You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 KiB
87 KiB
CISA Log4j (CVE-2021-44228) Affected Vendor & Software List
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Status Descriptions
| Status | Description |
|---|---|
| Unknown | Status unknown. Default choice. |
| Affected | Reported to be affected by CVE-2021-44228. |
| Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
| Fixed | Patch and/or mitigations available (see provided links). |
| Under Investigation | Vendor investigating status. |
Software List
This list has been populated using information from the following sources:
- Kevin Beaumont
- SwitHak
- National Cyber Security Centre - Netherlands (NCSC-NL)
NOTE: This file is automatically generated. To submit updates, please refer to
CONTRIBUTING.md.
| Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated |
|---|---|---|---|---|---|---|---|---|---|
| SAE-IT | Unknown | link | cisagov | 2022-01-12 | |||||
| SAFE FME Server | Unknown | link | cisagov | 2022-01-12 | |||||
| SAGE | Unknown | link | cisagov | 2022-01-12 | |||||
| SailPoint | Unknown | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2022-01-12 | ||||
| Salesforce | Analytics Cloud | All | Fixed | link | Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | B2C Commerce Cloud | All | Fixed | link | B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | ClickSoftware (As-a-Service) | All | Fixed | link | ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | ClickSoftware (On-Premise) | All | Fixed | link | ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | cisagov | 2022-01-26 | ||
| Salesforce | Data.com | All | Fixed | link | Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | DataLoader | >=53.0.2 | Fixed | link | This version is for use with Salesforce Winter '22 or higher release through Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. | cisagov | 2022-01-26 | ||
| Salesforce | Datorama | All | Fixed | link | Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | Evergage (Interaction Studio) | All | Fixed | link | Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | Experience (Community) Cloud | All | Fixed | link | Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | Force.com | All | Fixed | link | Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader. | cisagov | 2022-01-26 | ||
| Salesforce | Heroku | Not Affected | link | Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. | cisagov | 2022-01-26 | |||
| Salesforce | Marketing Cloud | All | Fixed | link | Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | MuleSoft (Cloud) | All | Fixed | link | MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | cisagov | 2022-01-26 | ||
| Salesforce | MuleSoft (On-Premise) | All | Fixed | link | MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | cisagov | 2022-01-26 | ||
| Salesforce | Pardot | All | Fixed | link | Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | Sales Cloud | All | Fixed | link | Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | Service Cloud | All | Fixed | link | Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | Slack | All | Fixed | link | Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | cisagov | 2022-01-26 | ||
| Salesforce | Social Studio | All | Fixed | link | Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Salesforce | Tableau (On-Premise) | < 2021.4.1 | Fixed | link | Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Patches to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046 are available for download. Additional details are available here. | cisagov | 2021-12-16 | ||
| Salesforce | Tableau (Online) | All | Fixed | link | Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-26 | ||
| Samsung Electronics America | Knox Admin Portal | Not Affected | link | cisagov | 2022-01-17 | ||||
| Samsung Electronics America | Knox Asset Intelligence | Not Affected | link | cisagov | 2022-01-17 | ||||
| Samsung Electronics America | Knox Configure | Not Affected | link | cisagov | 2022-01-17 | ||||
| Samsung Electronics America | Knox E-FOTA One | Not Affected | link | cisagov | 2022-01-17 | ||||
| Samsung Electronics America | Knox Guard | Not Affected | link | cisagov | 2022-01-17 | ||||
| Samsung Electronics America | Knox License Management | Not Affected | link | cisagov | 2022-01-17 | ||||
| Samsung Electronics America | Knox Manage | Cloud | Fixed | link | cisagov | 2022-01-17 | |||
| Samsung Electronics America | Knox Managed Services Provider (MSP) | Not Affected | link | cisagov | 2022-01-17 | ||||
| Samsung Electronics America | Knox Mobile Enrollment | Not Affected | link | cisagov | 2022-01-17 | ||||
| Samsung Electronics America | Knox Reseller Portal | Cloud | Fixed | link | cisagov | 2022-01-17 | |||
| Sangoma | Unknown | link | cisagov | 2022-01-12 | |||||
| SAP | Unknown | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2021-12-17 | ||||
| SAP Advanced Platform | Unknown | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2021-12-17 | ||||
| SAP BusinessObjects | Unknown | link | The support document is available to customers only and has not been reviewed by CISA | cisagov | 2021-12-17 | ||||
| SAS | Unknown | link | cisagov | 2022-01-12 | |||||
| SASSAFRAS | Unknown | link | cisagov | 2022-01-12 | |||||
| Savignano software solutions | Unknown | link | cisagov | 2022-01-12 | |||||
| SBT | SBT | <1.5.6 | Affected | link | cisagov | 2021-12-15 | |||
| ScaleComputing | Unknown | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2022-01-12 | ||||
| ScaleFusion MobileLock Pro | Unknown | link | cisagov | 2022-01-12 | |||||
| Schneider Electric | EASYFIT | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | Ecoreal XL | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | EcoStruxure IT Expert | Cloud | Fixed | cisagov | 2021-12-20 | ||||
| Schneider Electric | EcoStruxure IT Gateway | V1.5.0 to V1.13.0 | Fixed | link | cisagov | 2021-12-20 | |||
| Schneider Electric | Eurotherm Data Reviewer | V3.0.2 and prior | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | Facility Expert Small Business | Cloud | Fixed | link | cisagov | 2021-12-20 | |||
| Schneider Electric | MSE | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | NetBotz750/755 | Software versions 5.0 through 5.3.0 | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | NEW630 | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SDK BOM | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SDK-Docgen | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SDK-TNC | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SDK-UMS | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SDK3D2DRenderer | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SDK3D360Widget | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | Select and Config DATA | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SNC-API | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SNC-CMM | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SNCSEMTECH | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SPIMV3 | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SWBEditor | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | SWBEngine | Current software and earlier | Affected | link | cisagov | 2021-12-20 | |||
| Schneider Electric | Wiser by SE platform | Cloud | Fixed | cisagov | 2021-12-20 | ||||
| Schweitzer Engineering Laboratories | Unknown | link | cisagov | 2021-12-21 | |||||
| SCM Manager | Unknown | link | cisagov | 2022-01-12 | |||||
| ScreenBeam | Unknown | link | cisagov | 2022-01-12 | |||||
| SDL worldServer | Unknown | link | cisagov | 2022-01-12 | |||||
| Seagull Scientific | Unknown | link | cisagov | 2022-01-12 | |||||
| SecurePoint | Unknown | link | cisagov | 2022-01-12 | |||||
| Security Onion | Unknown | link | cisagov | 2022-01-12 | |||||
| Securonix | Extended Detection and Response (XDR) | All | Affected | link | Patching ongoing as of 12/10/2021 | cisagov | 2021-12-10 | ||
| Securonix | Next Gen SIEM | All | Affected | link | Patching ongoing as of 12/10/2021 | cisagov | 2021-12-10 | ||
| Securonix | Security Analytics and Operations Platform (SOAR) | All | Affected | link | Patching ongoing as of 12/10/2021 | cisagov | 2021-12-10 | ||
| Securonix | SNYPR Application | Unknown | link | cisagov | 2021-12-10 | ||||
| Securonix | User and Entity Behavior Analytics(UEBA) | All | Affected | link | Patching ongoing as of 12/10/2021 | cisagov | 2021-12-10 | ||
| Seeburger | Unknown | link | This advisory is available to customers only and has not been reviewed by CISA. | cisagov | 2022-01-12 | ||||
| SentinelOne | Unknown | link | cisagov | 2022-01-12 | |||||
| Sentry | Unknown | link | cisagov | 2022-01-12 | |||||
| SEP | Unknown | link | cisagov | 2022-01-12 | |||||
| Server Eye | Unknown | link | cisagov | 2022-01-12 | |||||
| ServiceNow | Unknown | link | cisagov | 2022-01-12 | |||||
| ServiceTitan | ServiceTitan | Cloud | Fixed | link | cisagov | 2022-02-07 | |||
| Shibboleth | Unknown | link | cisagov | 2022-01-12 | |||||
| Shibboleth | All Products | Not Affected | link | cisagov | 2021-12-10 | ||||
| Shopify | Unknown | link | cisagov | 2022-01-12 | |||||
| Siebel | Unknown | link | cisagov | 2022-01-12 | |||||
| Siemens | Affected Products | Unknown | link | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | cisagov | 2021-12-22 | |||
| Siemens | Affected Products | Unknown | link | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | cisagov | 2021-12-19 | |||
| Siemens Energy | Affected Products | Unknown | link | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | cisagov | 2021-12-21 | |||
| Siemens Energy | Affected Products | Unknown | link | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | cisagov | 2021-12-20 | |||
| Siemens Energy | Affected Products | Unknown | link | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | cisagov | 2021-12-16 | |||
| Siemens Healthineers | ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 | Unknown | link | If you have determined that your Atellica Data Manager has a “Java communication engine” service, and you require an immediate mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | CENTRALINK v16.0.2 / v16.0.3 | Unknown | link | If you have determined that your CentraLink has a “Java communication engine” service, and you require a mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | Cios Flow S1 / Alpha / Spin VA30 | Unknown | link | evaluation ongoing | cisagov | 2021-12-22 | |||
| Siemens Healthineers | Cios Select FD/I.I. VA21 / VA21-S3P | Unknown | link | evaluation ongoing | cisagov | 2021-12-22 | |||
| Siemens Healthineers | DICOM Proxy VB10A | Unknown | link | Workaround: remove the vulnerable class from the .jar file | cisagov | 2021-12-22 | |||
| Siemens Healthineers | go.All, Som10 VA20 / VA30 / VA40 | Unknown | link | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | go.Fit, Som10 VA30 | Unknown | link | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | go.Now, Som10 VA10 / VA20 / VA30 / VA40 | Unknown | link | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | go.Open Pro, Som10 VA30 / VA40 | Unknown | link | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | go.Sim, Som10 VA30 / VA40 | Unknown | link | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 | Unknown | link | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | go.Up, Som10 VA10 / VA20 / VA30 / VA40 | Unknown | link | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA 3T NUMARIS/X VA30A | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM Altea NUMARIS/X VA20A | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X VA31A | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM Amira NUMARIS/X VA12M | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM Free.Max NUMARIS/X VA40 | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM Lumina NUMARIS/X VA20A | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM Sempra NUMARIS/X VA12M | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM Sola fit NUMARIS/X VA20A | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM Sola NUMARIS/X VA20A | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM Vida fit NUMARIS/X VA20A | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | MAGNETOM Vida NUMARIS/X VA10A* / VA20A | Unknown | link | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A | Unknown | link | evaluation ongoing | cisagov | 2021-12-22 | |||
| Siemens Healthineers | Somatom Emotion Som5 VC50 | Unknown | link | evaluation ongoing | cisagov | 2021-12-22 | |||
| Siemens Healthineers | Somatom Scope Som5 VC50 | Unknown | link | evaluation ongoing | cisagov | 2021-12-22 | |||
| Siemens Healthineers | Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A | Unknown | link | Workaround: remove the vulnerable class from the .jar file | cisagov | 2021-12-22 | |||
| Siemens Healthineers | Syngo MobileViewer VA10A | Unknown | link | The vulnerability will be patch/mitigated in upcoming releases/patches. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 | Unknown | link | Workaround: remove the vulnerable class from the .jar file | cisagov | 2021-12-22 | |||
| Siemens Healthineers | syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 | Unknown | link | Please contact your Customer Service to get support on mitigating the vulnerability. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 | Unknown | link | Workaround: remove the vulnerable class from the .jar file | cisagov | 2021-12-22 | |||
| Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | Unknown | link | Workaround: remove the vulnerable class from the .jar file | cisagov | 2021-12-22 | |||
| Siemens Healthineers | X.Ceed Somaris 10 VA40* | Unknown | link | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | cisagov | 2021-12-22 | |||
| Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | Unknown | link | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | cisagov | 2021-12-22 | |||
| Sierra Wireless | Unknown | link | cisagov | 2022-01-12 | |||||
| Sierra Wireless | AirVantage and Octave cloud platforms | Unknown | link | These systems do not operate with the specific non-standard configuration required for CVE-2021-25046 and hence were not vulnerable to it. | cisagov | 2022-01-05 | |||
| Sierra Wireless | AM/AMM servers | Unknown | link | cisagov | 2022-01-05 | ||||
| Signald | Unknown | link | cisagov | 2022-01-12 | |||||
| Silver Peak | Orchestrator, Silver Peak GMS | Unknown | link | Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit. | cisagov | 2021-12-14 | |||
| SingleWire | Unknown | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2022-01-12 | ||||
| SISCO | Unknown | link | cisagov | 2022-01-05 | |||||
| Sitecore | Unknown | link | cisagov | 2022-01-12 | |||||
| Skillable | Unknown | link | cisagov | 2022-01-12 | |||||
| SLF4J | Unknown | link | cisagov | 2022-01-12 | |||||
| Slurm | Slurm | Not Affected | link | cisagov | 2021-12-21 | ||||
| SMA Solar Technology AG | Unknown | link | cisagov | 2022-01-05 | |||||
| SmartBear | Unknown | link | cisagov | 2022-01-12 | |||||
| SmileCDR | Unknown | link | cisagov | 2022-01-12 | |||||
| Sn0m | Unknown | link | cisagov | 2022-01-12 | |||||
| Snakemake | Snakemake | Not Affected | link | cisagov | 2021-12-21 | ||||
| Snow Software | Snow Commander | 8.1 to 8.10.2 | Fixed | link | cisagov | 2022-01-12 | |||
| Snow Software | VM Access Proxy | v3.1 to v3.6 | Fixed | link | cisagov | 2022-01-12 | |||
| Snowflake | Unknown | link | cisagov | 2022-01-12 | |||||
| Snyk | Cloud Platform | Unknown | link | cisagov | 2022-01-12 | ||||
| Software AG | Unknown | link | cisagov | 2022-01-12 | |||||
| SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | Affected | link | For more information, please see the following KB article: link | cisagov | 2021-12-23 | ||
| SolarWinds | Orion Platform | Unknown | link | cisagov | 2021-12-23 | ||||
| SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | Affected | link | For more information, please see the following KB article for the latest details specific to the SAM hotfix: link | cisagov | 2021-12-23 | ||
| SonarSource | Unknown | link | cisagov | 2022-01-12 | |||||
| Sonatype | All Products | Not Affected | link | Sonatype uses logback as the default logging solution as opposed to log4j. This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the reported log4j vulnerabilities. We still advise keeping your software upgraded at the latest version. | cisagov | 2021-12-29 | |||
| SonicWall | Access Points | Unknown | link | Log4j2 not used in the SonicWall Access Points | cisagov | 2021-12-12 | |||
| SonicWall | Analytics | Unknown | link | Under Review | cisagov | 2021-12-12 | |||
| SonicWall | Analyzer | Unknown | link | Under Review | cisagov | 2021-12-12 | |||
| SonicWall | Capture Client & Capture Client Portal | Unknown | link | Log4j2 not used in the Capture Client. | cisagov | 2021-12-12 | |||
| SonicWall | Capture Security Appliance | Unknown | link | Log4j2 not used in the Capture Security appliance. | cisagov | 2021-12-12 | |||
| SonicWall | CAS | Unknown | link | Under Review | cisagov | 2021-12-12 | |||
| SonicWall | Email Security | Unknown | link | ES 10.0.11 and earlier versions are impacted | cisagov | 2021-12-17 | |||
| SonicWall | Gen5 Firewalls (EOS) | Unknown | link | Log4j2 not used in the appliance. | cisagov | 2021-12-12 | |||
| SonicWall | Gen6 Firewalls | Unknown | link | Log4j2 not used in the appliance. | cisagov | 2021-12-12 | |||
| SonicWall | Gen7 Firewalls | Unknown | link | Log4j2 not used in the appliance. | cisagov | 2021-12-12 | |||
| SonicWall | GMS | Unknown | link | Under Review | cisagov | 2021-12-12 | |||
| SonicWall | MSW | Unknown | link | Mysonicwall service doesn't use Log4j | cisagov | 2021-12-12 | |||
| SonicWall | NSM | Unknown | link | NSM On-Prem and SaaS doesn't use a vulnerable version | cisagov | 2021-12-12 | |||
| SonicWall | SMA 100 | Unknown | link | Log4j2 not used in the SMA100 appliance. | cisagov | 2021-12-12 | |||
| SonicWall | SMA 1000 | Unknown | link | Version 12.1.0 and 12.4.1 doesn't use a vulnerable version | cisagov | 2021-12-12 | |||
| SonicWall | SonicCore | Unknown | link | SonicCore doesn't use a Log4j2 | cisagov | 2021-12-12 | |||
| SonicWall | SonicWall Switch | Unknown | link | Log4j2 not used in the SonicWall Switch. | cisagov | 2021-12-12 | |||
| SonicWall | WAF | Unknown | link | Under Review | cisagov | 2021-12-12 | |||
| SonicWall | WNM | Unknown | link | Log4j2 not used in the WNM. | cisagov | 2021-12-12 | |||
| SonicWall | WXA | Unknown | link | WXA doesn't use a vulnerable version | cisagov | 2021-12-12 | |||
| Sophos | Cloud Optix | Unknown | link | Users may have noticed a brief outage around 12:30 GMT as updates were deployed. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted. | cisagov | 2021-12-12 | |||
| Sophos | Reflexion | Unknown | link | Reflexion does not run an exploitable configuration. | cisagov | 2021-12-12 | |||
| Sophos | SG UTM (all versions) | Unknown | link | Sophos SG UTM does not use Log4j. | cisagov | 2021-12-12 | |||
| Sophos | SG UTM Manager (SUM) (all versions) | Not Affected | link | SUM does not use Log4j. | cisagov | 2021-12-12 | |||
| Sophos | Sophos Central | Unknown | link | Sophos Central does not run an exploitable configuration. | cisagov | 2021-12-12 | |||
| Sophos | Sophos Firewall (all versions) | Unknown | link | Sophos Firewall does not use Log4j. | cisagov | 2021-12-12 | |||
| Sophos | Sophos Home | Unknown | link | Sophos Home does not use Log4j. | cisagov | 2021-12-12 | |||
| Sophos | Sophos Mobile | Unknown | link | Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable configuration. | cisagov | 2021-12-12 | |||
| Sophos | Sophos Mobile EAS Proxy | < 9.7.2 | Affected | link | The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers will need to download and install version 9.7.2, available from Monday December 13, 2021, on the same machine where it is currently running. PowerShell mode is not affected. Customers can download the Standalone EAS Proxy Installer version 9.7.2 from the Sophos website. | cisagov | 2021-12-12 | ||
| Sophos | Sophos ZTNA | Unknown | link | Sophos ZTNA does not use Log4j. | cisagov | 2021-12-12 | |||
| SOS Berlin | Unknown | link | cisagov | 2022-01-12 | |||||
| Spacelabs Healthcare | ABP | Not Affected | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | CardioExpress | Not Affected | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | DM3 and DM4 Monitors | Unknown | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Eclipse Pro | Unknown | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | EVO | Unknown | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Intesys Clinical Suite (ICS) | Unknown | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Intesys Clinical Suite (ICS) Clinical Access Workstations | Unknown | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Lifescreen Pro | Unknown | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Pathfinder SL | Unknown | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Qube | Not Affected | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Qube Mini | Not Affected | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | SafeNSound | 4.3.1 | Fixed | link | Version >4.3.1 - Not Affected | cisagov | 2022-01-05 | ||
| Spacelabs Healthcare | Sentinel | Unknown | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Spacelabs Cloud | Unknown | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Ultraview SL | Not Affected | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Xhibit Telemetry Receiver (XTR) | Not Affected | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Xhibit, XC4 | Not Affected | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | XprezzNet | Not Affected | link | cisagov | 2022-01-05 | ||||
| Spacelabs Healthcare | Xprezzon | Not Affected | link | cisagov | 2022-01-05 | ||||
| Spambrella | Unknown | link | cisagov | 2022-01-12 | |||||
| Spigot | Unknown | link | cisagov | 2022-01-12 | |||||
| Splunk | Data Stream Processor | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | IT Essentials Work App ID 5403 | 4.11, 4.10.x (Cloud only), 4.9.x | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | IT Service Intelligence (ITSI) App ID 1841 | 4.11.0, 4.10.x (Cloud only), 4.9.x, 4.8.x (Cloud only), 4.7.x, 4.6.x, 4.5.x | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Add-On for Java Management Extensions App ID 2647 | 5.2.0 and older | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Add-On for Tomcat App ID 2911 | 3.0.0 and older | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Application Performance Monitoring | Current | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Connect for Kafka | All versions prior to 2.0.4 | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Enterprise (including instance types like Heavy Forwarders) | All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. See Removing Log4j from Splunk Enterprise below for guidance on unsupported versions. | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Enterprise Amazon Machine Image (AMI) | See Splunk Enterprise | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Enterprise Docker Container | See Splunk Enterprise | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Infrastructure Monitoring | Current | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Log Observer | Current | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Logging Library for Java | 1.11.0 and older | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk On-call / VictorOps | Current | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk OVA for VMWare App ID 3216 | 4.0.3 and older | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk OVA for VMWare Metrics App ID 5096 | 4.2.1 and older | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Real User Monitoring | Current | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Splunk Add-On for JBoss App ID 2954 | 3.0.0 and older | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk Synthetics | Current | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk UBA OVA Software | 5.0.3a, 5.0.0 | Affected | link | cisagov | 2021-12-30 | |||
| Splunk | Splunk VMWare OVA for ITSI App ID 4760 | 1.1.1 and older | Affected | link | cisagov | 2021-12-30 | |||
| Sprecher Automation | Unknown | link | cisagov | 2022-01-12 | |||||
| Spring | Spring Boot | Unknown | link | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | cisagov | 2022-01-12 | |||
| Spring Boot | Unknown | link | cisagov | 2022-01-12 | |||||
| StarDog | Unknown | link | cisagov | 2022-01-12 | |||||
| STERIS | Advantage | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | Advantage Plus | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO 2000 SERIES WASHER DISINFECTORS | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO 3000 SERIES WASHER DISINFECTORS | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO 400 MEDIUM STEAM STERILIZER | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO 400 SMALL STEAM STERILIZERS | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO 5000 SERIES WASHER DISINFECTORS | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO 600 MEDIUM STEAM STERILIZER | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO 7000 SERIES WASHER DISINFECTORS | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO CENTURY MEDIUM STEAM STERILIZER | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO CENTURY SMALL STEAM STERILIZER | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | AMSCO EVOLUTION MEDIUM STEAM STERILIZER | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | Canexis 1.0 | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | CELERITY HP INCUBATOR | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | CELERITY STEAM INCUBATOR | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | CER Optima | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | Clarity Software | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | Connect Software | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | ConnectAssure Technology | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | ConnectoHIS | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | CS-iQ Sterile Processing Workflow | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | DSD Edge | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | DSD-201, | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | EndoDry | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | Endora | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | Harmony iQ Integration Systems | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | Harmony iQ Perspectives Image Management System | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | HexaVue | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | HexaVue Integration System | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | IDSS Integration System | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | RapidAER | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | ReadyTracker | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | RealView Visual Workflow Management System | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | RELIANCE 444 WASHER DISINFECTOR | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | RELIANCE SYNERGY WASHER DISINFECTOR | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | Renatron | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | ScopeBuddy+ | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | SecureCare ProConnect Technical Support Services | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | Situational Awareness for Everyone Display (S.A.F.E.) | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | SPM Surgical Asset Tracking Software | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM | Unknown | link | cisagov | 2021-12-22 | ||||
| STERIS | VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS | Unknown | link | cisagov | 2021-12-22 | ||||
| Sterling Order IBM | Unknown | link | cisagov | 2022-01-12 | |||||
| Storagement | Unknown | link | cisagov | 2022-01-12 | |||||
| StormShield | Unknown | link | cisagov | 2022-01-12 | |||||
| StrangeBee TheHive & Cortex | Unknown | link | cisagov | 2022-01-12 | |||||
| Stratodesk | Unknown | link | cisagov | 2022-01-12 | |||||
| Strimzi | Unknown | link | cisagov | 2022-01-12 | |||||
| Stripe | Unknown | link | cisagov | 2022-01-12 | |||||
| Styra | Unknown | link | cisagov | 2022-01-12 | |||||
| Sumologic | Unknown | link | cisagov | 2022-01-12 | |||||
| SumoLogic | Unknown | link | cisagov | 2022-01-12 | |||||
| Superna EYEGLASS | Unknown | link | cisagov | 2022-01-12 | |||||
| Suprema Inc | Unknown | link | cisagov | 2022-01-12 | |||||
| SUSE | Unknown | link | cisagov | 2022-01-12 | |||||
| Sweepwidget | Unknown | link | cisagov | 2022-01-12 | |||||
| Swyx | Unknown | link | cisagov | 2022-01-12 | |||||
| Synchro MSP | Unknown | link | cisagov | 2022-01-12 | |||||
| Syncplify | Unknown | link | cisagov | 2022-01-12 | |||||
| Synology | Unknown | link | cisagov | 2022-01-12 | |||||
| Synopsys | Unknown | link | cisagov | 2022-01-12 | |||||
| Syntevo | Unknown | link | cisagov | 2022-01-12 | |||||
| SysAid | Unknown | link | cisagov | 2022-01-12 | |||||
| Sysdig | Unknown | link | cisagov | 2022-01-12 |