1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-18 14:57:54 +00:00
log4j-affected-db/README.md
2021-12-15 14:31:56 -05:00

116 KiB
Raw Blame History

CISA Log4j (CVE-2021-44228) Vulnerability Guidance

This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.

Official CISA Guidance & Resources:
Webpage: CISA Apache Log4j Vulnerability Guidance
CISA Director Jen Easterly's Statement: Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alerts:
Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
National Vulnerability Database (NVD) Information: CVE-2021-44228

CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open an issue here. We have a template available for your submission. Please also feel free to submit a pull request.

Mitigation Guidance

CISA urges organizations operating products marked as "Fixed" to immediately implement listed patches/mitigations here.

CISA urges organizations operating products marked as "Not Fixed" to immediately implement alternate controls, including:

  • Install a WAF with rules that automatically update.
  • Set log4j2.formatMsgNoLookups to true by adding -Dlog4j2.formatMsgNoLookups=True to the Java Virtual Machine command for starting your application.
  • Ensure that any alerts from a vulnerable device are immediately actioned.
  • Report incidents promptly to CISA and/or the FBI here.

Status Descriptions

Status Description
Unknown Status unknown. Default choice.
Affected Reported to be affected by CVE-2021-44228.
Not Affected Reported to NOT be affected by CVE-2021-44228 and no further action necessary.
Fixed Patch and/or mitigations available (see provided links).
Under Investigation Vendor investigating status.

Software List

This list was initially populated using information from the following sources: Kevin Beaumont.

Vendor Product Version(s) Status Update available Vendor link Notes Other References Last Updated
Akamai SIEM Splunk Connector All Affected GitHub - akamai/siem-splunk-connector: Akamai SIEM Connector for Splunk
Amazon OpenSearch Unknown Affected Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Amazon AWS Lambda Unknown Affected Yes Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Amazon AWS CloudHSM < 3.4.1. Affected Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Amazon EC2 Amazon Linux 1 & 2 Unknown Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Apache Druid < druid 0.22.0 Affected Yes Release druid-0.22.1 · apache/druid · GitHub 12/12/2021
Apache Flink < flink 1.15.0, 1.14.1, 1.13.3 Affected No Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228) 12/12/2021
Apache Log4j < 2.15.0 Affected Yes Log4j Apache Log4j Security Vulnerabilities
Apache Kafka Unknown Affected No Log4j Apache Log4j Security Vulnerabilities Only vulnerable in certain configuration(s)
Apache SOLR 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 Affected Yes Log4j Apache Log4j Security Vulnerabilities
Apereo CAS 6.3.x & 6.4.x Affected Yes CAS Log4J Vulnerability Disclosure Apereo Community Blog
Apereo Opencast < 9.10, < 10.6 Affected Yes Apache Log4j Remote Code Execution · Advisory · opencast/opencast · GitHub
Aptible Aptible ElasticSearch 5.x Affected Yes Aptible Status - Log4j security incident CVE-2021-27135
Atlassian Jira Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender,
Atlassian Confluence Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender,
Atlassian Bamboo Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible
Atlassian Crowd Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible
Atlassian Fisheye All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible
Atlassian Crucible All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation
BMC BMC Helix ITSM Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Discovery Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Remedyforce Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Digital Workplace Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Business Workflows Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Client Management Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix CMDB Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Knowledge Management Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Operations Management with AIOps Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Platform Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Remediate Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Virtual Agent Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Remedy ITSM (IT Service Management) Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Footprints Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Track-It! Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC SmartIT Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Control-M Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Control-M Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Cloud Lifecycle Management Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Automation for Networks Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Automation for Servers Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Orchestration Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Bladelogic Database Automation Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC AMI Ops Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Automation Console Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Cloud Cost Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Cloud Security Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Continuous Optimization Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix platform Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Remediate Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Capacity Optimization Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Infrastructure Management Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Operations Management Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC AMI Products Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC MainView Middleware Administrator Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC MainView Middleware Monitor Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Compuware Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
Broadcom CA Advanced Authentication 9.1 Affected
Broadcom CA Risk Authentication Affected
Broadcom CA Strong Authentication Affected
Broadcom Symantec Endpoint Protection Manager (SEPM) 14.3 Affected No Broadcom Support Portal
Broadcom CloudSOC Cloud Access Security Broker (CASB) Not Affected Broadcom Support Portal
Broadcom Symantec Control Compliance Suite (CCS) Not Affected Broadcom Support Portal
Broadcom Data Center Security (DCS) Not Affected Broadcom Support Portal
Broadcom Data Loss Prevention (DLP) Not Affected Broadcom Support Portal
Broadcom Ghost Solution Suite (GSS) Not Affected Broadcom Support Portal
Broadcom IT Management Suite Not Affected Broadcom Support Portal
Broadcom Layer7 API Gateway Not Affected Broadcom Support Portal
Broadcom Layer7 Mobile API Gateway Not Affected Broadcom Support Portal
Broadcom ProxySG Not Affected Broadcom Support Portal
Broadcom Security Analytics (SA) Not Affected Broadcom Support Portal
Broadcom Symantec Directory Not Affected Broadcom Support Portal
Broadcom Symantec Identity Governance and Administration (IGA) Not Affected Broadcom Support Portal
Broadcom Symantec PGP Solutions Not Affected Broadcom Support Portal
Broadcom VIP Not Affected Broadcom Support Portal
Broadcom Advanced Secure Gateway (ASG) Under Investigation Broadcom Support Portal
Broadcom BCAAA Under Investigation Broadcom Support Portal
Broadcom Content Analysis (CA) Under Investigation Broadcom Support Portal
Broadcom Cloud Workload Protection (CWP) Under Investigation Broadcom Support Portal
Broadcom Cloud Workload Protection for Storage (CWP:S) Under Investigation Broadcom Support Portal
Broadcom Critical System Protection (CSP) Under Investigation Broadcom Support Portal
Broadcom Email Security Service (ESS) Under Investigation Broadcom Support Portal
Broadcom HSM Agent Under Investigation Broadcom Support Portal
Broadcom Industrial Control System Protection (ICSP) Under Investigation Broadcom Support Portal
Broadcom Integrated Cyber Defense Manager (ICDm) Under Investigation Broadcom Support Portal
Broadcom Integrated Secure Gateway (ISG) Under Investigation Broadcom Support Portal
Broadcom Layer7 API Developer Portal Under Investigation Broadcom Support Portal
Broadcom Management Center (MC) Under Investigation Broadcom Support Portal
Broadcom PacketShaper (PS) S-Series Under Investigation Broadcom Support Portal
Broadcom PolicyCenter (PC) S-Series Under Investigation Broadcom Support Portal
Broadcom Privileged Access Manager Under Investigation Broadcom Support Portal
Broadcom Privileged Access Manager Server Control Under Investigation Broadcom Support Portal
Broadcom Privileged Identity Manager Under Investigation Broadcom Support Portal
Broadcom Reporter Under Investigation Broadcom Support Portal
Broadcom Secure Access Cloud (SAC) Under Investigation Broadcom Support Portal
Broadcom SiteMinder (CA Single Sign-On) Under Investigation Broadcom Support Portal
Broadcom SSL Visibility (SSLV) Under Investigation Broadcom Support Portal
Broadcom Symantec Endpoint Detection and Response (EDR) Under Investigation Broadcom Support Portal
Broadcom Symantec Endpoint Encryption (SEE) Under Investigation Broadcom Support Portal
Broadcom Symantec Endpoint Protection (SEP) Under Investigation Broadcom Support Portal
Broadcom Symantec Endpoint Protection (SEP) for Mobile Under Investigation Broadcom Support Portal
Broadcom Symantec Mail Security for Microsoft Exchange (SMSMSE) Under Investigation Broadcom Support Portal
Broadcom Symantec Messaging Gateway (SMG) Under Investigation Broadcom Support Portal
Broadcom Symantec Protection Engine (SPE) Under Investigation Broadcom Support Portal
Broadcom Symantec Protection for SharePoint Servers (SPSS) Under Investigation Broadcom Support Portal
Broadcom VIP Authentication Hub Under Investigation Broadcom Support Portal
Broadcom Web Isolation (WI) Under Investigation Broadcom Support Portal
Broadcom Web Security Service (WSS) Under Investigation Broadcom Support Portal
Broadcom WebPulse Under Investigation Broadcom Support Portal
Check Point Quantum Security Gateway Not Affected
Check Point Quantum Security Management Not Affected Uses the 1.8.0_u241 version of the JRE that protects against this attack by default.
Check Point CloudGuard Not Affected
Check Point Infinity Portal Not Affected
Check Point Harmony Endpoint & Harmony Mobile Not Affected
Check Point SMB Not Affected
Check Point ThreatCloud Not Affected
Cisco Cisco Webex Meetings Server Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Advanced Web Security Reporting Application Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco CloudCenter Suite Admin Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Crosswork Change Automation Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Evolved Programmable Network Manager Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Integrated Management Controller (IMC) Supervisor Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Intersight Virtual Appliance Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Services Orchestrator (NSO) Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco WAN Automation Engine (WAE) Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco UCS Director Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Computer Telephony Integration Object Server (CTIOS) Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Packaged Contact Center Enterprise Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Contact Center Enterprise - Live Data server Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Contact Center Enterprise Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Intelligent Contact Management Enterprise Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified SIP Proxy Software Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Video Surveillance Operations Manager Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Kinetic for Cities Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Umbrella Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Communications Manager Cloud Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Webex Cloud-Connected UC (CCUC) Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Duo Not Affected Yes Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SocialMiner Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco AnyConnect Secure Mobility Client Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Webex Teams Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Extensible Network Controller (XNC) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus Data Broker Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus Insights Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Wide Area Application Services (WAAS) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco AMP Virtual Private Cloud Appliance Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Adaptive Security Appliance (ASA) Software Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Firepower Management Center Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Firepower Threat Defense (FTD) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Identity Services Engine (ISE) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Registered Envelope Service Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Web Security Appliance (WSA) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco ACI Multi-Site Orchestrator Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Application Policy Infrastructure Controller (APIC) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco CloudCenter Workload Manager Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Connected Grid Device Manager Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Connected Mobile Experiences Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco DNA Assurance Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Data Center Network Manager (DCNM) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Elastic Services Controller (ESC) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IoT Operations Dashboard Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Modeling Labs Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Planner Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus Dashboard (formerly Cisco Application Services Engine) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Optical Network Planner Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Policy Suite Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Central for Service Providers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Collaboration Manager Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Collaboration Provisioning Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Infrastructure Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime License Manager Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Network Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Optical for Service Providers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Provisioning Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Service Catalog Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco UCS Performance Manager Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco ACI Virtual Edge Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco ASR 5000 Series Routers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Catalyst 9800 Series Wireless Controllers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco DNA Center Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Enterprise NFV Infrastructure Software (NFVIS) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco GGSN Gateway GPRS Support Node Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IOS and IOS XE Software Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IOx Fog Director Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IP Services Gateway (IPSG) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco MDS 9000 Series Multilayer Switches Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco MME Mobility Management Entity Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Assurance Engine Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Convergence System 2000 Series Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 5500 Platform Switches Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 5600 Platform Switches Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 6000 Series Switches Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 7000 Series Switches Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco PDSN/HA Packet Data Serving Node and Home Agent Under Investigation Vulnerability in Apache Log4j Library Affecting Cis co Products: December 2021
Cisco Cisco PGW Packet Data Network Gateway Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge 1000 Series Routers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge 2000 Series Routers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge 5000 Series Routers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge Cloud Router Platform Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vManage Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Secure Network Analytics (SNA), formerly Stealthwatch Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco System Architecture Evolution Gateway (SAEGW) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco HyperFlex System Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco BroadWorks Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Broadcloud Calling Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Contact Center Domain Manager (CCDM) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Contact Center Management Portal (CCMP) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Emergency Responder Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Enterprise Chat and Email Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Finesse Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Paging Server (InformaCast) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Paging Server Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Advanced Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Business Edition Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Department Edition Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Enterprise Edition Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Premium Edition Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Contact Center Express Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Virtualized Voice Browser Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Exony Virtualized Interaction Manager (VIM) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Meeting Server Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco TelePresence Management Suite Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Vision Dynamic Signage Director Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco CX Cloud Agent Software Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Cognitive Intelligence Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Common Services Platform Collector Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Connectivity Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco DNA Spaces Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Defense Orchestrator Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Intersight Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Assessment (CNA) Tool Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Managed Services Accelerator (MSX) Network Access Control Service Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco AppDynamics Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco duo network gateway (on-prem/self-hosted) Under Investigation
Citrix Citrix ADC Under Investigation https://support.citrix.com/article/CTX335705
Citrix Citrix Endpoint Management Under Investigation https://support.citrix.com/article/CTX335705
Citrix Citrix Gateway Under Investigation https://support.citrix.com/article/CTX335705
Citrix Citrix SD-WAN Under Investigation https://support.citrix.com/article/CTX335705
Citrix Citrix Virtual Apps and Desktops Under Investigation https://support.citrix.com/article/CTX335705
Cloudera CDH, HDP, and HDF Only version 6.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Enterprise Only version 6.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Science Workbench (CDSW) Only versions 2.x, 3.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Hortonworks Data Platform (HDP) Only versions 7.1.x, 2.7.x, 2.6.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Ambari Only versions 2.x, 1.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Cybersecurity Platform All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Data Steward Studio (DSS) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Arcadia Enterprise Only version 7.1.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera CDP Private Cloud Base Only version 7.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Warehouse (CDW) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Machine Learning (CML) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Engineering (CDE) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Management Console All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Workload XM All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Flow Management (CFM) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Edge Management (CEM) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Stream Processing (CSP) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera CDS 3 Powered by Apache Spark All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera CDS 3.2 for GPUs All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) Only versions 7.0.x, 7.1.x, 7.2.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) Only versions 7.0.x, 7.1.x, 7.2.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Warehouse (CDW) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Machine Learning (CML) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Engineering (CDE) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Flow (CFM) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Streaming Analytics (CSA) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Visualization (CDV) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera DataFlow (CDF) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Replication Manager Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Manager (Including Backup Disaster Recovery (BDR)) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera AM2CM Tool Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Hortonworks Data Flow (HDF) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Hortonworks DataPlane Platform Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Data Lifecycle Manager (DLM) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Streaming Analytics (CSA) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Management Console for CDP Public Cloud Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera CDP Operational Database (COD) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Data Catalog Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Workload Manager Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Workload XM (SaaS) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera SmartSense Under Investigation https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Data Analytics Studio (DAS) Under Investigation https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Devolutions All products Not Affected https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/
Dynatrace Managed cluster nodes Affected
Dynatrace Synthetic Activegates Affected
ElasticSearch all products Not Affected
F-Secure Endpoint Proxy 13-15 Affected Yes F-Secure services Status - 0-day exploit found in the Java logging package log4j2
F-Secure Policy Manager 13-15 Affected Yes F-Secure services Status - 0-day exploit found in the Java logging package log4j2
F-Secure Policy Manager Proxy 13-15 Affected Yes F-Secure services Status - 0-day exploit found in the Java logging package log4j2
F-Secure Elements Connector Affected Yes The Log4J Vulnerability (CVE-2021-44228) which F-Secure products are affected, what it means, what steps should you take - F-Secure Community
F-Secure Messaging Security Gateway Affected Yes The Log4J Vulnerability (CVE-2021-44228) which F-Secure products are affected, what it means, what steps should you take - F-Secure Community
Forcepoint DLP Manager Affected Login (forcepoint.com)
Forcepoint Security Manager (Web, Email and DLP) Affected Login (forcepoint.com)
Forcepoint Forcepoint Cloud Security Gateway (CSG) Not Affected Login (forcepoint.com)
Forcepoint Next Generation Firewall (NGFW) Not Affected Login (forcepoint.com)
Forcepoint Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder Not Affected Login (forcepoint.com)
Forcepoint One Endpoint Not Affected Login (forcepoint.com)
ForgeRock Autonomous Identity Affected Security Advisories - Knowledge - BackStage (forgerock.com) all other ForgeRock products Not vulnerable
Fortinet FortiAIOps Affected PSIRT Advisories FortiGuard
Fortinet FortiCASB Affected PSIRT Advisories FortiGuard
Fortinet FortiConvertor Affected PSIRT Advisories FortiGuard
Fortinet FortiEDR Cloud Affected PSIRT Advisories FortiGuard
Fortinet FortiNAC Affected PSIRT Advisories FortiGuard
Fortinet FortiNAC Affected PSIRT Advisories FortiGuard
Fortinet FortiPolicy Affected PSIRT Advisories FortiGuard
Fortinet FortiPortal Affected PSIRT Advisories FortiGuard
Fortinet FortiSIEM Affected PSIRT Advisories FortiGuard
Fortinet FortiSOAR Affected PSIRT Advisories FortiGuard
Fortinet ShieldX Affected PSIRT Advisories FortiGuard
Fortinet FortiAnalyzer Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiAnalyzer Not Affected PSIRT Advisories FortiGuard
Fortinet FortiAP Not Affected PSIRT Advisories FortiGuard
Fortinet FortiAuthenticator Not Affected PSIRT Advisories FortiGuard
Fortinet FortiDeceptor Not Affected PSIRT Advisories FortiGuard
Fortinet FortiEDR Agent Not Affected PSIRT Advisories FortiGuard
Fortinet FortiGate Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiGSLB Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiMail Not Affected PSIRT Advisories FortiGuard
Fortinet FortiManager Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiManager Not Affected PSIRT Advisories FortiGuard
Fortinet FortiOS (includes FortiGate & FortiWiFi) Not Affected PSIRT Advisories FortiGuard
Fortinet FortiPhish Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiRecorder Not Affected PSIRT Advisories FortiGuard
Fortinet FortiSwicth Cloud in FortiLANCloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiSwitch & FortiSwitchManager Not Affected PSIRT Advisories FortiGuard
Fortinet FortiToken Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiVoice Not Affected PSIRT Advisories FortiGuard
Fortinet FortiWeb Cloud Not Affected PSIRT Advisories FortiGuard
FusionAuth FusionAuth 1.32 Not Affected log4j CVE: How it affects FusionAuth (TLDR: It doesn't) - FusionAuth
Gradle Gradle Not Affected No Gradle Blog - Dealing with the critical Log4j vulnerability Gradle Scala Compiler Plugin depends upon log4j-core but it is not used.
Gradle Gradle Enterprise < 2021.3.6 Affected Yes Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2
Gradle Gradle Enterprise Test Distribution Agent < 1.6.2 Affected Yes Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2
Gradle Gradle Enterprise Build Cache Node < 10.1 Affected Yes Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2
IBM BigFix Compliance Affected No
IBM BigFix Inventory VM Manager Tool & SAP Tool Affected No To verify if your instance is affected, go to the lib subdirectory of the tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version of log4j is included. Version is included in the name of the library.
IBM Server Automation Affected No
IBM Management Extender for VMware vCenter Affected No
IBM Resilient Under Investigation
Jenkins CI/CD Core Not Affected
Jenkins Plugins Unkown Need to audit plugins for use of log4j
Jetbrains Affected Yes https://www.jetbrains.com/help/license_server/release_notes.html
McAfee ePolicy Orchestrator Agent Handlers (ePO-AH) Not Affected
McAfee Data Exchange Layer (DXL) Under Investigation
McAfee Enterprise Security Manager (ESM) Under Investigation
McAfee ePolicy Orchestrator Application Server (ePO) Under Investigation
McAfee McAfee Active Response (MAR) Under Investigation
McAfee Network Security Manager (NSM) Under Investigation
McAfee Network Security Platform (NSP) Under Investigation
McAfee Threat Intelligence Exchange (TIE) Under Investigation
Microsoft Azure Data lake store java < 2.3.10 Affected azure-data-lake-store-java/CHANGES.md at ed5d6304783286c3cfff0a1dee457a922e23ad48 · Azure/azure-data-lake-store-java · GitHub
MongoDB MongoDB Atlas Search Affected yes https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) Not Affected https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) Not Affected https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) Not Affected https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB MongoDB Drivers Not Affected https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) Not Affected https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB MongoDB Realm (including Realm Database, Sync, Functions, APIs) Not Affected https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
Netapp Multiple NetApp products Affected https://security.netapp.com/advisory/ntap-20211210-0007/
Okta Okta RADIUS Server Agent < 2.17.0 Affected Okta RADIUS Server Agent CVE-2021-44228 Okta 12/12/2021
Okta Okta On-Prem MFA Agent < 1.4.6 Affected Okta On-Prem MFA Agent CVE-2021-44228 Okta 12/12/2021
Okta Advanced Server Access Not Affected Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security 12/12/2021
Okta Okta Access Gateway Not Affected Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security 12/12/2021
Okta Okta AD Agent Not Affected Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security 12/12/2021
Okta Okta Browser Plugin Not Affected Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security 12/12/2021
Okta Okta IWA Web Agent Not Affected Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security 12/12/2021
Okta Okta LDAP Agent Not Affected Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security 12/12/2021
Okta Okta Mobile Not Affected Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security 12/12/2021
Okta Okta Workflows Not Affected Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security 12/12/2021
Okta Okta Verify Not Affected Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security 12/12/2021
Palo-Alto Prisma Cloud Compute Not Affected CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto Prisma Cloud Not Affected CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto PAN-OS Not Affected CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto GlobalProtect App Not Affected CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto Cortex XSOAR Not Affected CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto Cortex XDR Agent Not Affected CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto CloudGenix Not Affected CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Pulse Secure Pulse Secure Virtual Traffic Manager Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Secure Services Director Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Secure Web Application Firewall Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Connect Secure Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Ivanti Connect Secure (ICS) Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Policy Secure Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Desktop Client Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Mobile Client Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse One Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse ZTA Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Ivanti Neurons for ZTA Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Ivanti Neurons for secure Access Not Affected Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Red Hat build of Quarkus log4j-core low Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat CodeReady Studio 12 log4j-core Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Data Grid 8 log4j-core Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Descision Manager 7 log4j-core low Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Enterprise Linux 6 log4j Not Affected CVE-2021-44228- Red Hat Customer Portal
Red Hat Enterprise Linux 7 log4j Not Affected CVE-2021-44228- Red Hat Customer Portal
Red Hat Enterprise Linux 8 parfait:0.5/log4j12 Not Affected CVE-2021-44228- Red Hat Customer Portal
Red Hat Integration Camel K log4j-core Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Integration Camel Quarkus log4j-core Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat JBoss A-MQ Streaming log4j-core Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat JBoss Enterprise Application Platform 7 log4j-core low Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat JBoss Enterprise Application Platform Expansion Pack log4j-core low Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat JBoss Fuse 7 log4j-core Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Application Runtimes log4j-core Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5 Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6 Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Logging logging-elasticsearch6-container Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenStack Platform 13 (Queens) opendaylight Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Process Automation 7 log4j-core low Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Single Sign-On 7 log4j-core Not Affected CVE-2021-44228- Red Hat Customer Portal
Red Hat Software Collections rh-maven36-log4j12 Not Affected CVE-2021-44228- Red Hat Customer Portal
Red Hat Software Collections rh-maven35-log4j12 Not Affected CVE-2021-44228- Red Hat Customer Portal
Red Hat Software Collections rh-java-common-log4j Not Affected CVE-2021-44228- Red Hat Customer Portal
Redhat log4j-core Not Affected CVE-2021-44228- Red Hat Customer Portal
RSA SecurID Authentication Manager Not Affected
RSA SecurID Authentication Manager Prime Not Affected
RSA SecurID Authentication Manager WebTier Not Affected
RSA SecurID Identity Router Not Affected
RSA SecurID Governance and Lifecycle Not Affected
RSA SecurID Governance and Lifecycle Cloud Not Affected
Ruckus Virtual SmartZone (vSZ) 5.1 to 6.0 Affected Ruckus Wireless (support.ruckuswireless.com) 12/13/2021
SonicWall Gen5 Firewalls (EOS) Not Affected Security Advisory (sonicwall.com) Log4j2 not used in the appliance. 12/12/2021
SonicWall Gen6 Firewalls Not Affected Security Advisory (sonicwall.com) Log4j2 not used in the appliance. 12/12/2021
SonicWall Gen7 Firewalls Not Affected Security Advisory (sonicwall.com) Log4j2 not used in the appliance. 12/12/2021
SonicWall SonicWall Switch Not Affected Security Advisory (sonicwall.com) Log4j2 not used in the SonicWall Switch. 12/12/2021
SonicWall SMA 100 Not Affected Security Advisory (sonicwall.com) Log4j2 not used in the SMA100 appliance. 12/12/2021
SonicWall SMA 1000 Not Affected Security Advisory (sonicwall.com) Version 12.1.0 and 12.4.1 doesn't use a vulnerable version 12/12/2021
SonicWall Email Security Not Affected Security Advisory (sonicwall.com) Version 10.x doesn't use a vulnerable version 12/12/2021
SonicWall MSW Not Affected Security Advisory (sonicwall.com) Mysonicwall service doesn't use Log4j 12/12/2021
SonicWall NSM Not Affected Security Advisory (sonicwall.com) NSM On-Prem and SaaS doesn't use a vulnerable version 12/12/2021
SonicWall Capture Client & Capture Client Portal Not Affected Security Advisory (sonicwall.com) Log4j2 not used in the Capture Client. 12/12/2021
SonicWall Access Points Not Affected Security Advisory (sonicwall.com) Log4j2 not used in the SonicWall Access Points 12/12/2021
SonicWall WNM Not Affected Security Advisory (sonicwall.com) Log4j2 not used in the WNM. 12/12/2021
SonicWall Capture Security Appliance Not Affected Security Advisory (sonicwall.com) Log4j2 not used in the Capture Security appliance. 12/12/2021
SonicWall WXA Not Affected Security Advisory (sonicwall.com) WXA doesn't use a vulnerable version 12/12/2021
SonicWall SonicCore Not Affected Security Advisory (sonicwall.com) SonicCore doesn't use a Log4j2 12/12/2021
SonicWall Analyzer Under Investigation Security Advisory (sonicwall.com) Under Review 12/12/2021
SonicWall Analytics Under Investigation Security Advisory (sonicwall.com) Under Review 12/12/2021
SonicWall GMS Under Investigation Security Advisory (sonicwall.com) Under Review 12/12/2021
SonicWall CAS Under Investigation Security Advisory (sonicwall.com) Under Review 12/12/2021
SonicWall WAF Under Investigation Security Advisory (sonicwall.com) Under Review 12/12/2021
Sophos Sophos Mobile EAS Proxy < 9.7.2 Affected No Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers will need to download and install version 9.7.2, available from Monday December 13, 2021, on the same machine where it is currently running. PowerShell mode is not affected. Customers can download the Standalone EAS Proxy Installer version 9.7.2 from the Sophos website. 12/12/2021
Sophos Cloud Optix Fixed Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Users may have noticed a brief outage around 12:30 GMT as updates were deployed.
There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted.
12/12/2021
Sophos Sophos Firewall (all versions) Not Affected Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos Firewall does not use Log4j. 12/12/2021
Sophos SG UTM (all versions) Not Affected Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos SG UTM does not use Log4j. 12/12/2021
Sophos SG UTM Manager (SUM) (all versions) All versions Not Affected Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos SUM does not use Log4j. 12/12/2021
Sophos Sophos ZTNA Not Affected Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos ZTNA does not use Log4j. 12/12/2021
Sophos Sophos Home Not Affected Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos Home does not use Log4j. 12/12/2021
Sophos Sophos Central Not Affected Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos Central does not run an exploitable configuration. 12/12/2021
Sophos Sophos Mobile Not Affected Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable configuration. 12/12/2021
Sophos Reflexion Not Affected Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Reflexion does not run an exploitable configuration. 12/12/2021
Splunk Data Stream Processor DSP 1.0.x, DSP 1.1.x, DSP 1.2.x Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Splunk IT Service Intelligence (ITSI) 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Splunk Splunk Enterprise non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Splunk Splunk Enterprise Amazon Machine Image (AMI) non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Splunk Splunk Enterprise Docker Container non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Splunk Stream Processor Service non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Splunk Splunk Cloud Developer Edition Under Investigation Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Splunk Splunk Connect for SNMP Under Investigation Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Splunk Splunk DB Connect Under Investigation Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Splunk Splunk Forwarders (UF/HWF) Under Investigation Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Splunk Splunk Mint Under Investigation Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk 12/12/2021
Spring Spring Boot Unkown https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2
TrendMicro All Under Investigation https://success.trendmicro.com/solution/000289940
Ubiquiti UniFi Network Application 6.5.53 & lower versions Affected Yes UniFi Network Application 6.5.54 Ubiquiti Community
VMware VMware vCenter Server 8.x, 7.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware vCenter Server 7.x, 6.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware vCenter Server 6.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware HCX 4.x, 3.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware NSX-T Data Centern 3.x, 2.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Unified Access Gateway 21.x, 20.x, 3.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Workspace ONE Access 21.x, 20.10.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Identity Manager 3.3.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware vRealize Operations 8.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware vRealize Operations Cloud Proxy Any Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware vRealize Log Insight 8.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware vRealize Automation 8.x, 7.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware vRealize Lifecycle Manager 8.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Telco Cloud Automation 2.x, 1.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Carbon Black Cloud Workload Appliance 1.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Carbon Black EDR Server 7.x, 6.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Site Recovery Manager 8.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Tanzu GemFire 9.x, 8.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Tanzu Greenplum 6.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Tanzu Operations Manager 2.x Affected Yes VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Tanzu Application Service for VMs 2.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Tanzu Kubernetes Grid Integrated Edition 1.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Tanzu Observability by Wavefront Nozzle 3.x, 2.x Affected Yes VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware Healthwatch for Tanzu Application Service 2.x, 1.x Affected Yes VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware Spring Cloud Services for VMware Tanzu 3.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware Spring Cloud Gateway for VMware Tanzu 1.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware Spring Cloud Gateway for Kubernetes 1.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware API Portal for VMware Tanzu 1.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware Single Sign-On for VMware Tanzu Application Service 1.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware App Metrics 2.x Affected Yes VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware vCenter Cloud Gateway 1.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Tanzu SQL with MySQL for VMs 2.x, 1.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware vRealize Orchestrator 8.x, 7.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Cloud Foundation 4.x, 3.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 21.x, 20.10.x, 19.03.0.1 Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Horizon DaaS 9.1.x, 9.0.x Affected No VMSA-2021-0028.1 (vmware.com) 12/12/2021
VMware VMware Horizon Cloud Connector 1.x, 2.x Affected Yes VMSA-2021-0028.1 (vmware.com) 12/12/2021