1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 16:40:48 +00:00
A community sourced list of log4j-affected software
Find a file
2021-12-13 13:58:12 -05:00
.github/ISSUE_TEMPLATE Update issue template for product submission 2021-12-13 13:58:12 -05:00
README.md Update Not Affected description 2021-12-13 13:52:25 -05:00

CISA Log4j (CVE-2021-44228) Vulnerability Guidance

This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.

Official CISA Guidance & Resources:
CISA Director Jen Easterly's Statement: Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alert: Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
National Vulnerability Database (NVD) Information: CVE-2021-44228

CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability.

Status

Status Description
Unknown Status unknown. Default choice.
Affected Reported to be affected by CVE-2021-44228.
Not Affected Reported to NOT be affected by CVE-2021-44228 and no further action necessary.
Fixed Patch and/or mitigations available (see provided links).
Under Investigation Vendor investigating status.

Software List

Vendor Product Version Status Update Available Notes References Last Updated
Sample-Vendor Product-A 1.15.0 Affected Yes/No Link <Statement by vendor, vuln note, etc.> Link Here 12/11/2021