You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
28 KiB
28 KiB
CISA Log4j (CVE-2021-44228) Affected Vendor & Software List
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Status Descriptions
| Status | Description |
|---|---|
| Unknown | Status unknown. Default choice. |
| Affected | Reported to be affected by CVE-2021-44228. |
| Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
| Fixed | Patch and/or mitigations available (see provided links). |
| Under Investigation | Vendor investigating status. |
Software List
This list has been populated using information from the following sources:
- Kevin Beaumont
- SwitHak
- National Cyber Security Centre - Netherlands (NCSC-NL)
NOTE: This file is automatically generated. To submit updates, please refer to
CONTRIBUTING.md.
| Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated |
|---|---|---|---|---|---|---|---|---|---|
| R | R | Not Affected | link | cisagov | 2021-12-21 | ||||
| R2ediviewer | Unknown | link | cisagov | 2022-01-12 | |||||
| Radware | Unknown | link | cisagov | 2022-01-12 | |||||
| Rapid7 | AlcidekArt, kAdvisor, and kAudit | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | AppSpider Enterprise | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | AppSpider Pro | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | Insight Agent | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | InsightAppSec Scan Engine | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | InsightAppSec Scan Engine | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | InsightCloudSec/DivvyCloud | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | InsightConnect Orchestrator | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | InsightIDR Network Sensor | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | InsightIDR/InsightOps Collector & Event Sources | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | InsightOps DataHub | InsightOps DataHub <= 2.0 | Affected | link | Upgrade DataHub to version 2.0.1 using the following instructions. | cisagov | 2021-12-15 | ||
| Rapid7 | InsightOps non-Java logging libraries | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | InsightOps r7insight_java logging library | <=3.0.8 | Affected | link | Upgrade r7insight_java to 3.0.9 | cisagov | 2021-12-15 | ||
| Rapid7 | InsightVM Kubernetes Monitor | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | InsightVM/Nexpose | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | InsightVM/Nexpose Console | Not Affected | link | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | cisagov | 2021-12-15 | |||
| Rapid7 | InsightVM/Nexpose Engine | Not Affected | link | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | cisagov | 2021-12-15 | |||
| Rapid7 | IntSights virtual appliance | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | Logentries DataHub | Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 | Affected | link | Linux: Install DataHub_1.2.0.822.deb using the following instructions. Windows: Run version 1.2.0.822 in a Docker container or as a Java command per these instructions. You can find more details here. | cisagov | 2021-12-15 | ||
| Rapid7 | Logentries le_java logging library | All versions: this is a deprecated component | Affected | link | Migrate to version 3.0.9 of r7insight_java | cisagov | 2021-12-15 | ||
| Rapid7 | Metasploit Framework | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | Metasploit Pro | Not Affected | link | Metasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j. | cisagov | 2021-12-15 | |||
| Rapid7 | tCell Java Agent | Not Affected | link | cisagov | 2021-12-15 | ||||
| Rapid7 | Velociraptor | Not Affected | link | cisagov | 2021-12-15 | ||||
| Raritan | Unknown | link | cisagov | 2022-01-12 | |||||
| Ravelin | Unknown | link | cisagov | 2022-01-12 | |||||
| Real-Time Innovations (RTI) | Distributed Logger | Unknown | link | cisagov | 2021-12-16 | ||||
| Real-Time Innovations (RTI) | Recording Console | Unknown | link | cisagov | 2021-12-16 | ||||
| Real-Time Innovations (RTI) | RTI Administration Console | Unknown | link | cisagov | 2021-12-16 | ||||
| Real-Time Innovations (RTI) | RTI Code Generator | Unknown | link | cisagov | 2021-12-16 | ||||
| Real-Time Innovations (RTI) | RTI Code Generator Server | Unknown | link | cisagov | 2021-12-16 | ||||
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Micro 3.0.0, 3.0.1, 3.0.2, 3.0.3 | Affected | link | cisagov | 2021-12-16 | |||
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Professional 6.0.0 and 6.0.1 | Affected | link | cisagov | 2021-12-16 | |||
| Real-Time Innovations (RTI) | RTI Monitor | Unknown | link | cisagov | 2021-12-16 | ||||
| Red Hat | log4j-core | Unknown | link | cisagov | 2021-12-21 | ||||
| Red Hat | Red Hat Integration Camel K | Unknown | link | RHSA-2021:5130 | cisagov | 2021-12-21 | |||
| Red Hat | Red Hat build of Quarkus | Unknown | link | cisagov | 2021-12-20 | ||||
| Red Hat | Red Hat CodeReady Studio | 12.21.0 | Fixed | link | CRS 12.21.1 Patch | cisagov | 2021-12-21 | ||
| Red Hat | Red Hat Data Grid | 8 | Fixed | link | RHSA-2021:5132 | cisagov | 2021-12-21 | ||
| Red Hat | Red Hat Decision Manager | Not Affected | link | cisagov | 2021-12-20 | ||||
| Red Hat | Red Hat Enterprise Linux | Not Affected | link | cisagov | 2021-12-20 | ||||
| Red Hat | Red Hat Enterprise Linux | Not Affected | link | cisagov | 2021-12-20 | ||||
| Red Hat | Red Hat Enterprise Linux | Not Affected | link | cisagov | 2021-12-20 | ||||
| Red Hat | Red Hat Integration Camel Quarkus | Unknown | link | RHSA-2021:5126 | cisagov | 2021-12-21 | |||
| Red Hat | Red Hat JBoss A-MQ Streaming | Unknown | link | RHSA-2021:5138 | cisagov | 2021-12-21 | |||
| Red Hat | Red Hat JBoss Enterprise Application Platform | 7 | Fixed | link | Maven Patch - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | cisagov | 2021-12-21 | ||
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | Not Affected | link | cisagov | 2021-12-20 | ||||
| Red Hat | Red Hat JBoss Fuse | 7 | Fixed | link | RHSA-2021:5134 | cisagov | 2021-12-21 | ||
| Red Hat | Red Hat Process Automation | 7 | Fixed | link | Maven Patch - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | cisagov | 2021-12-21 | ||
| Red Hat | Red Hat Single Sign-On | Not Affected | link | cisagov | 2021-12-21 | ||||
| Red Hat | Red Hat Vert.X | 4 | Fixed | link | RHSA-2021:5093 | cisagov | 2021-12-21 | ||
| Red Hat | Satellite 5 | Unknown | link | cisagov | 2021-12-21 | ||||
| Red Hat | Spacewalk | Unknown | link | cisagov | 2021-12-21 | ||||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | Unknown | link | RHSA-2021:5094 | cisagov | 2021-12-21 | |||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch6 | Unknown | link | Please refer to Red Hat Customer Portal to find the right errata for your version. | cisagov | 2021-12-21 | |||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hive | Unknown | link | Please refer to Red Hat Customer Portal to find the right errata for your version. | cisagov | 2021-12-21 | |||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-presto | Unknown | link | Please refer to Red Hat Customer Portal to find the right errata for your version. | cisagov | 2021-12-21 | |||
| Red Hat OpenShift Logging | logging-elasticsearch6-container | Unknown | link | Please refer to Red Hat Customer Portal to find the right errata for your version. | cisagov | 2021-12-21 | |||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Unknown | link | End of Life | cisagov | 2021-12-21 | |||
| Red Hat Software Collections | rh-java-common-log4j | Unknown | link | cisagov | 2021-12-21 | ||||
| Red Hat Software Collections | rh-maven35-log4j12 | Unknown | link | cisagov | 2021-12-21 | ||||
| Red Hat Software Collections | rh-maven36-log4j12 | Unknown | link | cisagov | 2021-12-21 | ||||
| Red5Pro | Unknown | link | cisagov | 2022-01-12 | |||||
| RedGate | Unknown | link | cisagov | 2022-01-12 | |||||
| Redis | Unknown | link | cisagov | 2022-01-12 | |||||
| Reiner SCT | Unknown | link | cisagov | 2022-01-12 | |||||
| ReportURI | Unknown | link | cisagov | 2022-01-12 | |||||
| ResMed | AirView | Unknown | link | cisagov | 2021-12-21 | ||||
| ResMed | myAir | Unknown | link | cisagov | 2021-12-21 | ||||
| Respondus | Unknown | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2022-01-12 | ||||
| Revenera / Flexera | Unknown | link | cisagov | 2022-01-12 | |||||
| Ricoh | Unknown | link | cisagov | 2022-01-12 | |||||
| RingCentral | Unknown | link | cisagov | 2022-01-12 | |||||
| Riverbed | Unknown | link | cisagov | 2022-01-12 | |||||
| Rockwell Automation | FactoryTalk Analytics DataFlowML | 4.00.00 | Affected | link | cisagov | 2021-12-15 | |||
| Rockwell Automation | FactoryTalk Analytics DataView | 3.03.00 | Affected | link | cisagov | 2021-12-15 | |||
| Rockwell Automation | Industrial Data Center | Gen 1, Gen 2, Gen 3, Gen 3.5 | Fixed | link | cisagov | 2021-12-15 | |||
| Rockwell Automation | MES EIG | 3.03.00 | Affected | link | Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions. | cisagov | 2021-12-15 | ||
| Rockwell Automation | VersaVirtual | Series A | Fixed | link | cisagov | 2021-12-15 | |||
| Rockwell Automation | Warehouse Management | 4.01.00, 4.02.00, 4.02.01, 4.02.02 | Affected | link | cisagov | 2021-12-15 | |||
| Rollbar | Unknown | link | cisagov | 2022-01-12 | |||||
| Rosette.com | Unknown | link | cisagov | 2022-01-12 | |||||
| RSA | SecurID Authentication Manager | Unknown | cisagov | 2022-01-12 | |||||
| RSA | SecurID Authentication Manager Prime | Unknown | cisagov | 2022-01-12 | |||||
| RSA | SecurID Authentication Manager WebTier | Unknown | cisagov | 2022-01-12 | |||||
| RSA | SecurID Governance and Lifecycle | Unknown | cisagov | 2022-01-12 | |||||
| RSA | SecurID Governance and Lifecycle Cloud | Unknown | cisagov | 2022-01-12 | |||||
| RSA | SecurID Identity Router | Unknown | cisagov | 2022-01-12 | |||||
| RSA Netwitness | Unknown | link | cisagov | 2022-01-12 | |||||
| Rstudioapi | Rstudioapi | Not Affected | link | cisagov | 2021-12-21 | ||||
| Rubrik | Unknown | link | This advisory is available to customers only and has not been reviewed by CISA | cisagov | 2022-01-12 | ||||
| Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | Affected | link | cisagov | 2021-12-13 | |||
| RunDeck by PagerDuty | Unknown | link | cisagov | 2022-01-12 | |||||
| Runecast | Runecast Analyzer | 6.0.3 | Fixed | link | cisagov | 2022-01-12 |