1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 16:40:48 +00:00
A community sourced list of log4j-affected software
Find a file
2021-12-14 07:50:56 -05:00
.github Remove blank template 2021-12-13 17:40:34 -05:00
README.md Add CA & Webpage data 2021-12-14 07:50:56 -05:00

CISA Log4j (CVE-2021-44228) Vulnerability Guidance

This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.

Official CISA Guidance & Resources:
Webpage: CISA Apache Log4j Vulnerability Guidance
CISA Director Jen Easterly's Statement: Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alerts:
Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
National Vulnerability Database (NVD) Information: CVE-2021-44228

CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open an issue here. We have a template available for your submission. Please also feel free to submit a pull request.

Status Descriptions

Status Description
Unknown Status unknown. Default choice.
Affected Reported to be affected by CVE-2021-44228.
Not Affected Reported to NOT be affected by CVE-2021-44228 and no further action necessary.
Fixed Patch and/or mitigations available (see provided links).
Under Investigation Vendor investigating status.

Software List

Vendor Product Version Status Update Available Vendor Link Notes Other References Last Updated
Sample-Vendor Product-A 1.15.0 Affected Yes/No Update Link Here <Statement by vendor, vuln note, etc.> Link Here 12/11/2021