You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 KiB
90 KiB
CISA Log4j (CVE-2021-44228) Affected Vendor & Software List
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Status Descriptions
| Status | Description |
|---|---|
| Unknown | Status unknown. Default choice. |
| Affected | Reported to be affected by CVE-2021-44228. |
| Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
| Fixed | Patch and/or mitigations available (see provided links). |
| Under Investigation | Vendor investigating status. |
Software List
This list has been populated using information from the following sources:
- Kevin Beaumont
- SwitHak
- National Cyber Security Centre - Netherlands (NCSC-NL)
NOTE: This file is automatically generated. To submit updates, please refer to
CONTRIBUTING.md.
| Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated |
|---|---|---|---|---|---|---|---|---|---|
| ABB | AlarmInsight Cloud | Not Affected | link | cisagov | 2022-01-12 | ||||
| ABB | B&R Products | Not Affected | link | cisagov | 2022-01-12 | ||||
| ABB | Remote Service | Fixed | link | cisagov | 2022-01-12 | ||||
| Abbott | All | Unknown | link | Details are shared with customers with an active RAP subscription. | cisagov | 2021-12-15 | |||
| Abbott | GLP Track System | Track Sample Manager (TSM), Track Workflow Manager (TWM) | Affected | link | Abbott will provide a fix for this in a future update expected in January 2022. | cisagov | 2021-12-15 | ||
| Abnormal Security | All | Not Affected | link | cisagov | 2022-01-12 | ||||
| Accellence Technologies | EBÜS | All | Fixed | link | EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-party software setups, which may be affected. | cisagov | 2022-01-12 | ||
| Accellence Technologies | Vimacc | Not Affected | link | cisagov | 2022-01-12 | ||||
| Accellion | Kiteworks | v7.6 release | Fixed | link | As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" to disable the possible attack vector on both CentOS 6 and CentOS 7. | cisagov | 2021-12-16 | ||
| Accruent | Analytics | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | Asset Enterprise | Not Affected | link | cisagov | 2022-01-12 | ||||
| Accruent | BigCenter | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | EMS | Not Affected | link | cisagov | 2022-01-12 | ||||
| Accruent | Evoco | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | Expesite | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | Famis 360 | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | Lucernex | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | Maintenance Connection | Not Affected | link | cisagov | 2022-01-12 | ||||
| Accruent | Meridian | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | Single Sign On (SSO, Central Auth) | Not Affected | link | cisagov | 2022-01-12 | ||||
| Accruent | SiteFM3 | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | SiteFM4 | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | Siterra | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | TMS | Not Affected | link | cisagov | 2022-01-12 | ||||
| Accruent | VxField | Not Affected | link | cisagov | 2022-01-12 | ||||
| Accruent | VxMaintain | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | VxObserve | Fixed | link | cisagov | 2022-01-12 | ||||
| Accruent | VxSustain | Fixed | link | cisagov | 2022-01-12 | ||||
| Acquia | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Acronis | Backup | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acronis | Cyber Backup | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acronis | Cyber Files | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acronis | Cyber Infrastructure | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acronis | Cyber Protect | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acronis | Cyber Protection Home Office | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acronis | DeviceLock DLP | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acronis | Files Connect | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acronis | MassTransit | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acronis | Snap Deploy | Not Affected | link | cisagov | 2022-01-12 | ||||
| ActiveState | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Acunetix | 360 | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acunetix | Agents | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acunetix | Application | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acunetix | IAST - ASP.NET | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acunetix | IAST - NodeJS | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acunetix | IAST - PHP | Not Affected | link | cisagov | 2022-01-12 | ||||
| Acunetix | IAST-Java | All | Fixed | link | AcuSensor IAST module needs attention. | cisagov | 2022-01-12 | ||
| Adaptec | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Addigy | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Adeptia | Connect | 3.3, 3.4, 3.5 | Fixed | link | cisagov | 2022-01-12 | |||
| Adeptia | Suite | 6.9.9, 6.9.10, 6.9.11 | Fixed | link | cisagov | 2022-01-12 | |||
| Adobe | Automated Forms Conversion Service | Affected | link | cisagov | 2022-01-12 | ||||
| Adobe | ColdFusion | Fixed | link | cisagov | 2022-01-12 | ||||
| Adobe | Experience Manager 6.3 Forms on JEE | All versions from 6.3 GA to 6.3.3 | Fixed | link | cisagov | 2022-01-12 | |||
| Adobe | Experience Manager 6.4 Forms Designer | Affected | link | cisagov | 2022-01-12 | ||||
| Adobe | Experience Manager 6.4 Forms on JEE | All versions from 6.4 GA to 6.4.8 | Fixed | link | cisagov | 2022-01-12 | |||
| Adobe | Experience Manager 6.5 Forms Designer | Fixed | link | cisagov | 2022-01-12 | ||||
| Adobe | Experience Manager 6.5 Forms on JEE | All versions from 6.5 GA to 6.5.11 | Fixed | link | cisagov | 2022-01-12 | |||
| Adobe | Experience Manager Forms on OSGi | Not Affected | link | cisagov | 2022-01-12 | ||||
| Adobe | Experience Manager Forms Workbench | Not Affected | link | cisagov | 2022-01-12 | ||||
| ADP | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Advanced Micro Devices (AMD) | All | Not Affected | link | cisagov | 2022-02-02 | ||||
| Advanced Systems Concepts (formally Jscape) | Active MFT | Not Affected | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2021-12-14 | |||
| Advanced Systems Concepts (formally Jscape) | MFT | Not Affected | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2021-12-14 | |||
| Advanced Systems Concepts (formally Jscape) | MFT Gateway | Not Affected | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2021-12-14 | |||
| Advanced Systems Concepts (formally Jscape) | MFT Server | Not Affected | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2021-12-14 | |||
| AFHCAN Global LLC | AFHCANcart | Not Affected | link | cisagov | 2022-01-12 | ||||
| AFHCAN Global LLC | AFHCANmobile | Not Affected | link | cisagov | 2022-01-12 | ||||
| AFHCAN Global LLC | AFHCANServer | Not Affected | link | cisagov | 2022-01-12 | ||||
| AFHCAN Global LLC | AFHCANsuite | Not Affected | link | cisagov | 2022-01-12 | ||||
| AFHCAN Global LLC | AFHCANupdate | Not Affected | link | cisagov | 2022-01-12 | ||||
| AFHCAN Global LLC | AFHCANweb | Not Affected | link | cisagov | 2022-01-12 | ||||
| Agilysys | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Ahsay | Mobile | Not Affected | link | cisagov | 2022-01-12 | ||||
| Ahsay | Other products | Not Affected | link | cisagov | 2022-01-12 | ||||
| Ahsay | PRD | Not Affected | link | cisagov | 2022-01-12 | ||||
| AIL | All | Not Affected | link | cisagov | 2022-01-12 | ||||
| Akamai | Enterprise Application Access (EAA) Connector | Not Affected | link | cisagov | 2021-12-15 | ||||
| Akamai | SIEM Integration Connector | <1.7.4 | Fixed | link | Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. | cisagov | 2021-12-15 | ||
| Akamai | SIEM Splunk Connector | < 1.4.10 | Fixed | link | Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector. | cisagov | 2021-12-15 | ||
| Alcatel | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Alertus | Console | 5.15.0 | Fixed | link | cisagov | 2022-01-12 | |||
| Alexion | Alexion CRM | Not Affected | link | cisagov | 2022-01-12 | ||||
| Alfresco | Alfresco | Not Affected | link | cisagov | 2022-01-12 | ||||
| AlienVault | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Alphatron Medical | AmiSconnect | Not Affected | link | cisagov | 2022-01-12 | ||||
| Alphatron Medical | Custo Diagnostics | 5.4, 5.6 | Affected | link | cisagov | 2022-01-12 | |||
| Alphatron Medical | JiveX | Not Affected | link | cisagov | 2022-01-12 | ||||
| Alphatron Medical | Zorgbericht | Not Affected | link | cisagov | 2022-01-12 | ||||
| Amazon | AMS | Fixed | link | Work in progress, portion of customers may still be vulnerable. Actively monitoring this issue, and are working on addressing it for any AMS services which use Log4j2. | cisagov | 2022-01-12 | |||
| Amazon | API Gateway | Fixed | link | cisagov | 2021-12-20 | ||||
| Amazon | Athena | Fixed | link | cisagov | 2021-12-20 | ||||
| Amazon | Athena JDBC Driver | Not Affected | link | All versions vended to customers were not affected. | cisagov | 2021-12-20 | |||
| Amazon | AWS | Not Affected | link | Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 AWS Forum. AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. | cisagov | 2021-12-15 | |||
| Amazon | AWS AppFlow | Fixed | link | cisagov | 2021-12-20 | ||||
| Amazon | AWS AppSync | Fixed | link | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2021-12-20 | |||
| Amazon | AWS Certificate Manager | Fixed | link | cisagov | 2021-12-20 | ||||
| Amazon | AWS Certificate Manager Private CA | Fixed | link | cisagov | 2021-12-20 | ||||
| Amazon | AWS CloudHSM | < 3.4.1 | Fixed | link | CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. | cisagov | 2022-01-12 | ||
| Amazon | AWS CodeBuild | Fixed | link | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-12 | |||
| Amazon | AWS CodePipeline | Fixed | link | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-12 | |||
| Amazon | AWS Connect | Fixed | link | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation. | cisagov | 2021-12-23 | |||
| Amazon | AWS Directory Service | Fixed | link | cisagov | 2021-12-23 | ||||
| Amazon | AWS DynamoDB | Fixed | link | cisagov | 2021-12-17 | ||||
| Amazon | AWS ECS | Fixed | link | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | cisagov | 2021-12-16 | |||
| Amazon | AWS EKS | Fixed | link | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | cisagov | 2021-12-16 | |||
| Amazon | AWS Elastic Beanstalk | Not Affected | link | Default configuration of applications usage of Log4j versions is not vulnerable. | cisagov | 2021-12-17 | |||
| Amazon | AWS ElastiCache | Fixed | link | cisagov | 2021-12-17 | ||||
| Amazon | AWS ELB | Fixed | link | cisagov | 2021-12-16 | ||||
| Amazon | AWS Fargate | Fixed | link | Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. | cisagov | 2021-12-16 | |||
| Amazon | AWS Glue | Fixed | link | Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. | cisagov | 2021-12-16 | |||
| Amazon | AWS Greengrass | Fixed | link | Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, an update for the Stream Manager feature is included in Greengrass patch versions 1.10.5 and 1.11.5. | cisagov | 2021-12-16 | |||
| Amazon | AWS Inspector | Fixed | link | cisagov | 2021-12-17 | ||||
| Amazon | AWS IoT SiteWise Edge | Fixed | link | Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). | cisagov | 2021-12-17 | |||
| Amazon | AWS Kinesis Data Streams | Fixed | link | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. | cisagov | 2021-12-14 | |||
| Amazon | AWS KMS | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | AWS Lambda | Fixed | link | Vulnerable when using aws-lambda-java-log4j2. | cisagov | 2022-01-12 | |||
| Amazon | AWS Polly | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | AWS QuickSight | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | AWS RDS | Fixed | link | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228. | cisagov | 2021-12-17 | |||
| Amazon | AWS S3 | Fixed | link | cisagov | 2021-12-14 | ||||
| Amazon | AWS SDK | Not Affected | link | cisagov | 2021-12-14 | ||||
| Amazon | AWS Secrets Manager | Fixed | link | cisagov | 2021-12-14 | ||||
| Amazon | AWS Service Catalog | Fixed | link | cisagov | 2021-12-20 | ||||
| Amazon | AWS SNS | Fixed | link | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic. | cisagov | 2021-12-14 | |||
| Amazon | AWS SQS | Fixed | link | cisagov | 2021-12-15 | ||||
| Amazon | AWS Systems Manager | Fixed | link | cisagov | 2021-12-15 | ||||
| Amazon | AWS Systems Manager Agent | Not Affected | link | cisagov | 2021-12-15 | ||||
| Amazon | AWS Textract | Fixed | link | cisagov | 2021-12-15 | ||||
| Amazon | Chime | Fixed | link | Amazon Chime and Chime SDK services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | cisagov | 2022-01-12 | |||
| Amazon | Cloud Directory | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | CloudFront | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | CloudWatch | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Cognito | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Corretto | Not Affected | link | 10/19 release distribution does not include Log4j. Vulnerable only if customers applications use affected versions of Apache Log4j. | cisagov | 2022-01-12 | |||
| Amazon | DocumentDB | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | EC2 | Fixed | link | Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. | cisagov | 2021-12-15 | |||
| Amazon | ECR Public | Fixed | link | Amazon-owned images published under a Verified Account on Amazon ECR Public are not affected by the Log4j issue. | cisagov | 2021-12-15 | |||
| Amazon | Elastic Load Balancing | Fixed | link | Services have been updated. All Elastic Load Balancers, as well as Classic, Application, Network and Gateway, are not affected by this Log4j issue. | cisagov | 2021-12-15 | |||
| Amazon | EMR | Fixed | link | Many customers are estimated to be vulnerable. Vulnerable only if affected EMR releases are used and untrusted sources are configured to be processed. | cisagov | 2022-01-12 | |||
| Amazon | EventBridge | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Fraud Detector | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Inspector | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Inspector Classic | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Kafka (MSK) | Fixed | link | Applying updates as required, portion of customers may still be vulnerable. Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. | cisagov | 2022-01-12 | |||
| Amazon | Kendra | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Keyspaces (for Apache Cassandra) | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Kinesis | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Kinesis Data Analytics | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Lake Formation | Fixed | link | Update in progress, portion of customers may still be vulnerable. AWS Lake Formation service hosts are being updated to the latest version of Log4j. | cisagov | 2022-01-12 | |||
| Amazon | Lex | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Linux (AL1) | Not Affected | link | By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. | cisagov | 2022-01-12 | |||
| Amazon | Linux (AL2) | Fixed | link | By default not vulnerable, and a new version of Amazon Kinesis Agent which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j issue in JVM layer is available. | cisagov | 2022-01-12 | |||
| Amazon | Lookout for Equipment | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Macie | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Macie Classic | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Managed Workflows for Apache Airflow (MWAA) | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | MemoryDB for Redis | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Monitron | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | MQ | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Neptune | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | NICE | Fixed | link | Recommended to update EnginFrame or Log4j library. | cisagov | 2022-01-12 | |||
| Amazon | OpenSearch | R20211203-P2 | Fixed | link | Update released, customers need to update their clusters to the fixed release. | cisagov | 2022-01-12 | ||
| Amazon | Pinpoint | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | RDS Aurora | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | RDS for Oracle | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Redshift | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Rekognition | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Route 53 | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | SageMaker | Fixed | link | Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable only if customers applications use affected versions of Apache Log4j. | cisagov | 2022-01-12 | |||
| Amazon | Simple Notification Service (SNS) | Fixed | link | Systems that serve customer traffic are patched against the Log4j2 issue. Working to apply the patch to sub-systems that operate separately from SNSs systems that serve customer traffic. | cisagov | 2022-01-12 | |||
| Amazon | Simple Queue Service (SQS) | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Simple Workflow Service (SWF) | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Single Sign-On | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Step Functions | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Timestream | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | Translate | Not Affected | link | Service not identified on AWS Log4j Security Bulletin | cisagov | 2022-01-12 | |||
| Amazon | VPC | Fixed | link | cisagov | 2022-01-12 | ||||
| Amazon | WorkSpaces/AppStream 2.0 | Fixed | link | Not affected with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info. | cisagov | 2022-01-12 | |||
| AMD | All | Not Affected | link | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | cisagov | 2021-12-22 | |||
| Anaconda | All | Not Affected | link | cisagov | 2021-12-21 | ||||
| AOMEI | All | Not Affected | link | cisagov | 2021-12-21 | ||||
| Apache | ActiveMQ Artemis | Not Affected | link | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. web/console.war/WEB-INF/lib). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See ARTEMIS-3612 for more information on that task. | cisagov | 2021-12-21 | |||
| Apache | Airflow | Not Affected | link | Airflow is written in Python | cisagov | 2022-01-12 | |||
| Apache | Archiva | 2.2.6 | Fixed | link | Fixed in 2.2.6. | cisagov | 2022-01-12 | ||
| Apache | Camel | Not Affected | link | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | cisagov | 2021-12-13 | |||
| Apache | Camel 2 | Not Affected | link | cisagov | 2021-12-13 | ||||
| Apache | Camel JBang | <=3.1.4 | Affected | link | cisagov | 2021-12-13 | |||
| Apache | Camel K | Not Affected | link | cisagov | 2021-12-13 | ||||
| Apache | Camel Kafka Connector | Not Affected | link | cisagov | 2021-12-13 | ||||
| Apache | Camel Karaf | Affected | link | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | cisagov | 2021-12-13 | |||
| Apache | Camel Quarkus | Not Affected | link | cisagov | 2021-12-13 | ||||
| Apache | Cassandra | Not Affected | link | cisagov | 2021-12-13 | ||||
| Apache | Druid | 0.22.1 | Fixed | link | cisagov | 2021-12-12 | |||
| Apache | Dubbo | All | Fixed | link | cisagov | 2021-12-12 | |||
| Apache | Flink | 1.15.0, 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | link | To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html | cisagov | 2021-12-12 | |
| Apache | Fortress | < 2.0.7 | Fixed | link | Fixed in 2.0.7. | cisagov | 2021-12-14 | ||
| Apache | Geode | 1.14.0 | Fixed | link | Fixed in 1.12.6, 1.13.5, 1.14.1. | cisagov | 2021-12-14 | ||
| Apache | Guacamole | Not Affected | link | cisagov | 2021-12-14 | ||||
| Apache | Hadoop | Not Affected | link | cisagov | 2021-12-14 | ||||
| Apache | HBase | Affected | link | cisagov | 2021-12-14 | ||||
| Apache | Hive | 4.x | Fixed | link | cisagov | 2021-12-14 | |||
| Apache | James | 3.6.0 | Affected | link | cisagov | 2021-12-14 | |||
| Apache | Jena | < 4.3.1 | Fixed | link | cisagov | 2021-12-14 | |||
| Apache | JMeter | All | Affected | link | cisagov | 2021-12-14 | |||
| Apache | JSPWiki | 2.11.1 | Fixed | link | cisagov | 2021-12-14 | |||
| Apache | Kafka | Not Affected | link | Uses Log4j 1.2.17. | cisagov | 2021-12-14 | |||
| Apache | Log4j 1.x | Not Affected | link | cisagov | 2022-01-12 | ||||
| Apache | Log4j 2.x | 2.17.1 | Affected | link | Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). | cisagov | 2022-01-12 | ||
| Apache | Maven | Not Affected | link | cisagov | 2022-01-12 | ||||
| Apache | NiFi | Not Affected | link | Fixed in 1.15.1, 1.16.0. | cisagov | 2022-01-12 | |||
| Apache | OFBiz | < 18.12.03 | Fixed | link | cisagov | 2022-01-12 | |||
| Apache | Ozone | < 1.2.1 | Fixed | link | Fixed in 1.15.1, 1.16.0. | cisagov | 2022-01-12 | ||
| Apache | SkyWalking | < 8.9.1 | Fixed | link | cisagov | 2022-01-12 | |||
| Apache | SOLR | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | link | Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. | Apache Solr 8.11.1 downloads | cisagov | 2021-12-16 | |
| Apache | Spark | Not Affected | link | Uses log4j 1.x | cisagov | 2022-01-12 | |||
| Apache | Struts | 2.5.28 | Affected | link | cisagov | 2022-01-12 | |||
| Apache | Struts 2 | Versions before 2.5.28.1 | Fixed | link | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a General Availability release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | Apache Struts Release Downloads | cisagov | 2021-12-21 | |
| Apache | Tapestry | 5.7.3 | Affected | link | cisagov | 2022-01-12 | |||
| Apache | Tika | 2.0.0 and up | Affected | link | cisagov | 2022-01-12 | |||
| Apache | Tomcat | Unknown | link | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the log4j 2.x security page | cisagov | 2021-12-21 | |||
| Apache | TrafficControl | Affected | link | cisagov | 2022-01-12 | ||||
| Apache | ZooKeeper | Not Affected | link | cisagov | 2022-01-12 | ||||
| APC by Schneider Electric | Powerchute Business Edition | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | link | Mitigation instructions to remove the affected class. | cisagov | 2021-12-15 | ||
| APC by Schneider Electric | Powerchute Network Shutdown | 4.2, 4.3, 4.4, 4.4.1 | Fixed | link | Mitigation instructions to remove the affected class. | cisagov | 2021-12-15 | ||
| Apereo | CAS | 6.3.x, 6.4.x | Fixed | link | Other versions still in active maintainance might need manual inspection. | cisagov | 2022-01-12 | ||
| Apereo | Opencast | < 9.10, < 10.6 | Fixed | link | cisagov | 2022-01-12 | |||
| Apigee | Edge and OPDK products | Not Affected | link | cisagov | 2022-01-12 | ||||
| Apollo | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Appdynamics | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | Affected | link | cisagov | 2021-12-15 | |||
| AppGate | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Appian | Appian Platform | All | Fixed | link | cisagov | 2021-12-22 | |||
| Application Performance Ltd | DBMarlin | Unknown | link | cisagov | 2021-12-15 | ||||
| APPSHEET | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Aptible | All | Search 5.x | Fixed | link | cisagov | 2022-01-12 | |||
| Aqua Security | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Arbiter Systems | All | Not Affected | link | cisagov | 2021-12-22 | ||||
| ARC Informatique | All | Not Affected | link | cisagov | 2022-01-13 | ||||
| Arca Noae | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Arcserve | Arcserve Backup | Not Affected | link | https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US | cisagov | 2021-12-14 | |||
| Arcserve | Arcserve Continuous Availability | Not Affected | link | https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US | cisagov | 2021-12-14 | |||
| Arcserve | Arcserve Email Archiving | Not Affected | link | https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US | cisagov | 2021-12-14 | |||
| Arcserve | Arcserve UDP | Not Affected | link | https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US | cisagov | 2021-12-14 | |||
| Arcserve | ShadowProtect | Not Affected | link | https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US | cisagov | 2021-12-14 | |||
| Arcserve | ShadowXafe | Not Affected | link | https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US | cisagov | 2021-12-14 | |||
| Arcserve | Solo | Not Affected | link | https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US | cisagov | 2021-12-14 | |||
| Arcserve | StorageCraft OneXafe | Not Affected | link | https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US | cisagov | 2021-12-14 | |||
| ArcticWolf | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Arduino | IDE | 1.8.17 | Fixed | link | cisagov | 2022-01-12 | |||
| Ariba | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Arista | Analytics Node for Converged Cloud Fabric | >7.0.0 | Affected | link | Formerly Big Cloud Fabric | cisagov | 2022-01-12 | ||
| Arista | Analytics Node for DANZ Monitoring Fabric | >7.0.0 | Affected | link | Formerly Big Monitoring Fabric | cisagov | 2022-01-12 | ||
| Arista | CloudVision Portal | >2019.1.0 | Affected | link | cisagov | 2022-01-12 | |||
| Arista | CloudVision Wi-Fi, virtual or physical appliance | >8.8 | Affected | link | cisagov | 2022-01-12 | |||
| Arista | Embedded Analytics for Converged Cloud Fabric | >5.3.0 | Affected | link | Formerly Big Cloud Fabric | cisagov | 2022-01-12 | ||
| Aruba Networks | AirWave Management Platform | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Analytics and Location Engine | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | ArubaOS SD-WAN Gateways | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | ArubaOS Wi-Fi Controllers and Gateways | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | ArubaOS-CX Switches | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | ArubaOS-S Switches | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Central | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Central On-Prem | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | ClearPass Policy Manager | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | EdgeConnect | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Fabric Composer (AFC) | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | HP ProCurve Switches | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Instant | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Instant Access Points | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Instant On | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | IntroSpect | Versions 2.5.0.0 to 2.5.0.6 | Fixed | link | cisagov | 2022-01-12 | |||
| Aruba Networks | Legacy GMS Products | Fixed | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Legacy NX | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Legacy VRX | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Legacy VX | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | NetEdit | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Plexxi Composable Fabric Manager (CFM) | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | Silver Peak Orchestrator | Fixed | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | User Experience Insight (UXI) | Not Affected | link | cisagov | 2022-01-12 | ||||
| Aruba Networks | VIA Clients | Not Affected | link | cisagov | 2022-01-12 | ||||
| Ataccama | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Atera | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Atlassian | Bamboo Server & Data Center | On Prem | Affected | link | Only vulnerable when using non-default config, cloud version fixed. | cisagov | 2022-01-12 | ||
| Atlassian | Bitbucket Server & Data Center | On prem | Fixed | link | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | cisagov | 2022-01-12 | ||
| Atlassian | Confluence Server & Data Center | On prem | Affected | link | Only vulnerable when using non-default config, cloud version fixed. | cisagov | 2022-01-12 | ||
| Atlassian | Confluence-CIS CSAT Pro | v1.7.1 | Affected | link | cisagov | 2022-01-12 | |||
| Atlassian | Confluence-CIS WorkBench | Not Affected | link | cisagov | 2022-01-12 | ||||
| Atlassian | Confluence-CIS-CAT Lite | v4.13.0 | Affected | link | cisagov | 2022-01-12 | |||
| Atlassian | Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable | v3.0.77 | Affected | link | cisagov | 2022-01-12 | |||
| Atlassian | Confluence-CIS-CAT Pro Assessor v4 | v4.13.0 | Affected | link | cisagov | 2022-01-12 | |||
| Atlassian | Confluence-CIS-CAT Pro Assessor v4 Service | v1.13.0 | Affected | link | cisagov | 2022-01-12 | |||
| Atlassian | Confluence-CIS-CAT Pro Dashboard | Not Affected | link | cisagov | 2022-01-12 | ||||
| Atlassian | Confluence-CIS-Hosted CSAT | Not Affected | link | cisagov | 2022-01-12 | ||||
| Atlassian | Crowd Server & Data Center | On prem | Affected | link | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | cisagov | 2022-01-12 | ||
| Atlassian | Crucible | On prem | Affected | link | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | cisagov | 2022-01-12 | ||
| Atlassian | Fisheye | On prem | Affected | link | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | cisagov | 2022-01-12 | ||
| Atlassian | Jira Server & Data Center | On prem | Affected | link | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | cisagov | 2022-01-12 | ||
| Attivo Networks | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Atvise | All | Not Affected | link | The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. | cisagov | 2022-01-17 | |||
| AudioCodes | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Autodesk | All | Unknown | link | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the Autodesk Trust Center as we learn more. | cisagov | 2021-12-21 | |||
| Automation Anywhere | Automation 360 Cloud | Fixed | link | This advisory is available to customer only and has not been reviewed by CISA. | cisagov | 2022-01-12 | |||
| Automation Anywhere | Automation 360 On Premise | Fixed | link | This advisory is available to customer only and has not been reviewed by CISA. | cisagov | 2022-01-12 | |||
| Automation Anywhere | Automation Anywhere | 11.x, <11.3x | Fixed | link | This advisory is available to customer only and has not been reviewed by CISA. | cisagov | 2022-01-12 | ||
| Automox | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Autopsy | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Auvik | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Avantra SYSLINK | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Avaya | Avaya Analytics | 3.5, 3.6, 3.6.1, 3.7, 4 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya Aura Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | Affected | link | PSN020551u | cisagov | 2021-12-14 | ||
| Avaya | Avaya Aura Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya Aura Device Services | 8, 8.0.1, 8.0.2, 8.1, 8.1.3, 8.1.4, 8.1.5 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya Aura for OneCloud Private | Affected | link | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | cisagov | 2021-12-14 | |||
| Avaya | Avaya Aura Media Server | 8.0.0, 8.0.1, 8.0.2 | Affected | link | PSN020549u | cisagov | 2021-12-14 | ||
| Avaya | Avaya Aura Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya Aura Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | Affected | link | PSN020550u | cisagov | 2021-12-14 | ||
| Avaya | Avaya Aura System Manager | 10.1, 8.1.3 | Affected | link | PSN005565u | cisagov | 2021-12-14 | ||
| Avaya | Avaya Aura Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1[P], 3.9[P] | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya Breeze | 3.7, 3.8, 3.8.1 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya Contact Center Select | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya CRM Connector - Connected Desktop | 2.2 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya Device Enablement Service | 3.1.22 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya Meetings | 9.1.10, 9.1.11, 9.1.12 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya OneCloud-Private | 2 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya OneCloud-Private-UCaaS - Mid Market Aura | 1 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Avaya Session Border Controller for Enterprise | 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | Affected | link | PSN020554u | cisagov | 2021-12-14 | ||
| Avaya | Avaya Social Media Hub | Affected | link | cisagov | 2021-12-14 | ||||
| Avaya | Avaya Workforce Engagement | 5.3 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Business Rules Engine | 3.4, 3.5, 3.6, 3.7 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Callback Assist | 5, 5.0.1 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Control Manager | 9.0.2, 9.0.2.1 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Device Enrollment Service | 3.1 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Equinox Conferencing | 9.1.2 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Interaction Center | 7.3.9 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | IP Office Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | Affected | link | cisagov | 2021-12-14 | |||
| Avaya | Proactive Outreach Manager | 3.1.2, 3.1.3, 4, 4.0.1 | Affected | link | cisagov | 2021-12-14 | |||
| AVEPOINT | All | Unknown | link | cisagov | 2022-01-12 | ||||
| AVM | All | Not Affected | link | devices, firmware, software incl. MyFritz Service. | cisagov | 2022-01-12 | |||
| AvTech RoomAlert | All | Unknown | link | cisagov | 2022-01-12 | ||||
| AXIS | OS | Not Affected | link | cisagov | 2022-01-12 | ||||
| AXON | All | Unknown | link | cisagov | 2022-01-12 | ||||
| AXS Guard | All | Unknown | link | cisagov | 2022-01-12 | ||||
| Axways Applications | All | Unknown | link | cisagov | 2022-01-12 |