1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-16 22:07:55 +00:00
log4j-affected-db/README.md
Alexander King 3572862154
Update README.md
Add affected products from NCSC
2021-12-14 09:45:56 -05:00

211 KiB

CISA Log4j (CVE-2021-44228) Vulnerability Guidance

This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.

Official CISA Guidance & Resources:
CISA Director Jen Easterly's Statement: Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alert: Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
National Vulnerability Database (NVD) Information: CVE-2021-44228

CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the log4j vulnerability, please feel free to open an issue here. We have a template available for your submission. Please also feel free to submit a pull request.

Status Descriptions

Status Description
Unknown Status unknown. Default choice.
Affected Reported to be affected by CVE-2021-44228.
Not Affected Reported to NOT be affected by CVE-2021-44228 and no further action necessary.
Fixed Patch and/or mitigations available (see provided links).
Under Investigation Vendor investigating status.

Software List

R

Vendor Product Version Status Update Available Vendor Link Notes Other References Last Updated
AIL AIL all Not vuln - source
- 12/14/21
Apache Cassandra all Not vuln - source - 12/14/21
Apache Druid 0.22.1 Fix - source - 12/14/21
Apache Flink 1.15.0, 1.14.1, 1.13.4 Fix - source - 12/14/21
Apache Log4j 2.15.0 Fix - source - 12/14/21
Apache Kafka Unknown Workaround/Vulnerable - source Only vulnerable in certain configuration - 12/14/21
Apache SOLR 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 Fix - source Versions before 7.4 also vulnerable when using several configurations - 12/14/21
Apache Tika 2.0.0 and up Vulnerable - source - 12/14/21
Apache Tomcat Not vuln - source - 12/14/21
Apache Zookeeper Not vuln - source Zookeeper uses Log4j 1.2 version - 12/14/21
Apereo CAS 6.3.x & 6.4.x Fix - source Other versions still in active maintainance might need manual inspection - 12/14/21
Apereo Opencast < 9.10, < 10.6 Fix - source - 12/14/21
Apigee Edge and OPDK products All version Not vuln - source - 12/14/21
Aptible Aptible ElasticSearch 5.x Fix - source - 12/14/21
Atlassian Jira Server & Data Center On prem Vulnerable - source Only vulnerable when using non-default config, cloud version still under investigation - 12/14/21
Atlassian Confluence Server & Data Center On prem Vulnerable - source Only vulnerable when using non-default config, cloud version still under investigation - 12/14/21
Atlassian Bamboo Server & Data Center On prem Vulnerable - source Only vulnerable when using non-default config, cloud version still under investigation - 12/14/21
Atlassian Crowd Server & Data Center On prem Vulnerable - source Only vulnerable when using non-default config, cloud version still under investigation - 12/14/21
Atlassian Fisheye On prem Vulnerable - source Only vulnerable when using non-default config, cloud version still under investigation - 12/14/21
Atlassian Crucible On prem Vulnerable - source Only vulnerable when using non-default config, cloud version still under investigation - 12/14/21
Amazon EC2 Amazon Linux 1 & 2 Vulnerable - source Default packages not vulnerable - 12/14/21
Amazon OpenSearch Unknown Fix - source - 12/14/21
Amazon AWS Lambda Unknown Fix - source Vulnerable when using aws-lambda-java-log4j2 - 12/14/21
Amazon AWS CloudHSM < 3.4.1. Fix - source - 12/14/21
Azure Data lake store java < 2.3.10 Fix - source - 12/14/21
APC PowerChute Business Edition Unknow to 10.0.2.301 Vulnerable - - 12/14/21
APC PowerChute Network Shutdown Unknow to 4.2.0 Vulnerable - - 12/14/21
Akamai Siem Splunk Connector Unknown to latest Vulnerable -
source - 12/14/21
Avaya -
source - 12/14/21
Backblaze Cloud N/A (SaaS) Fix - source Cloud service patched - 12/14/21
BigBlueButton BigBlueButton Unknown Not vuln - source - 12/14/21
Bitdefender GravityZone On-Premises Unknown Not vuln - source - 12/14/21
Bitnami Unknown Unknown Fix - source - 12/14/21
Brian Pangburn SwingSet < 4.0.6 Fix - source - 12/14/21
Broadcom CA Advanced Protection 9.1 & 9.1.01 Workaround - source - 12/14/21
Broadcom Symantec Endpoint Protection Manager (SEPM) 14.3 Workaround - source - 12/14/21
Broadcom Advanced Secure Gateway (ASG) Unknown Investigation - source - 12/14/21
Broadcom BCAAA Unknown Investigation - source - 12/14/21
Broadcom Content Analysis (CA)(SEPM) Unknown Investigation - source - 12/14/21
Broadcom Cloud Workload Protection (CWP) Unknown Investigation - source - 12/14/21
Broadcom Cloud Workload Protection for Storage (CWP:S) Unknown Investigation - source - 12/14/21
Broadcom Critical System Protection (CSP) Unknown Investigation - source - 12/14/21
Broadcom Email Security Service (ESS) Unknown Investigation - source - 12/14/21
Broadcom HSM Agent Unknown Investigation - source - 12/14/21
Broadcom Industrial Control System Protection (ICSP) Unknown Investigation - source - 12/14/21
Broadcom Integrated Cyber Defense Manager (ICDm) Unknown Investigation - source - 12/14/21
Broadcom Integrated Secure Gateway (ISG) Unknown Investigation - source - 12/14/21
Broadcom Layer7 API Developer Portal Unknown Investigation - source - 12/14/21
Broadcom Management Center (MC) Unknown Investigation - source - 12/14/21
Broadcom PacketShaper (PS) S-Series Unknown Investigation - source - 12/14/21
Broadcom PolicyCenter (PC) S-Series Unknown Investigation - source - 12/14/21
Broadcom Privileged Access Manager Unknown Investigation - source - 12/14/21
Broadcom Privileged Access Manager Server Control Unknown Investigation - source - 12/14/21
Broadcom Privileged Identity Manager Unknown Investigation - source - 12/14/21
Broadcom Reporter Unknown Investigation - source - 12/14/21
Broadcom Secure Access Cloud (SAC) Unknown Investigation - source - 12/14/21
Broadcom SiteMinder (CA Single Sign-On) Unknown Investigation - source - 12/14/21
Broadcom SSL Visibility (SSLV) Unknown Investigation - source - 12/14/21
Broadcom Symantec Endpoint Detection and Response (EDR) Unknown Investigation - source - 12/14/21
Broadcom Symantec Endpoint Encryption (SEE) Unknown Investigation - source - 12/14/21
Broadcom Symantec Endpoint Protection (SEP) Unknown Investigation - source - 12/14/21
Broadcom Symantec Endpoint Protection (SEP) for Mobile Unknown Investigation - source - 12/14/21
Broadcom Symantec Mail Security for Microsoft Exchange (SMSMSE) Unknown Investigation - source - 12/14/21
Broadcom Symantec Messaging Gateway (SMG) Unknown Investigation - source - 12/14/21
Broadcom Symantec Protection Engine (SPE) Unknown Investigation - source - 12/14/21
Broadcom Symantec Protection for SharePoint Servers (SPSS) Unknown Investigation - source - 12/14/21
Broadcom VIP Authentication Hub Unknown Investigation - source - 12/14/21
Broadcom Web Isolation (WI) Unknown Investigation - source - 12/14/21
Broadcom Web Security Service (WSS)) Unknown Investigation - source - 12/14/21
Broadcom WebPulse Unknown Investigation - source - 12/14/21
Broadcom CloudSOC Cloud Access Security Broker (CASB) Unknown Not vuln - source - 12/14/21
Broadcom Symantec Control Compliance Suite (CCS) Unknown Not vuln - source - 12/14/21
Broadcom Data Center Security (DCS) Unknown Not vuln - source - 12/14/21
Broadcom Data Loss Prevention (DLP) Unknown Not vuln - source - 12/14/21
Broadcom Ghost Solution Suite (GSS) Unknown Not vuln - source - 12/14/21
Broadcom IT Management Suite Unknown Not vuln - source - 12/14/21
Broadcom Layer7 API Gateway Unknown Not vuln - source - 12/14/21
Broadcom Layer7 Mobile API Gateway Unknown Not vuln - source - 12/14/21
Broadcom ProxySG Unknown Not vuln - source - 12/14/21
Broadcom Security Analytics (SA) Unknown Not vuln - source - 12/14/21
Broadcom Symantec Directory Unknown Not vuln - source - 12/14/21
Broadcom Symantec Identity Governance and Administration (IGA) Unknown Not vuln - source - 12/14/21
Broadcom Symantec PGP Solutions Unknown Not vuln - source - 12/14/21
Broadcom VIP Unknown Not vuln - source - 12/14/21
Carbon Black Cloud Workload Appliance Unknown Mitigation - source More information on pages linked bottom of blogpost (behind login) - 12/14/21
Carbon Black EDR Servers Unknown Mitigation - source More information on pages linked bottom of blogpost (behind login) - 12/14/21
Cerberus FTP Unknown Not vuln - source - 12/14/21
Cerebrate Cerebrate All Not vuln - source - 12/14/21
Checkpoint Quantum Security Gateway Unknown Not vuln - source - 12/14/21
Checkpoint Quantum Security Management Unknown Not vuln - source - 12/14/21
Checkpoint CloudGuard Unknown Not vuln - source - 12/14/21
Checkpoint Infinity Portal Unknown Not vuln - source - 12/14/21
Checkpoint Harmony Endpoint & Harmony Mobile Unknown Not vuln - source - 12/14/21
Checkpoint SMB Unknown Not vuln - source - 12/14/21
Checkpoint ThreatCloud Unknown Not vuln - source - 12/14/21
Chef Infra Server All Not vuln - source - 12/14/21
Chef Automate All Not vuln - source - 12/14/21
Chef Backend All Not vuln - source - 12/14/21
Cisco General Cisco Disclaimer Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly - - 12/14/21
Cisco AnyConnect Secure Mobility Client All versions Not vuln - source - 12/14/21
Cisco Cisco SocialMiner All versions Not vuln - source - 12/14/21
Cisco Cisco Extensible Network Controller (XNC) Unknown Investigation - source - 12/14/21
Cisco Cisco Nexus Data Broker Unknown Investigation - source - 12/14/21
Cisco Cisco Nexus Insights Unknown Investigation - source - 12/14/21
Cisco Cisco Wide Area Application Services (WAAS) All versions Not vuln - source - 12/14/21
Cisco Cisco AMP Virtual Private Cloud Appliance Unknown Investigation - source - 12/14/21
Cisco Cisco Adaptive Security Appliance (ASA) Software Unknown Investigation - source - 12/14/21
Cisco Cisco Advanced Web Security Reporting Application Unknown Investigation - source - 12/14/21
Cisco Cisco Content Security Management Appliance (SMA) Unknown Not vuln - source - 12/14/21
Cisco Cisco Email Security Appliance (ESA) Unknown Not vuln - source - 12/14/21
Cisco Cisco Firepower 4100 Series Unknown Investigation - source - 12/14/21
Cisco Cisco Firepower 9300 Security Appliances Unknown Investigation - source - 12/14/21
Cisco Cisco Firepower Management Center Unknown Investigation - source - 12/14/21
Cisco Cisco Firepower Threat Defense (FTD) Unknown Investigation - source - 12/14/21
Cisco Cisco Identity Services Engine (ISE) Unknown Vulnerable - source - 12/14/21
Cisco Cisco Web Security Appliance (WSA) Unknown Not vuln - source - 12/14/21
Cisco Cisco ACI Multi-Site Orchestrator Unknown Investigation - source - 12/14/21
Cisco Cisco Application Policy Infrastructure Controller (APIC) Unknown Investigation - source - 12/14/21
Cisco Cisco CloudCenter Suite Admin Unknown Investigation - source - 12/14/21
Cisco Cisco CloudCenter Workload Manager Unknown Investigation - source - 12/14/21
Cisco Cisco Connected Grid Device Manager Unknown Investigation - source - 12/14/21
Cisco Cisco Connected Mobile Experiences Unknown Not vuln - source - 12/14/21
Cisco Cisco Crosswork Change Automation Unknown Investigation - source - 12/14/21
Cisco Cisco DNA Assurance Unknown Investigation - source - 12/14/21
Cisco Cisco Data Center Network Manager (DCNM) Unknown Investigation - source - 12/14/21
Cisco Cisco Elastic Services Controller (ESC) Unknown Not vuln - source - 12/14/21
Cisco Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) Unknown Investigation - source - 12/14/21
Cisco Cisco Modeling Labs Unknown Investigation - source - 12/14/21
Cisco Cisco Network Planner Unknown Investigation - source - 12/14/21
Cisco Cisco Network Services Orchestrator (NSO) Unknown Investigation - source - 12/14/21
Cisco Cisco Nexus Dashboard (formerly Cisco Application Services Engine) <2.1.2 Vulnerable - source Patch expected 7-jan-2022 - 12/14/21
Cisco Cisco Optical Network Planner Unknown Investigation - source - 12/14/21
Cisco Cisco Policy Suite Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Central for Service Providers Unknown Investigation - source - 12/14/21
Cisco Cisco Prime Collaboration Assurance Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Collaboration Manager Unknown Investigation - source - 12/14/21
Cisco Cisco Prime Collaboration Provisioning Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Infrastructure Unknown Investigation - source - 12/14/21
Cisco Cisco Prime License Manager Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Network Registrar Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Optical for Service Providers Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Provisioning Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Service Catalog Unknown Investigation - source - 12/14/21
Cisco Cisco UCS Performance Manager Unknown Investigation - source - 12/14/21
Cisco Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM Unknown Investigation - source - 12/14/21
Cisco Cisco WAN Automation Engine (WAE) Unknown Investigation - source - 12/14/21
Cisco Cisco ACI Virtual Edge Unknown Investigation - source - 12/14/21
Cisco Cisco ASR 5000 Series Routers Unknown Not vuln - source - 12/14/21
Cisco Cisco DNA Center Unknown Investigation - source - 12/14/21
Cisco Cisco Enterprise NFV Infrastructure Software (NFVIS) Unknown Investigation - source - 12/14/21
Cisco Cisco GGSN Gateway GPRS Support Node Unknown Not vuln - source - 12/14/21
Cisco Cisco IOS and IOS XE Software Unknown Investigation - source - 12/14/21
Cisco Cisco IOx Fog Director Unknown Investigation - source - 12/14/21
Cisco Cisco IP Services Gateway (IPSG) Unknown Not vuln - source - 12/14/21
Cisco Cisco MDS 9000 Series Multilayer Switches Unknown Investigation - source - 12/14/21
Cisco Cisco MME Mobility Management Entity Unknown Not vuln - source - 12/14/21
Cisco Cisco Mobility Unified Reporting and Analytics System Unknown Not vuln - source - 12/14/21
Cisco Cisco Network Assurance Engine Unknown Investigation - source - 12/14/21
Cisco Cisco Network Convergence System 2000 Series Unknown Investigation - source - 12/14/21
Cisco Cisco Nexus 5500 Platform Switches Unknown Investigation - source - 12/14/21
Cisco Cisco Nexus 5600 Platform Switches Unknown Investigation - source - 12/14/21
Cisco Cisco Nexus 6000 Series Switches Unknown Investigation - source - 12/14/21
Cisco Cisco Nexus 7000 Series Switches Unknown Investigation - source - 12/14/21
Cisco Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode Unknown Investigation - source - 12/14/21
Cisco Cisco PDSN/HA Packet Data Serving Node and Home Agent Unknown Not vuln - source - 12/14/21
Cisco Cisco PGW Packet Data Network Gateway Unknown Not vuln - source - 12/14/21
Cisco Cisco SD-WAN vEdge 1000 Series Routers Unknown Not vuln - source - 12/14/21
Cisco Cisco SD-WAN vEdge 2000 Series Routers Unknown Not vuln - source - 12/14/21
Cisco Cisco SD-WAN vEdge 5000 Series Routers Unknown Not vuln - source - 12/14/21
Cisco Cisco SD-WAN vEdge Cloud Router Platform Unknown Not vuln - source - 12/14/21
Cisco Cisco SD-WAN vManage Unknown Investigation - source - 12/14/21
Cisco Cisco Secure Network Analytics (SNA), formerly Stealthwatch Unknown Investigation - source - 12/14/21
Cisco Cisco System Architecture Evolution Gateway (SAEGW) Unknown Not vuln - source - 12/14/21
Cisco Cisco HyperFlex System Unknown Investigation - source - 12/14/21
Cisco Cisco UCS Manager Unknown Not vuln - source - 12/14/21
Cisco Cisco BroadWorks Unknown Investigation - source - 12/14/21
Cisco Cisco Broadcloud Calling Unknown Investigation - source - 12/14/21
Cisco Cisco Computer Telephony Integration Object Server (CTIOS) Unknown Investigation - source - 12/14/21
Cisco Cisco Contact Center Domain Manager (CCDM) Unknown Investigation - source - 12/14/21
Cisco Cisco Contact Center Management Portal (CCMP) Unknown Investigation - source - 12/14/21
Cisco Cisco Emergency Responder Unknown Not vuln - source - 12/14/21
Cisco Cisco Enterprise Chat and Email Unknown Investigation - source - 12/14/21
Cisco Cisco Finesse Unknown Investigation - source - 12/14/21
Cisco Cisco Packaged Contact Center Enterprise Unknown Investigation - source - 12/14/21
Cisco Cisco Paging Server (InformaCast) Unknown Investigation - source - 12/14/21
Cisco Cisco Paging Server Unknown Investigation - source - 12/14/21
Cisco Cisco Unified Attendant Console Advanced Unknown Investigation - source - 12/14/21
Cisco Cisco Unified Attendant Console Business Edition Unknown Investigation - source - 12/14/21
Cisco Cisco Unified Attendant Console Department Edition Unknown Investigation - source - 12/14/21
Cisco Cisco Unified Attendant Console Enterprise Edition Unknown Investigation - source - 12/14/21
Cisco Cisco Unified Attendant Console Premium Edition Unknown Investigation - source - 12/14/21
Cisco Cisco Unified Contact Center Enterprise Unknown Investigation - source - 12/14/21
Cisco Cisco Unified Contact Center Express Unknown Investigation - source - 12/14/21
Cisco Cisco Unified Customer Voice Portal Unknown Not vuln - source - 12/14/21
Cisco Cisco Unified Intelligent Contact Management Enterprise Unknown Investigation - source - 12/14/21
Cisco Cisco Unified SIP Proxy Software Unknown Investigation - source - 12/14/21
Cisco Cisco Virtualized Voice Browser Unknown Investigation - source - 12/14/21
Cisco Exony Virtualized Interaction Manager (VIM) Unknown Investigation - source - 12/14/21
Cisco Cisco Expressway Series Unknown Not vuln - source - 12/14/21
Cisco Cisco Meeting Server Unknown Investigation - source - 12/14/21
Cisco Cisco TelePresence Management Suite Unknown Investigation - source - 12/14/21
Cisco Cisco TelePresence Video Communication Server (VCS) Unknown Not vuln - source - 12/14/21
Cisco Cisco Vision Dynamic Signage Director Unknown Investigation - source - 12/14/21
Cisco Cisco Mobility Services Engine Unknown Investigation - source - 12/14/21
Cisco Cisco CX Cloud Agent Software Unknown Investigation - source - 12/14/21
Cisco Cisco Cloud Email Security Unknown Investigation - source - 12/14/21
Cisco Cisco Cognitive Intelligence Unknown Investigation - source - 12/14/21
Cisco Cisco Common Services Platform Collector Unknown Investigation - source - 12/14/21
Cisco Cisco Connectivity Unknown Investigation - source - 12/14/21
Cisco Cisco DNA Spaces Unknown Investigation - source - 12/14/21
Cisco Cisco Defense Orchestrator Unknown Investigation - source - 12/14/21
Cisco Cisco Intersight Unknown Investigation - source - 12/14/21
Cisco Cisco IoT Operations Dashboard Unknown Investigation - source - 12/14/21
Cisco Cisco Kinetic for Cities Unknown Investigation - source - 12/14/21
Cisco Cisco Network Assessment (CNA) Tool Unknown Investigation - source - 12/14/21
Cisco Cisco Umbrella Unknown Investigation - source - 12/14/21
Cisco Managed Services Accelerator (MSX) Network Access Control Service Unknown Investigation - source - 12/14/21
Cisco AppDynamics <21.12.0 Fix - source - 12/14/21
Cisco Cisco Webex Meetings Server Unknown Vulnerable - source - 12/14/21
Cisco Cisco Evolved Programmable Network Manager Unknown Vulnerable - source - 12/14/21
Cisco Cisco Integrated Management Controller (IMC) Supervisor Unknown Vulnerable - source - 12/14/21
Cisco Cisco Intersight Virtual Appliance Unknown Vulnerable - source - 12/14/21
Cisco Cisco UCS Director Unknown Vulnerable - source - 12/14/21
Cisco Cisco Unified Contact Center Enterprise - Live Data server Unknown Vulnerable - source - 12/14/21
Cisco Cisco Video Surveillance Operations Manager Unknown Vulnerable - source - 12/14/21
Cisco Cisco Unified Communications Manager Cloud Unknown Vulnerable - source - 12/14/21
Cisco Cisco Webex Cloud-Connected UC (CCUC) Unknown Vulnerable - source - 12/14/21
Cisco Duo Unknown Fix - source - 12/14/21
Cisco Cisco Jabber Guest All versions Not vuln - source - 12/14/21
Cisco Cisco Cloud Services Platform 2100 All versions Not vuln - source - 12/14/21
Cisco Cisco Cloud Services Platform 5000 Series All versions Not vuln - source - 12/14/21
Cisco Cisco Tetration Analytics All versions Not vuln - source - 12/14/21
Cisco Cisco Adaptive Security Device Manager Unknown Not vuln - source - 12/14/21
Cisco Cisco Registered Envelope Service Unknown Not vuln - source - 12/14/21
Cisco Cisco Business Process Automation Unknown Not vuln - source - 12/14/21
Cisco Cisco CloudCenter Action Orchestrator Unknown Not vuln - source - 12/14/21
Cisco Cisco Container Platform Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Access Registrar Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Cable Provisioning Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Collaboration Deployment Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime IP Express Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Network Registrar Unknown Not vuln - source - 12/14/21
Cisco Cisco Prime Performance Manager Unknown Not vuln - source - 12/14/21
Cisco Cisco Security Manager Unknown Not vuln - source - 12/14/21
Cisco Cisco UCS Central Software Unknown Not vuln - source - 12/14/21
Cisco Cisco IOS XR Software Unknown Not vuln - source - 12/14/21
Cisco Cisco Nexus 3000 Series Switches Unknown Not vuln - source - 12/14/21
Cisco Cisco Nexus 9000 Series Switches in standalone NX-OS mode Unknown Not vuln - source - 12/14/21
Cisco Cisco UCS C-Series Rack Servers - Integrated Management Controller Unknown Not vuln - source - 12/14/21
Cisco Cisco Hosted Collaboration Mediation Fulfillment Unknown Not vuln - source - 12/14/21
Cisco Cisco Unified Communications Domain Manager Unknown Not vuln - source - 12/14/21
Cisco Cisco Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition Unknown Not vuln - source - 12/14/21
Cisco Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) Unknown Not vuln - source - 12/14/21
Cisco Cisco Unified Intelligence Center Unknown Not vuln - source - 12/14/21
Cisco Cisco Unity Connection Unknown Not vuln - source - 12/14/21
Cisco Cisco Unity Express Unknown Not vuln - source - 12/14/21
Cisco Cisco Ultra Packet Core Unknown Not vuln - source - 12/14/21
Cisco Cisco Smart Software Manager On-Prem Unknown Not vuln - source - 12/14/21
CIS-CAT CIS-CAT Pro Assessor 4.12.0 and below Vulnerable - [proof] (https://ibb.co/98kyxqK) Found by manual scanning - 12/14/21
Citrix NetScaler ADC Unknown Investigation - source Implementation not using WlonNS feature, is not impacted - 12/14/21
Citrix NetScaler Gateway Unknown Investigation - source - 12/14/21
Citrix Analytics Unknown Investigation - source - 12/14/21
Citrix Application Delivery Management (NetScaler MAS) Unknown Not vuln - source - 12/14/21
Citrix Hypervisor (XenServer) Unknown Not Vuln - source - 12/14/21
Citrix SD-WAN Unknown Investigation - source - 12/14/21
Citrix Virtual Apps and Desktops (XenApp & XenDesktop) Unknown Investigation - source - 12/14/21
Citrix Workspace Unknown Investigation - source - 12/14/21
Citrix Workspace App Unknown Not vuln - source - 12/14/21
Citrix Sharefile Unknown Investigation - source - 12/14/21
cPanel cPanel Unknown Mitigation - source - 12/14/21
Commvault All products All versions Not vulnerable - source - 12/14/21
Commvault Cloud Apps & Oracle & MS-SQL All supported versions vulnerable - source - 12/14/21
Connect2id Connect2id server < 12.5.1 Fix - source - 12/14/21
Connectwise Perch Unknown Fix - source - 12/14/21
Connectwise Manage on-premise's Global Search Unknown Mitigation - source - 12/14/21
Connectwise Marketplace Unknown Mitigation - source - 12/14/21
Connectwise Global search capability of Manage Cloud Unknown Mitigation - source - 12/14/21
Connectwise StratoZen Unknown Mitigation - source Urgent action for self-hosted versions - 12/14/21
Contrast Hosted SaaS Enviroments All Fix - source - 12/14/21
Contrast On-premises (EOP) Environments All Fix/Mitigation - source - 12/14/21
Contrast Java Agent All Not vuln - source - 12/14/21
Contrast Scan All Fix - source - 12/14/21
ControlUp All products All versions Fix - source - 12/14/21
Coralogix Coralogix Unknown Fix - source - 12/14/21
Couchbase Couchbase ElasticSearch connector < 4.3.3 & 4.2.13 Fix - source - 12/14/21
Cryptshare Cryptshare Server All Not vuln - source - 12/14/21
Cryptshare Cryptshare for Outlook All Not vuln - source - 12/14/21
Cryptshare Cryptshare for Notes All Not vuln - source - 12/14/21
Cryptshare Cryptshare for NTA 7516 All Not vuln - source - 12/14/21
Cryptshare Cryptshare .NET API All Not vuln - source - 12/14/21
Cryptshare Cryptshare Java API All Not vuln - source - 12/14/21
Cryptshare Cryptshare Robot All Not vuln - source - 12/14/21
Cyberark PAS Self Hosted Not Vuln - source - 12/14/21
Cybereason All Cybereason products Unknown Not vuln - source - 12/14/21
DatadogHQ Datadog Agent 6 < 6.32.2, 7 < 7.32.2 Fix/workaround - source JMX monitoring component leverages an impacted version of log4j - 12/14/21
Datto All Datto products Unknown Not vuln - source - 12/14/21
Debian Apache-log4j.1.2 stretch, buster, bullseye Fix - source - 12/14/21
Debian Apache-log4j2 stretch, buster, bullseye Fix - source - 12/14/21
Dell BSAFE Crypto-C Micro Edition Unknown Not vuln - source - 12/14/21
Dell BSAFE Crypto-J Unknown Not vuln - source - 12/14/21
Dell BSAFE Micro Edition Suite Unknown Not vuln - source - 12/14/21
Dell Centera Unknown Not vuln - source - 12/14/21
Dell Chassis Management Controller (CMC) Unknown Not vuln - source - 12/14/21
Dell Cloudlink Unknown Not vuln - source - 12/14/21
Dell Cloud Mobility for Dell EMC Storage Unknown Not vuln - source - 12/14/21
Dell Data Domain OS Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell Disk Library for Mainframe Unknown Not vuln - source - 12/14/21
Dell Embedded NAS Unknown Not vuln - source - 12/14/21
Dell EMC Cloud Disaster Recovery Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell EMC DataIQ Unknown Not vuln - source - 12/14/21
Dell EMC ECS Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell EMC Integrated System for Microsoft Azure Stack Hub Unknown Not vuln - source - 12/14/21
Dell EMC License Manager Unknown Not vuln - source - 12/14/21
Dell EMC NetWorker Unknown Investigation - source - 12/14/21
Dell EMC Networking Onie Unknown Not vuln - source - 12/14/21
Dell EMC ObjectScale Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell EMC PowerFlex Appliance Unknown Not vuln - source - 12/14/21
Dell EMC PowerFlex Manager Unknown Investigation - source - 12/14/21
Dell EMC PowerFlex Rack Unknown Not vuln - source - 12/14/21
Dell EMC PowerMax Unknown Not vuln - source - 12/14/21
Dell EMC PowerPath Management Appliance Unknown Investigation - source - 12/14/21
Dell EMC PowerPath Unknown Investigation - source - 12/14/21
Dell EMC PowerProtect Cyber Recovery Unknown Investigation - source - 12/14/21
Dell EMC PowerProtect Data Manager Unknown Investigation - source - 12/14/21
Dell EMC PowerProtect DP Series Appliance (iDPA) Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell EMC PowerScale OneFS Unknown Not vuln - source - 12/14/21
Dell EMC PowerShell for PowerMax Unknown Investigation - source - 12/14/21
Dell EMC PowerShell for Powerstore Unknown Investigation - source - 12/14/21
Dell EMC PowerShell for Unity Unknown Investigation - source - 12/14/21
Dell EMC PowerStore Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell EMC PowerSwitch Z9264F-ON BMC, Dell EMC PowerSwitch Z9432F-ON BMC Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell EMC RecoverPoint Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell EMC Repository Manager (DRM) Unknown Investigation - source - 12/14/21
Dell EMC SourceOne Unknown Investigation - source - 12/14/21
Dell EMC SRM vApp Unknown Investigation - source - 12/14/21
Dell EMC Streaming Data Platform Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell EMC Systems Update (DSU) Unknown Investigation - source - 12/14/21
Dell EMC Unity Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell EMC Virtual Storage Integrator Unknown Investigation - source - 12/14/21
Dell EMC VPLEX Unknown Investigation - source - 12/14/21
Dell EMC VxRail Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell EMC XtremIO Unknown Investigation - source - 12/14/21
Dell Enterprise Hybrid Cloud Unknown Investigation - source - 12/14/21
Dell GeoDrive Unknown Investigation - source - 12/14/21
Dell Hybrid Client (DHC) Unknown Not vuln - source - 12/14/21
Dell ImageAssist Unknown Not vuln - source - 12/14/21
Dell Insight IQ Unknown Not vuln - source - 12/14/21
Dell Integrated Dell Remote Access Controller (iDRAC) Unknown Not vuln - source - 12/14/21
Dell IsilonSD Management Server Unknown Investigation - source - 12/14/21
Dell Mainframe Enablers Unknown Investigation - source - 12/14/21
Dell MyDell Mobile Unknown Not vuln - source - 12/14/21
Dell NetWorker Management Console Unknown Investigation - source - 12/14/21
Dell NetWorker MM for Hyper-V Unknown Investigation - source - 12/14/21
Dell Networking N-Series Unknown Investigation - source - 12/14/21
Dell Networking OS9 Unknown Not vuln - source - 12/14/21
Dell Networking OS Unknown Not vuln - source - 12/14/21
Dell Networking SD-WAN Edge Unknown Investigation - source - 12/14/21
Dell Networking W-Series Unknown Investigation - source - 12/14/21
Dell Networking X-Series Unknown Investigation - source - 12/14/21
Dell OMIMSSC (OpenManage Integration for Microsoft System Center) Unknown Investigation - source - 12/14/21
Dell OpenManage Change Management Unknown Investigation - source - 12/14/21
Dell OpenManage Enterprise Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell OpenManage Integration for Microsoft System Center for System Center Operations Manager Unknown Not vuln - source - 12/14/21
Dell OpenManage Integration with Microsoft Windows Admin Center Unknown Investigation - source - 12/14/21
Dell Open Management Enterprise - Modular Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell Open Manage Mobile Unknown Not vuln - source - 12/14/21
Dell OpenManage Network Integration Unknown Not vuln - source - 12/14/21
Dell Open Manage Server Administrator Unknown Investigation - source - 12/14/21
Dell PowerEdge BIOS Unknown Not vuln - source - 12/14/21
Dell Remotely Anywhere Unknown Not vuln - source - 12/14/21
Dell Secure Connect Gateway (SCG) 5.0 Appliance Unknown Not vuln - source - 12/14/21
Dell Smart Fabric Storage Software Unknown Not vuln - source - 12/14/21
Dell Solutions Enabler Unknown Not vuln - source - 12/14/21
Dell Sonic Unknown Not vuln - source - 12/14/21
Dell SRS Policy Manager Unknown Investigation - source - 12/14/21
Dell SRS VE Unknown Not vuln - source - 12/14/21
Dell SupportAssist Client Commercial Unknown Not vuln - source - 12/14/21
Dell SupportAssist Client Consumer Unknown Not vuln - source - 12/14/21
Dell SupportAssist Enterprise Unknown Investigation - source - 12/14/21
Dell Unisphere Central Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell Unisphere for PowerMax Unknown Not vuln - source - 12/14/21
Dell Vblock Unknown Investigation - source - 12/14/21
Dell ViPR Controller Unknown Investigation - source - 12/14/21
Dell VNX2 Unknown Not vuln - source - 12/14/21
Dell VNX Control Station Unknown Not vuln - source - 12/14/21
Dell Vsan Ready Nodes Unknown Investigation - source - 12/14/21
Dell VxBlock Unknown Investigation - source - 12/14/21
Dell VxFlex Ready Nodes Unknown Investigation - source - 12/14/21
Dell Wyse Management Suite Import Tool Unknown Not vuln - source - 12/14/21
Dell Wyse Management Suite Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Dell Wyse Proprietary OS (ThinOS) Unknown Not vuln - source - 12/14/21
Dell Wyse Windows Embedded Unknown Vulnerable - source Fix Release Timeline TBD - 12/14/21
Docker Docker infrastructure Unknown Not vuln - source Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. - 12/14/21
Dropwizard Dropwizard Unknown Not vuln - source Only vulnerable if you manually added Log4j - 12/14/21
Dynatrace Dynatrace Cloud Services Unknown Fix - source - 12/14/21
Dynatrace ActiveGates 1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926 Fix - source - 12/14/21
EAL ATS Classic All Versions Not Vuln - See vendor-statements - 12/14/21
Elastic APM Java Agent 1.17.0-1.28.0 Workaround - source Only vulnerable with specific configuration - 12/14/21
Elastic APM Server Not Vuln - source - 12/14/21
Elastic Beats Not Vuln - source - 12/14/21
Elastic Cmd Not Vuln - source - 12/14/21
Elastic Elastic Agent Not Vuln - source - 12/14/21
Elastic Elastic Cloud Not Vuln - source - 12/14/21
Elastic Elastic Cloud Enterprise Not Vuln - source - 12/14/21
Elastic Elastic Cloud on Kubernetes Not Vuln - source - 12/14/21
Elastic Elastic Endgame Not Vuln - source - 12/14/21
Elastic Elastic Maps Service Not Vuln - source - 12/14/21
Elastic Elasticsearch < 6.8.21, < 7.16.1 Workaround - source Information leakage vulnerability - 12/14/21
Elastic Endpoint Security Not Vuln - source - 12/14/21
Elastic Enterprise Search Not Vuln - source - 12/14/21
Elastic Fleet Server Not Vuln - source - 12/14/21
Elastic Kibana Not Vuln - source - 12/14/21
Elastic Logstash < 6.8.21, < 7.16.1 Workaround - source - 12/14/21
Elastic Machine Learning Not Vuln - source - 12/14/21
Elastic Swiftype Investigation - source - 12/14/21
ELO Digital Office Not Vuln - source - 12/14/21
ESET All products Unknown Not vuln - source - 12/14/21
Esri ArcGIS Enterprise and related products < 10.8.0 Vulnerable - source - 12/14/21
EVL Labs JGAAP <8.0.2 Fix - source - 12/14/21
eXtreme Hosting All products Unknown Not vuln - source - 12/14/21
F5 All products Not Vuln - source F5 products themselves are not vulnerable, but F5 published guidance on mitigating through BIG-IP ASM/Advanced WAF and NGINX App Protect - 12/14/21
FileCap All products <5.1.0 Vulnerable - source Fix: 5.1.1 - 12/14/21
Fiix CMMS core V5 Fix - source - 12/14/21
Forcepoint DLP Manager Workaround - source - 12/14/21
Forcepoint Forcepoint Cloud Security Gateway (CSG) Not vuln - source - 12/14/21
Forcepoint Next Generation Firewall (NGFW) Not vuln - source - 12/14/21
Forcepoint Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder Not vuln - source - 12/14/21
Forcepoint One Endpoint Not vuln - source - 12/14/21
Forcepoint Security Manager (Web, Email and DLP) Workaround - source - 12/14/21
ForgeRock Autonomous Identity Workaround - source all other ForgeRock products not vuln - 12/14/21
Fortinet FortiAIOps Vulnerable - source - 12/14/21
Fortinet FortiAnalyzer Cloud Not Vuln - source - 12/14/21
Fortinet FortiAnalyzer Not Vuln - source - 12/14/21
Fortinet FortiAP Not Vuln - source - 12/14/21
Fortinet FortiAuthenticator Not Vuln - source - 12/14/21
Fortinet FortiCASB Vulnerable - source - 12/14/21
Fortinet FortiConvertor Vulnerable - source - 12/14/21
Fortinet FortiDeceptor Not Vuln - source - 12/14/21
Fortinet FortiEDR Agent Not Vuln - source - 12/14/21
Fortinet FortiEDR Cloud Vulnerable - source - 12/14/21
Fortinet FortiGate Cloud Not Vuln - source - 12/14/21
Fortinet FortiGSLB Cloud Not Vuln - source - 12/14/21
Fortinet FortiMail Not Vuln - source - 12/14/21
Fortinet FortiManager Cloud Not Vuln - source - 12/14/21
Fortinet FortiManager Not Vuln - source - 12/14/21
Fortinet FortiNAC Vulnerable - source - 12/14/21
Fortinet FortiNAC Vulnerable - source - 12/14/21
Fortinet FortiOS (includes FortiGate & FortiWiFi) Not Vuln - source - 12/14/21
Fortinet FortiPhish Cloud Not Vuln - source - 12/14/21
Fortinet FortiPolicy Vulnerable - source - 12/14/21
Fortinet FortiPortal Vulnerable - source - 12/14/21
Fortinet FortiRecorder Not Vuln - source - 12/14/21
Fortinet FortiSIEM Vulnerable - source - 12/14/21
Fortinet FortiSOAR Vulnerable - source - 12/14/21
Fortinet FortiSwitch Cloud in FortiLANCloud Not Vuln - source - 12/14/21
Fortinet FortiSwitch & FortiSwitchManager Not Vuln - source - 12/14/21
Fortinet FortiToken Cloud Not Vuln - source - 12/14/21
Fortinet FortiVoice Not Vuln - source - 12/14/21
Fortinet FortiWeb Cloud Not Vuln - source - 12/14/21
Fortinet ShieldX Vulnerable - source - 12/14/21
F-Secure Endpoint Proxy 13-15 Fix - source - 12/14/21
F-Secure Policy Manager 13-15 Fix - source - 12/14/21
F-Secure Policy Manager Proxy 13-15 Fix - source - 12/14/21
FusionAuth FusionAuth 1.32 Not Vuln - source - 12/14/21
Genesys All products Investigation - source - 12/14/21
GFI Software Kerio Connect Vulnerable - source - 12/14/21
GoAnywhere MFT Unknown Workaround - source - 12/14/21
GoAnywhere Gateway Unknown Workaround - source - 12/14/21
GoAnywhere Agents Unknown Workaround - source - 12/14/21
Graylog Graylog < 3.3.15,<4.0.14,<4.1.9,<4.2.3 Fix - source - 12/14/21
GuardedBox GuardedBox <3.1.2 Fix - source - 12/14/21
HackerOne Unknown Unknown Fix - source - 12/14/21
Hashicorp All products Not Vuln - source - 12/14/21
HCL Software BigFix Compliance Unknown Workaround - source - 12/14/21
HCL Software BigFix Inventory Unknown Workaround - source - 12/14/21
HCL Software BigFix Compliance Unknown Investigation - source - 12/14/21
HCL Software BigFix Compliance Unknown Investigation - source - 12/14/21
Hexagon M.App Enterprise Unknown Investigation - source Might be vulnerable only when used with Geoprocessing Server - 12/14/21
Hexagon ERDAS APOLLO Advantage & Professional Unknown Investigation - source - 12/14/21
Hexagon GeoMedia Unknown Not vuln - source - 12/14/21
Hexagon IMAGINE Unknown Not vuln - source - 12/14/21
Hexagon ImageStation Unknown Not vuln - source - 12/14/21
Hexagon GeoMedia WebMap Unknown Not vuln - source - 12/14/21
Hexagon Geospatial Portal Unknown Not vuln - source - 12/14/21
Hexagon Geospatial SDI Unknown Not vuln - source - 12/14/21
Hexagon GeoMedia SmartClient Unknown Not vuln - source - 12/14/21
Hexagon ERDAS APOLLO Essentials Unknown Not vuln - source - 12/14/21
Hexagon M.App Enterprise standalone or with Luciad Fusion Unknown Not vuln - source - 12/14/21
Hexagon Luciad Fusion Unknown Not vuln - source The only risk is if Log4J was implemented outside of the default product install - 12/14/21
Hexagon Luciad Lightspeed Unknown Not vuln - source The only risk is if Log4J was implemented outside of the default product install - 12/14/21
Hitachi Vantara Pentaho v8.3.x, v9.2.x Not vuln - source - 12/14/21
HostiFi Unifi hosting Unknown Fix - source Hosted Unifi solution - 12/14/21
Huawei All products Investigation - source - 12/14/21
IBM All products Investigation - source - 12/14/21
IBM Curam SPM 8.0.0, 7.0.11 Vulnerable - source - 12/14/21
IBM Sterling Order Management Unknown Not vuln - source - 12/14/21
IBM Sterling Fulfillment Optimizer Unknown Vulnerable - source - 12/14/21
IBM Sterling Inventory Visibility Unknown Vulnerable - source - 12/14/21
IBM Websphere 8.5 Vulnerable - source fix: PH42728 - 12/14/21
IBM Websphere 9.0 Vulnerable - source fix: PH42728 - 12/14/21
Inductive Automation Ignition All versions Not Vuln - source - 12/14/21
Informatica Axon 7.2.x Workaround - source - 12/14/21
Informatica Data Privacy Management 10.5, 10.5.1 Workaround - source - 12/14/21
Informatica Information Deployment Manager Fix - source - 12/14/21
Informatica Metadata Manager 10.4, 10.4.1, 10.5, 10.5.1 Workaround - source - 12/14/21
Informatica PowerCenter 10.5.1 Workaround - source - 12/14/21
Informatica PowerExchange for CDC (Publisher) and Mainframe 10.5.1 Workaround - source - 12/14/21
Informatica Product 360 All versions Workaround - source - 12/14/21
Informatica Secure Agents (Cloud hosted) Unknown Fix - source Fixed agents may need to be restarted - 12/14/21
IronNet All products All verisons Investigation - source - 12/14/21
Ivanti All products All versions Not Vuln - source No products are deemed affected at this moment - 12/14/21
JFrog all products Not Vuln - source - 12/14/21
Jamf Nation Jamf Cloud Unknown Fix - source - 12/14/21
Jamf Nation Jamf Pro (hosted on-prem) < 10.34.1 See notes - source <10.14 vulnerable, 10.14-10.34 patch, >= 10.34.1 fix - 12/14/21
Jamf Nation Health Care Listener Unknown Not Vuln - source - 12/14/21
Jamf Nation Jamf Connect Unknown Not Vuln - source - 12/14/21
Jamf Nation Jamf Data Policy Unknown Not Vuln - source - 12/14/21
Jamf Nation Jamf Infrastructure Manager Unknown Not Vuln - source - 12/14/21
Jamf Nation Jamf Now Unknown Not Vuln - source - 12/14/21
Jamf Nation Jamf Private Access Unknown Not Vuln - source - 12/14/21
Jamf Nation Jamf Protect Unknown Not Vuln - source - 12/14/21
Jamf Nation Jamf School Unknown Not Vuln - source - 12/14/21
Jamf Nation Jamf Threat Defense Unknown Not Vuln - source - 12/14/21
Jazz/IBM JazzSM DASH Unknown See notes - source DASH on WebSphere Application Server requires mitigations - 12/14/21
Jenkins Jenkins CI Unknown Not Vuln - source Invidivual plugins not developed as part of Jenkins core may be vulnerable. - 12/14/21
JetBrains YouTrack Standalone >= 2019.2 <= 2021.4.34389 Vuln -
email, mitigation - 12/14/21
Jetbrains TeamCity Unknown Investigation - source - 12/14/21
Jitsi jitsi-videobridge v2.1-595-g3637fda42 Fix - source - 12/14/21
Kaseya AuthAnvil Unknown Not Vuln - source - 12/14/21
Kaseya BMS Unknown Not Vuln - source - 12/14/21
Kaseya ID Agent DarkWeb ID and BullPhish ID Unknown Not Vuln - source - 12/14/21
Kaseya IT Glue Unknown Not Vuln - source - 12/14/21
Kaseya MyGlue Unknown Not Vuln - source - 12/14/21
Kaseya Network Glue Unknown Not Vuln - source - 12/14/21
Kaseya Passly Unknown Not Vuln - source - 12/14/21
Kaseya RocketCyber Unknown Not Vuln - source - 12/14/21
Kaseya Spannign Salesforce Backup Unknown Not Vuln - source - 12/14/21
Kaseya Spanning O365 Backup Unknown Not Vuln - source - 12/14/21
Kaseya Unitrends Unknown Not Vuln - source - 12/14/21
Kaseya VSA SaaS and VSA On-Premises Unknown Not Vuln - source - 12/14/21
Kaseya Vorex Unknown Not Vuln - source - 12/14/21
Kaseya products not listed above Unknown Investigation - source - 12/14/21
Keycloak Keycloak all version Not Vuln - source - 12/14/21
LeanIX All products All versions Fix - source - 12/14/21
Lightbend Akka Unknown Not Vuln - source - 12/14/21
Lightbend Akka Serverless Unknown Not Vuln - source - 12/14/21
Lightbend Lagom Framework Unknown Not Vuln by default - source Users that switched from logback to log4j are affected - 12/14/21
Lightbend Play Framework Unknown Not Vuln by default - source Users that switched from logback to log4j are affected - 12/14/21
LogicMonitor LogicMonitor SaaS Platform Unknown Fix -
Automatic update before 13th December source - 12/14/21
The Linux Foundation XCP-ng All versions Not vuln - source - 12/14/21
LiquidFiles LiquidFiles All versions Not vuln - source - 12/14/21
Mailcow Mailcow Solr Docker < 1.8 Fix - source - 12/14/21
ManageEngine ADAudit Plus Unknown Investigation - Third party components bundle log4j - 12/14/21
ManageEngine ADManager Plus Unknown Investigation - source Mitigation: set -Dlog4j2.formatMsgNoLookups=true in jvm.options. - 12/14/21
ManageEngine Desktop Central Unknown Not Vuln - source - 12/14/21
McAfee Data Exchange Layer (DXL) Unknown Investigation - source - 12/14/21
McAfee Enterprise Security Manager (ESM) Unknown Investigation - source - 12/14/21
McAfee McAfee Active Response (MAR) Unknown Investigation - source - 12/14/21
McAfee Network Security Manager (NSM) Unknown Investigation - source - 12/14/21
McAfee Network Security Platform (NSP) Unknown Investigation - source - 12/14/21
McAfee Threat Intelligence Exchange (TIE) Unknown Investigation - source - 12/14/21
McAfee ePolicy Orchestrator Agent Handlers (ePO-AH) Unknown Not Vuln - source - 12/14/21
McAfee ePolicy Orchestrator Application Server (ePO) <= 5.10 CU10 Not Vuln - source - 12/14/21
McAfee ePolicy Orchestrator Application Server (ePO) 5.10 CU11 Investigation - source - 12/14/21
Memurai All products Not Vuln - source - 12/14/21
Metabase Metabase <0.41.4 Fix - source Mitigations available for earlier versions - 12/14/21
Microsoft - source, IOCs Microsoft provided additional guidance for preventing, detecting and hunting for exploitation - 12/14/21
Microsoft Azure AD Unknown Not Vuln - source ADFS itself is not vulnerable, federation providers may be - 12/14/21
Microsoft Azure App Service Unknown Not Vuln - source This product itself is not vulnerable, Microsoft provides guidance on remediation for hosted applications - 12/14/21
Microsoft Azure Application Gateway Unknown Not Vuln - source - 12/14/21
Microsoft Azure Front Door Unknown Not Vuln - source - 12/14/21
Microsoft Azure WAF Unknown Not Vuln - source - 12/14/21
Microsoft Kafka Connect for Azure Cosmo DB < 1.2.1 Fix - source - 12/14/21
Minecraft Java edition <1.18.1 Fix - source
Mitigations available for earlier versions - 12/14/21
MISP MISP All Not vuln - source - 12/14/21
MONARC MONARC All Not vuln - source - 12/14/21
MongoDB Atlas Search Unknown Fix - source
Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered. - 12/14/21
MongoDB Atlas Unknown Not vuln - source
Including Atlas Database, Data Lake, Charts - 12/14/21
MongoDB Enterprise Advanced Unknown Not vuln - source
Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators. - 12/14/21
MongoDB Community Edition Unknown Not vuln - source
Including Community Server, Cloud Manager, Community Kubernetes Operators. - 12/14/21
MongoDB Drivers Unknown Not vuln - source
- 12/14/21
MongoDB Tools Unknown Not vuln - source
Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors - 12/14/21
MongoDB Realm Unknown Not vuln - source
including Realm Database, Sync, Functions, APIs - 12/14/21
Moodle Moodle All Not vuln - source
- 12/14/21
-------------------- -------------------------------------------------------------------- :--------: :-------------: - -----------------------------------------------------------------------------------------------------------------: ------------------------------------------------ - 12/14/21
N-able Backup Unknown Not Vuln - source - 12/14/21
N-able MSP Manager Unknown Not Vuln - source - 12/14/21
N-able Mail Assure Unknown Not Vuln - source - 12/14/21
N-able N-central Unknown Not Vuln - source - 12/14/21
N-able Passportal Unknown Not Vuln - source - 12/14/21
N-able RMM Unknown Fix - source - 12/14/21
N-able Risk Intelligence Unknown Vulnerable - source - 12/14/21
N-able Take Control Unknown Not Vuln - source - 12/14/21
Neo4j Neo4j > 4.2 Vulnerable - source Workaround is available, but not released yet. - 12/14/21
Nelson Nelson 0.16.185 Vulnerable - source Workaround is available, but not released yet. - 12/14/21
NetApp Brocade SAN Naviator Unknown Investigation - source - 12/14/21
NetApp Cloud Manager Unknown Vulnerable - source - 12/14/21
NetApp Element Plug-in for vCenter Server Unknown Investigation - source - 12/14/21
NetApp Management Services for Element Software and NetApp HCI Unknown Investigation - source - 12/14/21
NetApp NetApp HCI Compute Node Unknown Investigation - source - 12/14/21
NetApp NetApp SolidFire & HCI Management Node Unknown Investigation - source - 12/14/21
NetApp NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO) Unknown Investigation - source - 12/14/21
NetApp NetApp SolidFire, Enterprise SDS & HCI Storage Unknown Investigation - source - 12/14/21
NetApp NetApp SolidFireStorage Replication Adapter Unknown Investigation - source - 12/14/21
Netflix atlas 1.6.6 Workaround - source - 12/14/21
Netflix dgs-framework < 4.9.11 Fix - fix - 12/14/21
Netflix spectator < 1.0.9 Fix - fix - 12/14/21
Netflix zuul Unknown Workaround - source - 12/14/21
NetIQ Access Manager > 4.5.x & > 5.0.x Workaround - workaround - 12/14/21
Netwrix Netwrix Auditor Not vuln - source - 12/14/21
New Relic Java Agent 6.5.1 & 7.4.1 Fix - source - 12/14/21
NextGen Healthcare Mirth Unknown Not Vuln - source - 12/14/21
NSA Ghidra < 10.1 Fix - source, fix - 12/14/21
Nutanix AOS All versions Vulnerable - source Patch pending - 12/14/21
Nutanix AHV All versions Unknown - source Investigating - 12/14/21
Nutanix Prism Central All versions Vulnerable - source Patch pending - 12/14/21
Nutanix Flow Security Central All versions Unknown - source - 12/14/21
Nutanix Files All versions Unknown - source Investigating - 12/14/21
Nutanix Objects All versions Unknown - source Investigating - 12/14/21
Nutanix Volumes All versions Vulnerable - source Patch pending - 12/14/21
Nutanix Mine All versions Unknown - source Investigating - 12/14/21
Nutanix Era All versions Unknown - source Investigating - 12/14/21
Nutanix X-Ray All versions Unknown - source Investigating - 12/14/21
Nutanix LCM All versions Unknown - source Investigating - 12/14/21
Nutanix Move All versions Unknown - source Investigating - 12/14/21
Nutanix NCC All versions Unknown - source Investigating - 12/14/21
Nutanix Foundation All versions Unknown - source Investigating - 12/14/21
Nutanix Karbon All versions Vulnerable - source Patch pending - 12/14/21
Nutanix Leap All versions Vulnerable - source Patch pending - 12/14/21
Nutanix Calm All versions Vulnerable - source Patch pending - 12/14/21
Nutanix Beam All versions Vulnerable - source Patch pending - 12/14/21
Nutanix Frame All versions Not Vuln - source - 12/14/21
Nutanix Sizer Unknown Fix - source See advisory - 12/14/21
Nutanix Insights All versions Vulnerable - source Patch pending - 12/14/21
NXLog NXLog Manager 5.x Not Vuln - source - 12/14/21
Obsidian Dynamics kafdrop all Investigation - source - 12/14/21
Okta AD Agent Unknown Not Vuln - source - 12/14/21
Okta Access Gateway Unknown Not Vuln - source - 12/14/21
Okta Advanced Server Access Unknown Not Vuln - source - 12/14/21
Okta Browser Plugin Unknown Not Vuln - source - 12/14/21
Okta IWA Web Agent Unknown Not Vuln - source - 12/14/21
Okta LDAP Agent Unknown Not Vuln - source - 12/14/21
Okta Mobile Unknown Not Vuln - source - 12/14/21
Okta On-Prem MFA Agent <1.4.6 Fix - source, fix - 12/14/21
Okta Radius Server Agent 2.17.0 Fix - source/fix - 12/14/21
Okta Verify Unknown Not Vuln - source - 12/14/21
Okta Workflow Unknown Not Vuln - source - 12/14/21
Okta RADIUS Server Agent <2.17.0 Fix - source, fix - 12/14/21
OpenMRS Talk 2.4.0-2.4.1 Vulnerable - source Mitigations are available, pending a new release - 12/14/21
OpenNMS Horizon (including derived Sentinels) < 29.0.3 Fix - source Workarounds are available too for earlier versions - 12/14/21
OpenNMS Meridian (including derived Minions and Sentinels) < 2021.1.8, 2020.1.15, 2019.1.27 Fix - source Workarounds are available too for earlier versions - 12/14/21
OpenNMS Minion appliance Unknown Fix - source - 12/14/21
OpenNMS PoweredBy OpenNMS Unknown Workaround - source - 12/14/21
OpenSearch OpenSearch < 1.2.1 Fix - source - 12/14/21
Oracle Database Unknown Not Vuln - source, Support note 2827611.1 - 12/14/21
Oracle Fusion Middleware Unknown Fix - source, Support note 209768.1, Support note 2827611.1 - 12/14/21
Oracle Oracle Enterprise Manager Unknown Not Vuln - source, Support note 209768.1, Support note 2827611.1 - 12/14/21
Oracle Oracle WebLogic Server Unknown Not Vuln - source, Support note 209768.1, Support note 2827611.1 - 12/14/21
Oracle Oracle HTTP Server Unknown Not Vuln - source, Support note 209768.1, Support note 2827611.1 - 12/14/21
Oracle Oracle Internet Directory Unknown Not Vuln - source, Support note 209768.1, Support note 2827611.1 - 12/14/21
Oracle Oracle SOA Suite Unknown Vulnerable - source, Support note 2827611.1 - 12/14/21
Oracle Oracle Fusion Middleware Infrastructure Unknown Vulnerable - source, Support note 2827611.1 - 12/14/21
Oracle Oracle Access Manager Unknown Vulnerable - source, Support note 2827611.1 - 12/14/21
Oracle Oracle eBusiness Suite Unknown Vulnerable - source, Support note 2827611.1 - 12/14/21
Oracle Oracle Policy Automation (OPA) Unknown Vulnerable - source, Support note 2827611.1 - 12/14/21
Oracle NoSQL Database Unknown Vulnerable - source, Support note 2827611.1 - 12/14/21
Oracle Oracle WebCenter Portal Unknown Vulnerable - source, Support note 2827611.1 - 12/14/21
Oracle Oracle Data Integrator (ODI) Unknown Fix - source, Support note 2827611.1, Support Note 2827793.1 [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) - 12/14/21
Oracle Oracle WebCenter Sites Unknown Fix - source, Support note 2827611.1, Support Note 2827793.1 [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) - 12/14/21
Oracle Oracle Enterprise Repository Unknown Fix - source, Support note 2827611.1, Support Note 2827793.1 [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) - 12/14/21
Oracle Oracle JDeveloper Unknown Fix - source, Support note 2827611.1, Support Note 2827793.1 [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) - 12/14/21
openHAB openHAB 3.0.4, 3.1.1 Fix - source - 12/14/21
OTRS All products Not Vuln - source - 12/14/21
OWASP ZAP < 2.11.1 Fix - source - 12/14/21
PagerDuty Rundeck 3.3+ Fix - source No statement from PagerDuty yet. - 12/14/21
Palo Alto WildFire Appliance Not Vuln - source - 12/14/21
Palo Alto Prisma Cloud Compute Not Vuln - source - 12/14/21
Palo Alto Prisma Cloud Not Vuln - source - 12/14/21
Palo Alto PAN-OS Not Vuln - source - 12/14/21
Palo Alto GlobalProtect App Not Vuln - source - 12/14/21
Palo Alto Cortex XSOAR Not Vuln - source - 12/14/21
Palo Alto Cortex XDR Agent Not Vuln - source - 12/14/21
Palo Alto CloudGenix Not Vuln - source - 12/14/21
Palo Alto Bridgecrew Not Vuln - source - 12/14/21
PaperCut PaperCut MF >= 21.0 Workaround - source - 12/14/21
PaperCut PaperCut NG >= 21.0 Workaround - source - 12/14/21
PaperCut PaperCut Hive Not vuln - source - 12/14/21
PaperCut PaperCut Pocket Not vuln - source - 12/14/21
PaperCut PaperCut Views Not vuln - source - 12/14/21
PaperCut PaperCut Print Logger Not vuln - source - 12/14/21
PaperCut PaperCut MobilityPrint Not vuln - source - 12/14/21
PaperCut PaperCut MultiVerse Not vuln - source - 12/14/21
PaperCut PaperCut Online Services Not vuln - source - 12/14/21
Parallels Remote Application Server All versions Not Vuln - source - 12/14/21
Pega Pega Platform On Prem Fix - source - 12/14/21
Planon Software Planon Universe all Not vuln - source - 12/14/21
Plex Industrial IoT Not vuln - source Mitigation already applied, patch will be issued today - 12/14/21
Postgres PostgreSQL JDBC Not vuln - source - 12/14/21
Progress OpenEdge Workaround - source, mitigations - 12/14/21
Progress DataDirect Hybrid Data Pipeline Workaround - source, mitigations - 12/14/21
Portex Portex <3.0.2 Fix - source - 12/14/21
Pulse Secure Pulse Secure Virtual Traffic Manager Not Vuln - source - 12/14/21
Pulse Secure Pulse Secure Services Director Not Vuln - source - 12/14/21
Pulse Secure Pulse Secure Web Application Firewall Not Vuln - source - 12/14/21
Pulse Secure Pulse Connect Secure Not Vuln - source - 12/14/21
Pulse Secure Ivanti Connect Secure (ICS) Not Vuln - source - 12/14/21
Pulse Secure Pulse Policy Secure Not Vuln - source - 12/14/21
Pulse Secure Pulse Desktop Client Not Vuln - source - 12/14/21
Pulse Secure Pulse Mobile Client Not Vuln - source - 12/14/21
Pulse Secure Pulse One Not Vuln - source - 12/14/21
Pulse Secure Pulse ZTA Not Vuln - source - 12/14/21
Pulse Secure Ivanti Neurons for ZTA Not Vuln - source - 12/14/21
Pulse Secure Ivanti Neurons for secure Access Not Vuln - source - 12/14/21
Puppet Continuous Delivery for Puppet Enterprise 3.x, < 4.10.2 Fix - source, workaround,mitigations Update available for version 4.x, mitigations for 3.x which is EOL - 12/14/21
Puppet Puppet agents Not Vuln - source - 12/14/21
Puppet Puppet Enterprise Not Vuln - source - 12/14/21
PTV xServer internet 1 / PTV xServer internet 2 PTV xServer internet 1 / PTV xServer internet 2 Unknown Fix - source - 12/14/21
PTV TLN planner internet PTV TLN planner internet Unknown Fix - source - 12/14/21
PTV Route Optimizer SaaS / Demonstrator PTV Route Optimizer SaaS / Demonstrator Unknown Fix - source - 12/14/21
PTV Developer PTV Developer Unknown Fix - source - 12/14/21
PTV Visum Publisher PTV Visum Publisher Unknown Fix - source - 12/14/21
PTV xServer 2.x (on prem) PTV xServer 2.x (on prem) Unknown Vulnerable - source - 12/14/21
PTV xServer 1.34 (on prem) PTV xServer 1.34 (on prem) Unknown Vulnerable - source - 12/14/21
PTV MaaS Modeller PTV MaaS Modeller Unknown Vulnerable - source - 12/14/21
PTV Route Optimiser CL PTV Route Optimiser CL Unknown Investigation - source - 12/14/21
PTV Route Optimiser ST PTV Route Optimiser ST Unknown Investigation - source - 12/14/21
PTV Map&Market PTV Map&Market Unknown Investigation - source - 12/14/21
PTV Arrival Board / Trip Creator / EM Portal PTV Arrival Board / Trip Creator / EM Portal Unknown Investigation - source - 12/14/21
PTV Drive&Arrive PTV Drive&Arrive Unknown Investigation - source - 12/14/21
PTV xServer < 1.34 (on prem) PTV xServer < 1.34 (on prem) Unknown Not vuln - source - 12/14/21
PTV Road Editor PTV Road Editor Unknown Not vuln - source - 12/14/21
PTV Map&Guide internet PTV Map&Guide internet Unknown Not vuln - source - 12/14/21
PTV Map&Guide intranet PTV Map&Guide intranet Unknown Not vuln - source - 12/14/21
PTV Navigator Licence Manager PTV Navigator Licence Manager Unknown Not vuln - source - 12/14/21
PTV Navigator App PTV Navigator App Unknown Not vuln - source - 12/14/21
PTV Drive&Arrive App PTV Drive&Arrive App Unknown Not vuln - source - 12/14/21
PTV Visum PTV Visum Unknown Not vuln - source - 12/14/21
PTV Vissim PTV Vissim Unknown Not vuln - source - 12/14/21
PTV Vistro PTV Vistro Unknown Not vuln - source - 12/14/21
PTV Viswalk PTV Viswalk Unknown Not vuln - source - 12/14/21
PTV Balance and PTV Epics PTV Balance and PTV Epics Unknown Not vuln - source - 12/14/21
PTV Hyperpath PTV Hyperpath Unknown Not vuln - source - 12/14/21
PTV TRE and PTV Tre-Addin PTV TRE and PTV Tre-Addin Unknown Not vuln - source - 12/14/21
PTV Optima PTV Optima Unknown Not vuln - source - 12/14/21
QlikTech International Compose Investigation - source - 12/14/21
QlikTech International Nprinting Not Vuln - source - 12/14/21
QlikTech International QEM products Investigation - source - 12/14/21
QlikTech International Qlik Replicate Investigation - source - 12/14/21
QlikTech International Qlik Sense Enterprise Not Vuln - source - 12/14/21
QlikTech International QlikView Not Vuln - source - 12/14/21
QOS.ch SLF4J Simple Logging Facade for Java - source SLF4J API doesn't protect against the vulnerability when using a vulnerable version of log4j - 12/14/21
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto Vulnerable - source - 12/14/21
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive Vulnerable - source - 12/14/21
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6 Vulnerable - source - 12/14/21
Red Hat Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5 Vulnerable - source - 12/14/21
Red Hat Red Hat OpenStack Platform 13 (Queens) opendaylight Vulnerable - source - 12/14/21
Red Hat Red Hat OpenShift Logging logging-elasticsearch6-container Vulnerable - source - 12/14/21
Red Hat Red Hat build of Quarkus Vulnerable - source - 12/14/21
Red Hat Red Hat Descision Manager 7 Vulnerable - source - 12/14/21
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack Vulnerable - source - 12/14/21
Red Hat Red Hat Process Automation 7 Vulnerable - source - 12/14/21
Red Hat A-MQ Clients 2 Not Vuln - source - 12/14/21
Red Hat Red Hat CodeReady Studio 12 Vulnerable - source - 12/14/21
Red Hat Red Hat Data Grid 8 Vulnerable - source - 12/14/21
Red Hat Red Hat Integration Camel K Vulnerable - source - 12/14/21
Red Hat Red Hat Integration Camel Quarkus Vulnerable - source - 12/14/21
Red Hat Red Hat JBoss A-MQ Streaming Vulnerable - source - 12/14/21
Red Hat Red Hat JBoss Fuse 7 Vulnerable - source - 12/14/21
Red Hat Red Hat OpenShift Application Runtimes Vulnerable - source - 12/14/21
Red Hat Red Hat Single Sign-On 7 Not Vuln - source - 12/14/21
Red Hat Red Hat JBoss Enterprise Application Platform 6 Not Vuln - source - 12/14/21
Redis Redis Enterprise & Open Source all Not Vuln - source Redis Enterprise and Open Source Redis (self-managed software product) does not use Java and is therefore not impacted by this vulnerability - 12/14/21
RSA SecurID Authentication Manager Not Vuln - source Version 8.6 Patch 1 contains a version of log4j that is vulnerable, but this vulnerability is not exploitable. - 12/14/21
RSA SecurID Authentication Manager Prime Not Vuln - source - 12/14/21
RSA SecurID Authentication Manager WebTier Not Vuln - source - 12/14/21
RSA SecurID Identity Router (On-Prem component of Cloud Authentication Service) Not Vuln - source - 12/14/21
RSA SecurID Governance and Lifecycle (SecurID G&L) Not Vuln - source - 12/14/21
RSA SecurID Governance and Lifecycle Cloud (SecurID G&L Cloud) Not Vuln - source - 12/14/21
Safe FME Server Investigation - source - 12/14/21
Salesforce All products Investigation - source - 12/14/21
SAS Institute JMP Not vuln - source - 12/14/21
SAS Institute SAS Profile Fix - source - 12/14/21
SAS Institute SAS Cloud Solutions Workaround - source - 12/14/21
Security Onion Solutions Security Onion 2.3.90 20211210 Fix - source - 12/14/21
Shibboleth Shibboleth IdP/SP Not Vuln - source - 12/14/21
SolarWinds Database Performance Analyzer 2021.1.x, 2021.3.x, 2022.1.x Workaround - source, workaround - 12/14/21
SolarWinds Server & Application Monitor >= 2020.2.6 Workaround - source, workaround - 12/14/21
SolarWinds Orion Platform core Not vuln - source - 12/14/21
SonarSource SonarQube Workaround - source - 12/14/21
SonarSource SonarCloud Fix - source - 12/14/21
SonicWall Gen5 Firewalls (EOS) Not Vuln - source - 12/14/21
SonicWall Gen6 Firewalls Not Vuln - source - 12/14/21
SonicWall Gen7 Firewalls Not Vuln - source - 12/14/21
SonicWall SonicWall Switch Not Vuln - source - 12/14/21
SonicWall SMA 100 Not Vuln - source - 12/14/21
SonicWall SMA 1000 12.1.0, 12.4.1 Not Vuln - source - 12/14/21
SonicWall Email Security 10.x Vulnerable - source - 12/14/21
SonicWall MSW Not Vuln - source - 12/14/21
SonicWall NSM Not Vuln - source - 12/14/21
SonicWall Analyzer Investigation - source - 12/14/21
SonicWall Analytics Investigation - source - 12/14/21
SonicWall GMS Investigation - source - 12/14/21
SonicWall Capture Client & Capture Client Portal Not Vuln - source - 12/14/21
SonicWall CAS Investigation - source - 12/14/21
SonicWall WAF Investigation - source - 12/14/21
SonicWall Access Points Not Vuln - source - 12/14/21
SonicWall WNM Not Vuln - source - 12/14/21
SonicWall Capture Security Appliance Not Vuln - source - 12/14/21
SonicWall WXA Not Vuln - source - 12/14/21
SonicWall SonicCore Not Vuln - source - 12/14/21
Sophos Sophos Central Not Vuln - source - 12/14/21
Sophos Sophos Firewall All Not Vuln - source - 12/14/21
Sophos SG UTM All Not Vuln - source - 12/14/21
Sophos SG UTM Manager (SUM) All Not Vuln - source - 12/14/21
Sophos Sophos ZTNA Not Vuln - source - 12/14/21
Sophos Cloud Optix Fix - source - 12/14/21
Sophos Sophos Home Not Vuln - source - 12/14/21
Sophos Sophos Mobile Not Vuln - source - 12/14/21
Sophos Sophos Mobile EAS Proxy 9.7.2 Fix - source - 12/14/21
Sophos Reflexion Not Vuln - source - 12/14/21
Splunk Add-On: Java Management Extensions 3.0.0, 2.1.0 Vulnerable - source - 12/14/21
Splunk Add-On: JBoss 3.0.0, 2.1.0 Vulnerable - source - 12/14/21
Splunk Add-On: Tomcat 3.0.0, 2.1.0 Vulnerable - source - 12/14/21
Splunk Data Stream Processor DSP 1.0.x, DSP 1.1.x, DSP 1.2.x Vulnerable - source - 12/14/21
Splunk IT Service Intelligence (ITSI) 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x Vulnerable - source - 12/14/21
Splunk Splunk Connect for Kafka <2.0.4 Fix - source - 12/14/21
Splunk Splunk Enterprise All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used. Workaround - source - 12/14/21
Splunk Splunk Enterprise Amazon Machine Image (AMI) see Splunk Enterprise Workaround - source - 12/14/21
Splunk Splunk Enterprise Docker Container see Splunk Enterprise Workaround - source - 12/14/21
Splunk Splunk Logging Library for Java <1.11.1 Fix - source - 12/14/21
Splunk Stream Processor Service Current Vulnerable - source - 12/14/21
Splunk Admin Config Service all Not vuln - source - 12/14/21
Splunk Analytics Workspace all Not vuln - source - 12/14/21
Splunk Behavior Analytics all Not vuln - source - 12/14/21
Splunk Dashboard Studio all Not vuln - source - 12/14/21
Splunk Developer Tools: AppInspect all Not vuln - source - 12/14/21
Splunk Enterprise Security all Not vuln - source - 12/14/21
Splunk Intelligence Management (TruSTAR) all Not vuln - source - 12/14/21
Splunk KV Service all Not vuln - source - 12/14/21
Splunk Mission Control all Not vuln - source - 12/14/21
Splunk MLTK all Not vuln - source - 12/14/21
Splunk Operator for Kubernetes all Not vuln - source - 12/14/21
Splunk Security Analytics for AWS all Not vuln - source - 12/14/21
Splunk SignalFx Smart Agent all Not vuln - source - 12/14/21
Splunk SOAR Cloud (Phantom) all Not vuln - source - 12/14/21
Splunk SOAR (On-Premises) all Not vuln - source - 12/14/21
Splunk Splunk Application Performance Monitoring all Not vuln - source - 12/14/21
Splunk Splunk Augmented Reality all Not vuln - source - 12/14/21
Splunk Splunk Cloud Data Manager (SCDM) all Not vuln - source - 12/14/21
Splunk Splunk Connect for Kubernetes all Not vuln - source - 12/14/21
Splunk Splunk Connect for SNMP all Not vuln - source - 12/14/21
Splunk Splunk Connect for Syslog all Not vuln - source - 12/14/21
Splunk Splunk DB Connect all Not vuln - source - 12/14/21
Splunk Splunk Enterprise Cloud all Not vuln - source - 12/14/21
Splunk Splunk Heavyweight Forwarder (HWF) all Not vuln - source - 12/14/21
Splunk Splunk Infrastructure Monitoring all Not vuln - source - 12/14/21
Splunk Splunk Log Observer all Not vuln - source - 12/14/21
Splunk Splunk Mint all Not vuln - source - 12/14/21
Splunk Splunk Mobile all Not vuln - source - 12/14/21
Splunk Splunk Network Performance Monitoring all Not vuln - source - 12/14/21
Splunk Splunk On-Call/Victor Ops all Not vuln - source - 12/14/21
Splunk Splunk Open Telemetry Distributions all Not vuln - source - 12/14/21
Splunk Splunk Profiling all Not vuln - source - 12/14/21
Splunk Splunk Real User Monitoring all Not vuln - source - 12/14/21
Splunk Splunk Secure Gateway (Spacebridge) all Not vuln - source - 12/14/21
Splunk Splunk Synthetics all Not vuln - source - 12/14/21
Splunk Splunk TV all Not vuln - source - 12/14/21
Splunk Splunk Universal Forwarder (UF) all Not vuln - source - 12/14/21
Splunk Splunk User Behavior Analytics (UBA) all Not vuln - source - 12/14/21
Stardog Stardog <7.8.1 Fix - source - 12/14/21
Synacor Zimbra 8.8.15 and 9.x Not vuln - source Zimbra stated (in their private support portal) they're not vulnerable. Currently supported Zimbra versions ship 1.2.6 - 12/14/21
Synology DSM Not vuln - source The base DSM is not affected. Software installed via the package manager may be vulnerable. - 12/14/21
Talend Talend Component Kit Fix - source - 12/14/21
Tealium All products Fix - source - 12/14/21
TheHive Cortex all Not vuln - source - 12/14/21
TheHive TheHive all Not vuln - source - 12/14/21
Topicus Security Topicus KeyHub all Not vuln - source - 12/14/21
TrendMicro ActiveUpdate Not vuln - source - 12/14/21
TrendMicro Apex Central (including as a Service) Not vuln - source - 12/14/21
TrendMicro Apex One (all versions including Mac and Saas) Not vuln - source - 12/14/21
TrendMicro Cloud App Security Investigation - source - 12/14/21
TrendMicro Cloud Edge Not vuln - source - 12/14/21
TrendMicro Cloud One - Application Security Not vuln - source - 12/14/21
TrendMicro Cloud One - Common Services Not vuln - source - 12/14/21
TrendMicro Cloud One - Conformity Not vuln - source - 12/14/21
TrendMicro Cloud One - Container Security Not vuln - source - 12/14/21
TrendMicro Cloud One - File Storage Security Not vuln - source - 12/14/21
TrendMicro Cloud One - Network Security Not vuln - source - 12/14/21
TrendMicro Cloud One - Workload Secuity Investigation - source - 12/14/21
TrendMicro Cloud Sandbox Not vuln - source - 12/14/21
TrendMicro Deep Discovery Advisor Investigation - source - 12/14/21
TrendMicro Deep Discovery Analyzer Not vuln - source - 12/14/21
TrendMicro Deep Discovery Director Investigation - source - 12/14/21
TrendMicro Deep Discovery Email Inspector Investigation - source - 12/14/21
TrendMicro Deep Discovery Inspector Investigation - source - 12/14/21
TrendMicro Deep Discovery Web Inspector Investigation - source - 12/14/21
TrendMicro Deep Security Not vuln - source - 12/14/21
TrendMicro Endpoint Application Control Investigation - source - 12/14/21
TrendMicro Fraudbuster Not vuln - source - 12/14/21
TrendMicro Home Network Security Not vuln - source - 12/14/21
TrendMicro Housecall Not vuln - source - 12/14/21
TrendMicro Instant Messaging Security Not vuln - source - 12/14/21
TrendMicro Internet Security for Mac (Consumer) Not vuln - source - 12/14/21
TrendMicro Interscan Messaging Security Investigation - source - 12/14/21
TrendMicro Interscan Messaging Security Virtual Appliance (IMSVA) Investigation - source - 12/14/21
TrendMicro Interscan Web Security Suite Investigation - source - 12/14/21
TrendMicro Interscan Web Security Virtual Appliance (IWSVA) Investigation - source - 12/14/21
TrendMicro Mobile Secuirty for Enterprise Not vuln - source - 12/14/21
TrendMicro MyAccount (Consumer Sign-on) Not vuln - source - 12/14/21
TrendMicro Network Viruswall Not vuln - source - 12/14/21
TrendMicro OfficeScan Not vuln - source - 12/14/21
TrendMicro Password Manager Not vuln - source - 12/14/21
TrendMicro Phish Insight Not vuln - source - 12/14/21
TrendMicro Policy Manager Not vuln - source - 12/14/21
TrendMicro Portable Security Not vuln - source - 12/14/21
TrendMicro PortalProtect Not vuln - source - 12/14/21
TrendMicro Remote Manager Investigation - source - 12/14/21
TrendMicro Rescue Disk Not vuln - source - 12/14/21
TrendMicro Rootkit Buster Not vuln - source - 12/14/21
TrendMicro Safe Lock Investigation - source - 12/14/21
TrendMicro Safe Lock 2.0 Not vuln - source - 12/14/21
TrendMicro Sandbox as a Service Investigation - source - 12/14/21
TrendMicro ScanMail for Domino Investigation - source - 12/14/21
TrendMicro ScanMail for Exchange Not vuln - source - 12/14/21
TrendMicro Secuirty for Mac Investigation - source - 12/14/21
TrendMicro Security for NAS Not vuln - source - 12/14/21
TrendMicro ServerProtect (all versions) Investigation - source - 12/14/21
TrendMicro Smart Home Network Investigation - source - 12/14/21
TrendMicro Smart Protection Complete Investigation - source - 12/14/21
TrendMicro Smart Protection for Endpoints Investigation - source - 12/14/21
TrendMicro Smart Protection Server (SPS) Not vuln - source - 12/14/21
TrendMicro TippingPoint (all variations) Investigation - source - 12/14/21
TrendMicro TMUSB Not vuln - source - 12/14/21
TrendMicro Trend Micro Email Security & HES Fix - source - 12/14/21
TrendMicro Trend Micro ID Security Not vuln - source - 12/14/21
TrendMicro Trend Micro Remote Manager Not vuln - source - 12/14/21
TrendMicro Trend Micro Web Security Not vuln - source - 12/14/21
TrendMicro Vision One Fix - source - 12/14/21
TrendMicro Vulnerability Protection Investigation - source - 12/14/21
TrendMicro Worry-Free Business Security (on-prem) Investigation - source - 12/14/21
TrendMicro Worry-Free Business Security Services Not vuln - source - 12/14/21
Ubiquiti UniFi Network Application 6.5.54 Fix - source - 12/14/21
US Signal Remote Management and Monitoring platform Workaround - source - 12/14/21
USoft USoft 9.1.1F Vulnerable - proof Found by manual scanning - 12/14/21
Veeam All products Investigation - source Veeam is still investigating, but it looks like the Veeam products don't use log4j - 12/14/21
VMware API Portal for VMware Tanzu 1.x Vulnerable - source - 12/14/21
VMware AppDefense Appliance 2.x Workaround - source, workaround - 12/14/21
VMware App Metrics 2.1.1 Fix - source, fix - 12/14/21
VMware Carbon Black Cloud Workload Appliance 1.x Workaround - source, workaround - 12/14/21
VMware Carbon Black EDR Server 7.x, 6.x Fix - source, workaround, fix Fixed in 7.6.0 - 12/14/21
VMware Cloud Foundation 4.x, 3.x Workaround - source, workaround - 12/14/21
VMware Cloud Gateway for VMware Tanzu 1.x Vulnerable - source - 12/14/21
VMware Cloud Services for VMware Tanzu 3.x Vulnerable - source - 12/14/21
VMware HCX 4.x, 3.x Vulnerable - source
- 12/14/21
VMware Healthwatch for Tanzu Application Service 2.1.7, 1.8.6 Fix - source, fix - 12/14/21
VMware Horizon 8.x, 7.x Workaround - source, workaround - 12/14/21
VMware Horizon Cloud Connector 1.x, 2.x Fix - source, fix - 12/14/21
VMware Horizon DaaS 9.1.x, 9.0.x Workaround - source, workaround - 12/14/21
VMware Identity Manager 3.3.x Workaround - source, workaround - 12/14/21
VMware NSX Data Center for vSphere 6.x Workaround - source, workaround - 12/14/21
VMware NSX-T Data Center 3.x, 2.x Workaround - source, workaround - 12/14/21
VMware Single Sign-On for VMware Tanzu Application Service 1.x Vulnerable - source - 12/14/21
VMware Site Recovery Manager 8.x Vuln - source, workaround - 12/14/21
VMware Spring Boot < 2.5.8, < 2.6.2 Workaround - source - 12/14/21
VMware Spring Cloud Gateway for Kubernetes 1.x Vulnerable - source - 12/14/21
VMware Tanzu Application Service for VMs 2.x Fix - source, workaround, fix - 12/14/21
VMware Tanzu GemFire 8.x Workaround - source, workaround - 12/14/21
VMware Tanzu Greenplum 6.x Workaround - source, workaround - 12/14/21
VMware Tanzu Kubernetes Grid Integrated Edition 2.x Workaround - source, workaround - 12/14/21
VMware Tanzu Observability by Wavefront Nozzle 3.0.3 Fix - source, fix - 12/14/21
VMware Tanzu Operations Manager 2.x Fix - source, workaround, fix - 12/14/21
VMware Tanzu SQL with MySQL for VMs 2.x, 1.x Vulnerable - source - 12/14/21
VMware Telco Cloud Automation 2.x, 1.x Vulnerable - source - 12/14/21
VMware Unified Access Gateway 21.x, 20.x, 3.x Workaround - source, workaround - 12/14/21
VMware vCenter Cloud Gateway 1.x Workaround - source, workaround - 12/14/21
VMware vCenter Server 6.x Workaround - source, workaround Running on: Windows - 12/14/21
VMware vCenter Server 7.x, 6.x Workaround - source, workaround Running on: Virtual Appliance - 12/14/21
VMware vCloud Director all Not vuln - source
- 12/14/21
VMware vCloud Workstation all Not vuln - source
- 12/14/21
VMware vRealize Automation 8.x, 7.x Vulnerable - source - 12/14/21
VMware vRealize Lifecycle Manager 8.x Workaround - source, workaround - 12/14/21
VMware vRealize Log Insight 8.x Workaround - source, workaround - 12/14/21
VMware vRealize Operations 8.x Workaround - source, workaround - 12/14/21
VMware vRealize Operations Cloud Proxy Any Workaround - source, workaround - 12/14/21
VMware vRealize Orchestrator 8.x, 7.x Vulnerable - source - 12/14/21
VMware vSphere ESXi Unknown Not Vuln - source - 12/14/21
VMware Workspace ONE Access 21.x, 20.x Workaround - source, workaround - 12/14/21
VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 19.03.0.1, 20.x, 21.x Workaround - source, workaround - 12/14/21
Watcher Watcher all Not vuln - source
- 12/14/21
Wind River Wind River Linux <= 8 Not vuln - source "contain package log4j, but their version is 1.2.x, too old to be affected" - 12/14/21
Wind River Wind River Linux > 8 Not vuln - source no support for log4j - 12/14/21
WitFoo WitFoo Precinct 6.x Fix - source WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable - 12/14/21
Wowza Wowza Streaming Engine 4.7.8, 4.8.x Workaround - source - 12/14/21
Yahoo Vespa Not vuln - source Your Vespa application may still be affected if log4j is included in your application package - 12/14/21
Zabbix Zabbix Not vuln - source Zabbix is aware of this vulnerability, has completed verification, and can conclude that the only product where we use Java is Zabbix Java Gateway, which does not utilize the log4j library, thereby is not impacted by this vulnerability. - 12/14/21
Zammad Zammad Workaround - source Most of Zammad instances make use of Elasticsearch which might be vulnerable. - 12/14/21
Zerto Virtual Replication Appliance Not vuln - source - 12/14/21
Zerto Zerto Cloud Appliance Not vuln - source - 12/14/21
Zerto Zerto Cloud Manager Not vuln - source - 12/14/21
Zerto Zerto Virtual Manager Not vuln - source - 12/14/21
Zesty Zesty.io Not vuln - source - 12/14/21