You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
116 KiB
116 KiB
CISA Log4j (CVE-2021-44228) Vulnerability Guidance
This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
Official CISA Guidance & Resources
- CISA Apache Log4j Vulnerability Guidance
- Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alerts
- Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
- CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
National Vulnerability Database (NVD) Information: CVE-2021-44228
CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open an issue here. We have a template available for your submission. Please also feel free to submit a pull request.
Mitigation Guidance
CISA urges organizations operating products marked as "Fixed" to immediately implement listed patches/mitigations here.
CISA urges organizations operating products marked as "Not Fixed" to immediately implement alternate controls, including:
- Install a WAF with rules that automatically update.
- Set
log4j2.formatMsgNoLookupsto true by adding-Dlog4j2.formatMsgNoLookups=Trueto the Java Virtual Machine command for starting your application. - Ensure that any alerts from a vulnerable device are immediately actioned.
- Report incidents promptly to CISA and/or the FBI here.
Status Descriptions
| Status | Description |
|---|---|
| Unknown | Status unknown. Default choice. |
| Affected | Reported to be affected by CVE-2021-44228. |
| Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
| Fixed | Patch and/or mitigations available (see provided links). |
| Under Investigation | Vendor investigating status. |
Software List
This list was initially populated using information from the following sources:
- Kevin Beaumont
| Vendor | Product | Version(s) | Status | Update available | Vendor link | Notes | Other References | Last Updated |
|---|---|---|---|---|---|---|---|---|
| Akamai | SIEM Splunk Connector | All | Affected | GitHub - akamai/siem-splunk-connector: Akamai SIEM Connector for Splunk | ||||
| Amazon | OpenSearch | Unknown | Affected | Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com) | ||||
| Amazon | AWS Lambda | Unknown | Affected | Yes | Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com) | |||
| Amazon | AWS CloudHSM | < 3.4.1. | Affected | Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com) | ||||
| Amazon | EC2 | Amazon Linux 1 & 2 | Unknown | Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com) | ||||
| Apache | Druid | < druid 0.22.0 | Affected | Yes | Release druid-0.22.1 · apache/druid · GitHub | 12/12/2021 | ||
| Apache | Flink | < flink 1.15.0, 1.14.1, 1.13.3 | Affected | No | Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228) | 12/12/2021 | ||
| Apache | Log4j | < 2.15.0 | Affected | Yes | Log4j – Apache Log4j Security Vulnerabilities | |||
| Apache | Kafka | Unknown | Affected | No | Log4j – Apache Log4j Security Vulnerabilities | Only vulnerable in certain configuration(s) | ||
| Apache | SOLR | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Affected | Yes | Log4j – Apache Log4j Security Vulnerabilities | |||
| Apereo | CAS | 6.3.x & 6.4.x | Affected | Yes | CAS Log4J Vulnerability Disclosure – Apereo Community Blog | |||
| Apereo | Opencast | < 9.10, < 10.6 | Affected | Yes | Apache Log4j Remote Code Execution · Advisory · opencast/opencast · GitHub | |||
| Aptible | Aptible | ElasticSearch 5.x | Affected | Yes | Aptible Status - Log4j security incident CVE-2021-27135 | |||
| Atlassian | Jira Server & Data Center | All | Affected | Yes | FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation | You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, | ||
| Atlassian | Confluence Server & Data Center | All | Affected | Yes | FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation | You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, | ||
| Atlassian | Bamboo Server & Data Center | All | Affected | Yes | FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | ||
| Atlassian | Crowd Server & Data Center | All | Affected | Yes | FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | ||
| Atlassian | Fisheye | All | Affected | Yes | FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | ||
| Atlassian | Crucible | All | Affected | Yes | FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation | |||
| BMC | BMC Helix ITSM | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Discovery | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Remedyforce | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Digital Workplace | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Business Workflows | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Client Management | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix CMDB | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Knowledge Management | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Operations Management with AIOps | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Platform | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Remediate | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Virtual Agent | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | Remedy ITSM (IT Service Management) | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | Footprints | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | Track-It! | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | SmartIT | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Control-M | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | Control-M | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | Cloud Lifecycle Management | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | TrueSight Automation for Networks | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | TrueSight Automation for Servers | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | TrueSight Orchestration | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | Bladelogic Database Automation | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC AMI Ops | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Automation Console | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Cloud Cost | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Cloud Security | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Continuous Optimization | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix platform | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Helix Remediate | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | TrueSight Capacity Optimization | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | TrueSight Infrastructure Management | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | TrueSight Operations Management | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC AMI Products | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | MainView Middleware Administrator | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | MainView Middleware Monitor | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| BMC | BMC Compuware | Under Investigation | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community | |||||
| Broadcom | CA Advanced Authentication | 9.1 | Affected | |||||
| Broadcom | CA Risk Authentication | Affected | ||||||
| Broadcom | CA Strong Authentication | Affected | ||||||
| Broadcom | Symantec Endpoint Protection Manager (SEPM) | 14.3 | Affected | No | Broadcom Support Portal | |||
| Broadcom | CloudSOC Cloud Access Security Broker (CASB) | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Symantec Control Compliance Suite (CCS) | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Data Center Security (DCS) | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Data Loss Prevention (DLP) | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Ghost Solution Suite (GSS) | Not Affected | Broadcom Support Portal | |||||
| Broadcom | IT Management Suite | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Layer7 API Gateway | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Layer7 Mobile API Gateway | Not Affected | Broadcom Support Portal | |||||
| Broadcom | ProxySG | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Security Analytics (SA) | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Symantec Directory | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Symantec Identity Governance and Administration (IGA) | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Symantec PGP Solutions | Not Affected | Broadcom Support Portal | |||||
| Broadcom | VIP | Not Affected | Broadcom Support Portal | |||||
| Broadcom | Advanced Secure Gateway (ASG) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | BCAAA | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Content Analysis (CA) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Cloud Workload Protection (CWP) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Cloud Workload Protection for Storage (CWP:S) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Critical System Protection (CSP) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Email Security Service (ESS) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | HSM Agent | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Industrial Control System Protection (ICSP) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Integrated Cyber Defense Manager (ICDm) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Integrated Secure Gateway (ISG) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Layer7 API Developer Portal | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Management Center (MC) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | PacketShaper (PS) S-Series | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | PolicyCenter (PC) S-Series | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Privileged Access Manager | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Privileged Access Manager Server Control | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Privileged Identity Manager | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Reporter | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Secure Access Cloud (SAC) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | SiteMinder (CA Single Sign-On) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | SSL Visibility (SSLV) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Symantec Endpoint Detection and Response (EDR) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Symantec Endpoint Encryption (SEE) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Symantec Endpoint Protection (SEP) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Symantec Endpoint Protection (SEP) for Mobile | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Symantec Mail Security for Microsoft Exchange (SMSMSE) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Symantec Messaging Gateway (SMG) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Symantec Protection Engine (SPE) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Symantec Protection for SharePoint Servers (SPSS) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | VIP Authentication Hub | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Web Isolation (WI) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | Web Security Service (WSS) | Under Investigation | Broadcom Support Portal | |||||
| Broadcom | WebPulse | Under Investigation | Broadcom Support Portal | |||||
| Check Point | Quantum Security Gateway | Not Affected | ||||||
| Check Point | Quantum Security Management | Not Affected | Uses the 1.8.0_u241 version of the JRE that protects against this attack by default. | |||||
| Check Point | CloudGuard | Not Affected | ||||||
| Check Point | Infinity Portal | Not Affected | ||||||
| Check Point | Harmony Endpoint & Harmony Mobile | Not Affected | ||||||
| Check Point | SMB | Not Affected | ||||||
| Check Point | ThreatCloud | Not Affected | ||||||
| Cisco | Cisco Webex Meetings Server | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Advanced Web Security Reporting Application | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco CloudCenter Suite Admin | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Crosswork Change Automation | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Evolved Programmable Network Manager | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Integrated Management Controller (IMC) Supervisor | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Intersight Virtual Appliance | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Network Services Orchestrator (NSO) | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco WAN Automation Engine (WAE) | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco UCS Director | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Computer Telephony Integration Object Server (CTIOS) | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Packaged Contact Center Enterprise | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Unified Contact Center Enterprise - Live Data server | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Unified Contact Center Enterprise | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Unified Intelligent Contact Management Enterprise | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Unified SIP Proxy Software | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Video Surveillance Operations Manager | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Kinetic for Cities | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Umbrella | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Unified Communications Manager Cloud | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco Webex Cloud-Connected UC (CCUC) | Affected | No | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Duo | Not Affected | Yes | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | ||||
| Cisco | Cisco SocialMiner | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco AnyConnect Secure Mobility Client | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Webex Teams | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Extensible Network Controller (XNC) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Nexus Data Broker | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Nexus Insights | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Wide Area Application Services (WAAS) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco AMP Virtual Private Cloud Appliance | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Firepower Management Center | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Firepower Threat Defense (FTD) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Identity Services Engine (ISE) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Registered Envelope Service | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Web Security Appliance (WSA) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco ACI Multi-Site Orchestrator | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco CloudCenter Workload Manager | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Connected Grid Device Manager | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Connected Mobile Experiences | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco DNA Assurance | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Data Center Network Manager (DCNM) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Elastic Services Controller (ESC) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco IoT Operations Dashboard | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Modeling Labs | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Network Planner | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Nexus Dashboard (formerly Cisco Application Services Engine) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Optical Network Planner | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Policy Suite | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Prime Central for Service Providers | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Prime Collaboration Manager | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Prime Collaboration Provisioning | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Prime Infrastructure | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Prime License Manager | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Prime Network | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Prime Optical for Service Providers | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Prime Provisioning | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Prime Service Catalog | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco UCS Performance Manager | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco ACI Virtual Edge | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco ASR 5000 Series Routers | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Catalyst 9800 Series Wireless Controllers | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco DNA Center | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Enterprise NFV Infrastructure Software (NFVIS) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco GGSN Gateway GPRS Support Node | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco IOS and IOS XE Software | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco IOx Fog Director | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco IP Services Gateway (IPSG) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco MDS 9000 Series Multilayer Switches | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco MME Mobility Management Entity | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Network Assurance Engine | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Network Convergence System 2000 Series | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Nexus 5500 Platform Switches | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Nexus 5600 Platform Switches | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Nexus 6000 Series Switches | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Nexus 7000 Series Switches | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco PDSN/HA Packet Data Serving Node and Home Agent | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cis co Products: December 2021 | |||||
| Cisco | Cisco PGW Packet Data Network Gateway | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco SD-WAN vEdge 1000 Series Routers | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco SD-WAN vEdge 2000 Series Routers | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco SD-WAN vEdge 5000 Series Routers | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco SD-WAN vEdge Cloud Router Platform | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco SD-WAN vManage | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Secure Network Analytics (SNA), formerly Stealthwatch | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco System Architecture Evolution Gateway (SAEGW) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco HyperFlex System | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco BroadWorks | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Broadcloud Calling | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Contact Center Domain Manager (CCDM) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Contact Center Management Portal (CCMP) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Emergency Responder | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Enterprise Chat and Email | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Finesse | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Paging Server (InformaCast) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Paging Server | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Unified Attendant Console Advanced | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Unified Attendant Console Business Edition | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Unified Attendant Console Department Edition | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Unified Attendant Console Enterprise Edition | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Unified Attendant Console Premium Edition | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Unified Contact Center Express | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Virtualized Voice Browser | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Exony Virtualized Interaction Manager (VIM) | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Meeting Server | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco TelePresence Management Suite | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Vision Dynamic Signage Director | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco CX Cloud Agent Software | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Cognitive Intelligence | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Common Services Platform Collector | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Connectivity | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco DNA Spaces | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Defense Orchestrator | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Intersight | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Cisco Network Assessment (CNA) Tool | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | Managed Services Accelerator (MSX) Network Access Control Service | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | AppDynamics | Under Investigation | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 | |||||
| Cisco | duo network gateway (on-prem/self-hosted) | Under Investigation | ||||||
| Citrix | Citrix ADC | Under Investigation | https://support.citrix.com/article/CTX335705 | |||||
| Citrix | Citrix Endpoint Management | Under Investigation | https://support.citrix.com/article/CTX335705 | |||||
| Citrix | Citrix Gateway | Under Investigation | https://support.citrix.com/article/CTX335705 | |||||
| Citrix | Citrix SD-WAN | Under Investigation | https://support.citrix.com/article/CTX335705 | |||||
| Citrix | Citrix Virtual Apps and Desktops | Under Investigation | https://support.citrix.com/article/CTX335705 | |||||
| Cloudera | CDH, HDP, and HDF | Only version 6.x | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Enterprise | Only version 6.x | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Data Science Workbench (CDSW) | Only versions 2.x, 3.x | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Hortonworks Data Platform (HDP) | Only versions 7.1.x, 2.7.x, 2.6.x | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Ambari | Only versions 2.x, 1.x | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Cybersecurity Platform | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Data Steward Studio (DSS) | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Arcadia Enterprise | Only version 7.1.x | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | CDP Private Cloud Base | Only version 7.x | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Data Warehouse (CDW) | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Machine Learning (CML) | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Data Engineering (CDE) | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Management Console | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Workload XM | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Flow Management (CFM) | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Edge Management (CEM) | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Stream Processing (CSP) | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | CDS 3 Powered by Apache Spark | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | CDS 3.2 for GPUs | All versions | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) | Only versions 7.0.x, 7.1.x, 7.2.x | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) | Only versions 7.0.x, 7.1.x, 7.2.x | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | ||||
| Cloudera | Cloudera Data Warehouse (CDW) | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Cloudera Machine Learning (CML) | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Cloudera Data Engineering (CDE) | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Cloudera Data Flow (CFM) | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Cloudera Streaming Analytics (CSA) | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Cloudera Data Visualization (CDV) | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Cloudera DataFlow (CDF) | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Replication Manager | Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Cloudera Manager (Including Backup Disaster Recovery (BDR)) | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | AM2CM Tool | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Hortonworks Data Flow (HDF) | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Hortonworks DataPlane Platform | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Data Lifecycle Manager (DLM) | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Cloudera Streaming Analytics (CSA) | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Management Console for CDP Public Cloud | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | CDP Operational Database (COD) | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Data Catalog | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Workload Manager | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Workload XM (SaaS) | Not Affected | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | SmartSense | Under Investigation | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Cloudera | Data Analytics Studio (DAS) | Under Investigation | https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 | |||||
| Devolutions | All products | Not Affected | https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ | |||||
| Dynatrace | Managed cluster nodes | Affected | ||||||
| Dynatrace | Synthetic Activegates | Affected | ||||||
| ElasticSearch | all products | Not Affected | ||||||
| F-Secure | Endpoint Proxy | 13-15 | Affected | Yes | F-Secure services Status - 0-day exploit found in the Java logging package log4j2 | |||
| F-Secure | Policy Manager | 13-15 | Affected | Yes | F-Secure services Status - 0-day exploit found in the Java logging package log4j2 | |||
| F-Secure | Policy Manager Proxy | 13-15 | Affected | Yes | F-Secure services Status - 0-day exploit found in the Java logging package log4j2 | |||
| F-Secure | Elements Connector | Affected | Yes | The Log4J Vulnerability (CVE-2021-44228) – which F-Secure products are affected, what it means, what steps should you take - F-Secure Community | ||||
| F-Secure | Messaging Security Gateway | Affected | Yes | The Log4J Vulnerability (CVE-2021-44228) – which F-Secure products are affected, what it means, what steps should you take - F-Secure Community | ||||
| Forcepoint | DLP Manager | Affected | Login (forcepoint.com) | |||||
| Forcepoint | Security Manager (Web, Email and DLP) | Affected | Login (forcepoint.com) | |||||
| Forcepoint | Forcepoint Cloud Security Gateway (CSG) | Not Affected | Login (forcepoint.com) | |||||
| Forcepoint | Next Generation Firewall (NGFW) | Not Affected | Login (forcepoint.com) | |||||
| Forcepoint | Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder | Not Affected | Login (forcepoint.com) | |||||
| Forcepoint | One Endpoint | Not Affected | Login (forcepoint.com) | |||||
| ForgeRock | Autonomous Identity | Affected | Security Advisories - Knowledge - BackStage (forgerock.com) | all other ForgeRock products Not vulnerable | ||||
| Fortinet | FortiAIOps | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiCASB | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiConvertor | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiEDR Cloud | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiNAC | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiNAC | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiPolicy | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiPortal | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiSIEM | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiSOAR | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | ShieldX | Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiAnalyzer Cloud | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiAnalyzer | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiAP | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiAuthenticator | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiDeceptor | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiEDR Agent | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiGate Cloud | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiGSLB Cloud | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiMail | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiManager Cloud | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiManager | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiOS (includes FortiGate & FortiWiFi) | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiPhish Cloud | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiRecorder | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiSwicth Cloud in FortiLANCloud | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiSwitch & FortiSwitchManager | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiToken Cloud | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiVoice | Not Affected | PSIRT Advisories FortiGuard | |||||
| Fortinet | FortiWeb Cloud | Not Affected | PSIRT Advisories FortiGuard | |||||
| FusionAuth | FusionAuth | 1.32 | Not Affected | log4j CVE: How it affects FusionAuth (TLDR: It doesn't) - FusionAuth | ||||
| Gradle | Gradle | Not Affected | No | Gradle Blog - Dealing with the critical Log4j vulnerability | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | |||
| Gradle | Gradle Enterprise | < 2021.3.6 | Affected | Yes | Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2 | |||
| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | Affected | Yes | Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2 | |||
| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | Affected | Yes | Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2 | |||
| IBM | BigFix Compliance | Affected | No | |||||
| IBM | BigFix Inventory | VM Manager Tool & SAP Tool | Affected | No | To verify if your instance is affected, go to the lib subdirectory of the tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version of log4j is included. Version is included in the name of the library. | |||
| IBM | Server Automation | Affected | No | |||||
| IBM | Management Extender for VMware vCenter | Affected | No | |||||
| IBM | Resilient | Under Investigation | ||||||
| Jenkins | CI/CD Core | Not Affected | ||||||
| Jenkins | Plugins | Unkown | Need to audit plugins for use of log4j | |||||
| Jetbrains | Affected | Yes | https://www.jetbrains.com/help/license_server/release_notes.html | |||||
| McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | Not Affected | ||||||
| McAfee | Data Exchange Layer (DXL) | Under Investigation | ||||||
| McAfee | Enterprise Security Manager (ESM) | Under Investigation | ||||||
| McAfee | ePolicy Orchestrator Application Server (ePO) | Under Investigation | ||||||
| McAfee | McAfee Active Response (MAR) | Under Investigation | ||||||
| McAfee | Network Security Manager (NSM) | Under Investigation | ||||||
| McAfee | Network Security Platform (NSP) | Under Investigation | ||||||
| McAfee | Threat Intelligence Exchange (TIE) | Under Investigation | ||||||
| Microsoft | Azure Data lake store java | < 2.3.10 | Affected | azure-data-lake-store-java/CHANGES.md at ed5d6304783286c3cfff0a1dee457a922e23ad48 · Azure/azure-data-lake-store-java · GitHub | ||||
| MongoDB | MongoDB Atlas Search | Affected | yes | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | ||||
| MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | Not Affected | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | |||||
| MongoDB | MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) | Not Affected | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | |||||
| MongoDB | MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | Not Affected | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | |||||
| MongoDB | MongoDB Drivers | Not Affected | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | |||||
| MongoDB | MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) | Not Affected | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | |||||
| MongoDB | MongoDB Realm (including Realm Database, Sync, Functions, APIs) | Not Affected | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | |||||
| Netapp | Multiple NetApp products | Affected | https://security.netapp.com/advisory/ntap-20211210-0007/ | |||||
| Okta | Okta RADIUS Server Agent | < 2.17.0 | Affected | Okta RADIUS Server Agent CVE-2021-44228 Okta | 12/12/2021 | |||
| Okta | Okta On-Prem MFA Agent | < 1.4.6 | Affected | Okta On-Prem MFA Agent CVE-2021-44228 Okta | 12/12/2021 | |||
| Okta | Advanced Server Access | Not Affected | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | 12/12/2021 | ||||
| Okta | Okta Access Gateway | Not Affected | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | 12/12/2021 | ||||
| Okta | Okta AD Agent | Not Affected | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | 12/12/2021 | ||||
| Okta | Okta Browser Plugin | Not Affected | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | 12/12/2021 | ||||
| Okta | Okta IWA Web Agent | Not Affected | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | 12/12/2021 | ||||
| Okta | Okta LDAP Agent | Not Affected | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | 12/12/2021 | ||||
| Okta | Okta Mobile | Not Affected | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | 12/12/2021 | ||||
| Okta | Okta Workflows | Not Affected | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | 12/12/2021 | ||||
| Okta | Okta Verify | Not Affected | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | 12/12/2021 | ||||
| Palo-Alto | Prisma Cloud Compute | Not Affected | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | |||||
| Palo-Alto | Prisma Cloud | Not Affected | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | |||||
| Palo-Alto | PAN-OS | Not Affected | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | |||||
| Palo-Alto | GlobalProtect App | Not Affected | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | |||||
| Palo-Alto | Cortex XSOAR | Not Affected | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | |||||
| Palo-Alto | Cortex XDR Agent | Not Affected | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | |||||
| Palo-Alto | CloudGenix | Not Affected | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | |||||
| Pulse Secure | Pulse Secure Virtual Traffic Manager | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Pulse Secure Services Director | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Pulse Secure Web Application Firewall | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Pulse Connect Secure | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Ivanti Connect Secure (ICS) | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Pulse Policy Secure | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Pulse Desktop Client | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Pulse Mobile Client | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Pulse One | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Pulse ZTA | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Ivanti Neurons for ZTA | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Pulse Secure | Ivanti Neurons for secure Access | Not Affected | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | |||||
| Red Hat build of Quarkus | log4j-core low | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat CodeReady Studio 12 | log4j-core | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat Data Grid 8 | log4j-core | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat Descision Manager 7 | log4j-core low | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat Enterprise Linux 6 | log4j | Not Affected | CVE-2021-44228- Red Hat Customer Portal | |||||
| Red Hat Enterprise Linux 7 | log4j | Not Affected | CVE-2021-44228- Red Hat Customer Portal | |||||
| Red Hat Enterprise Linux 8 | parfait:0.5/log4j12 | Not Affected | CVE-2021-44228- Red Hat Customer Portal | |||||
| Red Hat Integration Camel K | log4j-core | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat Integration Camel Quarkus | log4j-core | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat JBoss A-MQ Streaming | log4j-core | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat JBoss Enterprise Application Platform 7 | log4j-core low | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | log4j-core low | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat JBoss Fuse 7 | log4j-core | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat OpenShift Application Runtimes | log4j-core | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-presto | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hive | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch6 | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat OpenShift Logging | logging-elasticsearch6-container | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat Process Automation 7 | log4j-core low | Affected | No | CVE-2021-44228- Red Hat Customer Portal | ||||
| Red Hat Single Sign-On 7 | log4j-core | Not Affected | CVE-2021-44228- Red Hat Customer Portal | |||||
| Red Hat Software Collections | rh-maven36-log4j12 | Not Affected | CVE-2021-44228- Red Hat Customer Portal | |||||
| Red Hat Software Collections | rh-maven35-log4j12 | Not Affected | CVE-2021-44228- Red Hat Customer Portal | |||||
| Red Hat Software Collections | rh-java-common-log4j | Not Affected | CVE-2021-44228- Red Hat Customer Portal | |||||
| Redhat | log4j-core | Not Affected | CVE-2021-44228- Red Hat Customer Portal | |||||
| RSA | SecurID Authentication Manager | Not Affected | ||||||
| RSA | SecurID Authentication Manager Prime | Not Affected | ||||||
| RSA | SecurID Authentication Manager WebTier | Not Affected | ||||||
| RSA | SecurID Identity Router | Not Affected | ||||||
| RSA | SecurID Governance and Lifecycle | Not Affected | ||||||
| RSA | SecurID Governance and Lifecycle Cloud | Not Affected | ||||||
| Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | Affected | Ruckus Wireless (support.ruckuswireless.com) | 12/13/2021 | |||
| SonicWall | Gen5 Firewalls (EOS) | Not Affected | Security Advisory (sonicwall.com) | Log4j2 not used in the appliance. | 12/12/2021 | |||
| SonicWall | Gen6 Firewalls | Not Affected | Security Advisory (sonicwall.com) | Log4j2 not used in the appliance. | 12/12/2021 | |||
| SonicWall | Gen7 Firewalls | Not Affected | Security Advisory (sonicwall.com) | Log4j2 not used in the appliance. | 12/12/2021 | |||
| SonicWall | SonicWall Switch | Not Affected | Security Advisory (sonicwall.com) | Log4j2 not used in the SonicWall Switch. | 12/12/2021 | |||
| SonicWall | SMA 100 | Not Affected | Security Advisory (sonicwall.com) | Log4j2 not used in the SMA100 appliance. | 12/12/2021 | |||
| SonicWall | SMA 1000 | Not Affected | Security Advisory (sonicwall.com) | Version 12.1.0 and 12.4.1 doesn't use a vulnerable version | 12/12/2021 | |||
| SonicWall | Email Security | Not Affected | Security Advisory (sonicwall.com) | Version 10.x doesn't use a vulnerable version | 12/12/2021 | |||
| SonicWall | MSW | Not Affected | Security Advisory (sonicwall.com) | Mysonicwall service doesn't use Log4j | 12/12/2021 | |||
| SonicWall | NSM | Not Affected | Security Advisory (sonicwall.com) | NSM On-Prem and SaaS doesn't use a vulnerable version | 12/12/2021 | |||
| SonicWall | Capture Client & Capture Client Portal | Not Affected | Security Advisory (sonicwall.com) | Log4j2 not used in the Capture Client. | 12/12/2021 | |||
| SonicWall | Access Points | Not Affected | Security Advisory (sonicwall.com) | Log4j2 not used in the SonicWall Access Points | 12/12/2021 | |||
| SonicWall | WNM | Not Affected | Security Advisory (sonicwall.com) | Log4j2 not used in the WNM. | 12/12/2021 | |||
| SonicWall | Capture Security Appliance | Not Affected | Security Advisory (sonicwall.com) | Log4j2 not used in the Capture Security appliance. | 12/12/2021 | |||
| SonicWall | WXA | Not Affected | Security Advisory (sonicwall.com) | WXA doesn't use a vulnerable version | 12/12/2021 | |||
| SonicWall | SonicCore | Not Affected | Security Advisory (sonicwall.com) | SonicCore doesn't use a Log4j2 | 12/12/2021 | |||
| SonicWall | Analyzer | Under Investigation | Security Advisory (sonicwall.com) | Under Review | 12/12/2021 | |||
| SonicWall | Analytics | Under Investigation | Security Advisory (sonicwall.com) | Under Review | 12/12/2021 | |||
| SonicWall | GMS | Under Investigation | Security Advisory (sonicwall.com) | Under Review | 12/12/2021 | |||
| SonicWall | CAS | Under Investigation | Security Advisory (sonicwall.com) | Under Review | 12/12/2021 | |||
| SonicWall | WAF | Under Investigation | Security Advisory (sonicwall.com) | Under Review | 12/12/2021 | |||
| Sophos | Sophos Mobile EAS Proxy | < 9.7.2 | Affected | No | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers will need to download and install version 9.7.2, available from Monday December 13, 2021, on the same machine where it is currently running. PowerShell mode is not affected. Customers can download the Standalone EAS Proxy Installer version 9.7.2 from the Sophos website. | 12/12/2021 | |
| Sophos | Cloud Optix | Fixed | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Users may have noticed a brief outage around 12:30 GMT as updates were deployed. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted. | 12/12/2021 | |||
| Sophos | Sophos Firewall (all versions) | Not Affected | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Firewall does not use Log4j. | 12/12/2021 | |||
| Sophos | SG UTM (all versions) | Not Affected | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos SG UTM does not use Log4j. | 12/12/2021 | |||
| Sophos | SG UTM Manager (SUM) (all versions) | All versions | Not Affected | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | SUM does not use Log4j. | 12/12/2021 | ||
| Sophos | Sophos ZTNA | Not Affected | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos ZTNA does not use Log4j. | 12/12/2021 | |||
| Sophos | Sophos Home | Not Affected | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Home does not use Log4j. | 12/12/2021 | |||
| Sophos | Sophos Central | Not Affected | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Central does not run an exploitable configuration. | 12/12/2021 | |||
| Sophos | Sophos Mobile | Not Affected | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable configuration. | 12/12/2021 | |||
| Sophos | Reflexion | Not Affected | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Reflexion does not run an exploitable configuration. | 12/12/2021 | |||
| Splunk | Data Stream Processor | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||
| Splunk | IT Service Intelligence (ITSI) | 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||
| Splunk | Splunk Enterprise | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||
| Splunk | Splunk Enterprise Amazon Machine Image (AMI) | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||
| Splunk | Splunk Enterprise Docker Container | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||
| Splunk | Stream Processor Service | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||
| Splunk | Splunk Cloud Developer Edition | Under Investigation | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||||
| Splunk | Splunk Connect for SNMP | Under Investigation | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||||
| Splunk | Splunk DB Connect | Under Investigation | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||||
| Splunk | Splunk Forwarders (UF/HWF) | Under Investigation | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||||
| Splunk | Splunk Mint | Under Investigation | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | 12/12/2021 | ||||
| Spring | Spring Boot | Unkown | https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | ||||
| TrendMicro | All | Under Investigation | https://success.trendmicro.com/solution/000289940 | |||||
| Ubiquiti | UniFi Network Application | 6.5.53 & lower versions | Affected | Yes | UniFi Network Application 6.5.54 Ubiquiti Community | |||
| VMware | VMware vCenter Server | 8.x, 7.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware vCenter Server | 7.x, 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware vCenter Server | 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware HCX | 4.x, 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware NSX-T Data Centern | 3.x, 2.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Unified Access Gateway | 21.x, 20.x, 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Workspace ONE Access | 21.x, 20.10.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Identity Manager | 3.3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware vRealize Operations | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware vRealize Operations Cloud Proxy | Any | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware vRealize Log Insight | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware vRealize Automation | 8.x, 7.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware vRealize Lifecycle Manager | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Telco Cloud Automation | 2.x, 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Carbon Black Cloud Workload Appliance | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Carbon Black EDR Server | 7.x, 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Site Recovery Manager | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Tanzu GemFire | 9.x, 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Tanzu Greenplum | 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Tanzu Operations Manager | 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Tanzu Application Service for VMs | 2.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Tanzu Kubernetes Grid Integrated Edition | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Tanzu Observability by Wavefront Nozzle | 3.x, 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | Healthwatch for Tanzu Application Service | 2.x, 1.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | Spring Cloud Services for VMware Tanzu | 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | Spring Cloud Gateway for VMware Tanzu | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | Spring Cloud Gateway for Kubernetes | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | API Portal for VMware Tanzu | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | Single Sign-On for VMware Tanzu Application Service | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | App Metrics | 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware vCenter Cloud Gateway | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Tanzu SQL with MySQL for VMs | 2.x, 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware vRealize Orchestrator | 8.x, 7.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Cloud Foundation | 4.x, 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Horizon DaaS | 9.1.x, 9.0.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 | ||
| VMware | VMware Horizon Cloud Connector | 1.x, 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | 12/12/2021 |