact Center AI (CCAI) | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Contact Center AI Insights | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Container Registry | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Data Catalog | Not Affected | link | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | cisagov | 2021-12-20 | |||
| Google Cloud | Data Fusion | Not Affected | link | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | cisagov | 2021-12-20 | |||
| Google Cloud | Database Migration Service (DMS) | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-19 | |||
| Google Cloud | Dataflow | Not Affected | link | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | cisagov | 2021-12-17 | |||
| Google Cloud | Dataproc | Not Affected | link | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | cisagov | 2021-12-20 | |||
| Google Cloud | Dataproc Metastore | Not Affected | link | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | cisagov | 2021-12-20 | |||
| Google Cloud | Datastore | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-19 | |||
| Google Cloud | Datastream | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-19 | |||
| Google Cloud | Dialogflow Essentials (ES) | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Document AI | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Event Threat Detection | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Eventarc | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Filestore | Not Affected | link | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | cisagov | 2021-12-21 | |||
| Google Cloud | Firebase | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Firestore | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-19 | |||
| Google Cloud | Game Servers | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Google Cloud Armor | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Google Cloud Armor Managed Protection Plus | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Google Cloud VMware Engine | Not Affected | link | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | cisagov | 2021-12-11 | |||
| Google Cloud | Google Kubernetes Engine | Not Affected | link | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | cisagov | 2021-12-21 | |||
| Google Cloud | Healthcare Data Engine (HDE) | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Human-in-the-Loop AI | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | IoT Core | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Key Access Justifications (KAJ) | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Looker | Not Affected | link | Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | cisagov | 2021-12-18 | |||
| Google Cloud | Media Translation API | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Memorystore | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-19 | |||
| Google Cloud | Migrate for Anthos | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Migrate for Compute Engine (M4CE) | Not Affected | link | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | cisagov | 2021-12-19 | |||
| Google Cloud | Network Connectivity Center | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Network Intelligence Center | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Network Service Tiers | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Persistent Disk | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Pub/Sub | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-16 | |||
| Google Cloud | Pub/Sub Lite | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | cisagov | 2021-12-16 | |||
| Google Cloud | reCAPTCHA Enterprise | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Recommendations AI | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Retail Search | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Risk Manager | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Secret Manager | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Security Command Center | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Service Directory | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Service Infrastructure | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Speaker ID | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Speech-to-Text | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Speech-to-Text On-Prem | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Storage Transfer Service | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Talent Solution | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Text-to-Speech | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Transcoder API | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Transfer Appliance | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Video Intelligence API | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Virtual Private Cloud | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Google Cloud | Web Security Scanner | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Google Cloud | Workflows | Not Affected | link | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-21 | |||
| Gradle | All | Not Affected | link | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | cisagov | 2022-01-12 | |||
| Gradle | Gradle Enterprise | < 2021.3.6 | Fixed | link | cisagov | 2022-01-12 | |||
| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | Fixed | link | cisagov | 2022-01-12 | |||
| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | Fixed | link | cisagov | 2022-01-12 | |||
| Grafana | All | Not Affected | link | cisagov | 2022-01-12 | ||||
| Grandstream | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Gravitee | Access Management | Not Affected | link | cisagov | 2022-01-12 | ||||
| Gravitee | Access Management | Not Affected | link | cisagov | 2022-01-12 | ||||
| Gravitee | Alert Engine | Not Affected | link | cisagov | 2022-01-12 | ||||
| Gravitee | Alert Engine | Not Affected | link | cisagov | 2022-01-12 | ||||
| Gravitee | API Management | Not Affected | link | cisagov | 2022-01-12 | ||||
| Gravitee | API Management | Not Affected | link | cisagov | 2022-01-12 | ||||
| Gravitee | Cockpit | Not Affected | link | cisagov | 2022-01-12 | ||||
| Gravwell | All | Not Affected | link | Gravwell products do not use Java. | cisagov | 2022-01-12 | |||
| Graylog | All | 3.3.15, 4.0.14, 4.1.9, 4.2.3 | Fixed | link | The vulnerable Log4j library is used to record GrayLogs own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. | cisagov | 2022-01-12 | ||
| Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | Fixed | link | cisagov | 2022-01-12 | |||
| GreenShot | All | Not Affected | link | cisagov | 2022-01-12 | ||||
| GSA | Cloud.gov | Unknown | link | cisagov | 2021-12-21 | ||||
| GuardedBox | All | 3.1.2 | Fixed | link | cisagov | 2022-01-12 | |||
| Guidewire | All | Unknown | link | cisagov | 2022-01-12 |