1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-16 22:07:55 +00:00
log4j-affected-db/README.md
2021-12-14 10:10:46 -05:00

206 KiB

CISA Log4j (CVE-2021-44228) Vulnerability Guidance

This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.

Official CISA Guidance & Resources:
CISA Director Jen Easterly's Statement: Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alert: Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
National Vulnerability Database (NVD) Information: CVE-2021-44228

CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the log4j vulnerability, please feel free to open an issue here. We have a template available for your submission. Please also feel free to submit a pull request.

Status Descriptions

Status Description
Unknown Status unknown. Default choice.
Affected Reported to be affected by CVE-2021-44228.
Not Affected Reported to NOT be affected by CVE-2021-44228 and no further action necessary.
Fixed Patch and/or mitigations available (see provided links).
Under Investigation Vendor investigating status.

Software List

Vendor Product Version Status Update Available Vendor Link Notes Other References Last Updated
AIL AIL all Fixed Yes source 12/14/21
Apache Cassandra all Fixed Yes source 12/14/21
Apache Druid 0.22.1 Fixed Yes source 12/14/21
Apache Flink 1.15.0, 1.14.1, 1.13.4 Fixed Yes source 12/14/21
Apache Log4j 2.15.0 Fixed Yes source 12/14/21
Apache Kafka Unknown Fixed Yes source Only vulnerable in certain configuration 12/14/21
Apache SOLR 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 Fixed Yes source Versions before 7.4 also vulnerable when using several configurations 12/14/21
Apache Tika 2.0.0 and up Fixed Yes source 12/14/21
Apache Tomcat Fixed Yes source 12/14/21
Apache Zookeeper Fixed Yes source Zookeeper uses Log4j 1.2 version 12/14/21
Apereo CAS 6.3.x & 6.4.x Fixed Yes source Other versions still in active maintainance might need manual inspection 12/14/21
Apereo Opencast < 9.10, < 10.6 Fixed Yes source 12/14/21
Apigee Edge and OPDK products All version Fixed Yes source 12/14/21
Aptible Aptible ElasticSearch 5.x Fixed Yes source 12/14/21
Atlassian Jira Server & Data Center On prem Fixed Yes source Only vulnerable when using non-default config, cloud version still under investigation 12/14/21
Atlassian Confluence Server & Data Center On prem Fixed Yes source Only vulnerable when using non-default config, cloud version still under investigation 12/14/21
Atlassian Bamboo Server & Data Center On prem Fixed Yes source Only vulnerable when using non-default config, cloud version still under investigation 12/14/21
Atlassian Crowd Server & Data Center On prem Fixed Yes source Only vulnerable when using non-default config, cloud version still under investigation 12/14/21
Atlassian Fisheye On prem Fixed Yes source Only vulnerable when using non-default config, cloud version still under investigation 12/14/21
Atlassian Crucible On prem Fixed Yes source Only vulnerable when using non-default config, cloud version still under investigation 12/14/21
Amazon EC2 Amazon Linux 1 & 2 Fixed Yes source Default packages not vulnerable 12/14/21
Amazon OpenSearch Unknown Fixed Yes source 12/14/21
Amazon AWS Lambda Unknown Fixed Yes source Vulnerable when using aws-lambda-java-log4j2 12/14/21
Amazon AWS CloudHSM < 3.4.1. Fixed Yes source 12/14/21
Azure Data lake store java < 2.3.10 Fixed Yes source 12/14/21
APC PowerChute Business Edition Unknow to 10.0.2.301 Fixed Yes 12/14/21
APC PowerChute Network Shutdown Unknow to 4.2.0 Fixed Yes 12/14/21
Akamai Siem Splunk Connector Unknown to latest Fixed Yes
source 12/14/21
Avaya Fixed Yes
source 12/14/21
Backblaze Cloud N/A (SaaS) Fixed Yes source Cloud service patched 12/14/21
BigBlueButton BigBlueButton Unknown Fixed Yes source 12/14/21
Bitdefender GravityZone On-Premises Unknown Fixed Yes source 12/14/21
Bitnami Unknown Unknown Fixed Yes source 12/14/21
Brian Pangburn SwingSet < 4.0.6 Fixed Yes source 12/14/21
Broadcom CA Advanced Protection 9.1 & 9.1.01 Fixed Yes source 12/14/21
Broadcom Symantec Endpoint Protection Manager (SEPM) 14.3 Fixed Yes source 12/14/21
Broadcom Advanced Secure Gateway (ASG) Unknown Fixed Yes source 12/14/21
Broadcom BCAAA Unknown Fixed Yes source 12/14/21
Broadcom Content Analysis (CA)(SEPM) Unknown Fixed Yes source 12/14/21
Broadcom Cloud Workload Protection (CWP) Unknown Fixed Yes source 12/14/21
Broadcom Cloud Workload Protection for Storage (CWP:S) Unknown Fixed Yes source 12/14/21
Broadcom Critical System Protection (CSP) Unknown Fixed Yes source 12/14/21
Broadcom Email Security Service (ESS) Unknown Fixed Yes source 12/14/21
Broadcom HSM Agent Unknown Fixed Yes source 12/14/21
Broadcom Industrial Control System Protection (ICSP) Unknown Fixed Yes source 12/14/21
Broadcom Integrated Cyber Defense Manager (ICDm) Unknown Fixed Yes source 12/14/21
Broadcom Integrated Secure Gateway (ISG) Unknown Fixed Yes source 12/14/21
Broadcom Layer7 API Developer Portal Unknown Fixed Yes source 12/14/21
Broadcom Management Center (MC) Unknown Fixed Yes source 12/14/21
Broadcom PacketShaper (PS) S-Series Unknown Fixed Yes source 12/14/21
Broadcom PolicyCenter (PC) S-Series Unknown Fixed Yes source 12/14/21
Broadcom Privileged Access Manager Unknown Fixed Yes source 12/14/21
Broadcom Privileged Access Manager Server Control Unknown Fixed Yes source 12/14/21
Broadcom Privileged Identity Manager Unknown Fixed Yes source 12/14/21
Broadcom Reporter Unknown Fixed Yes source 12/14/21
Broadcom Secure Access Cloud (SAC) Unknown Fixed Yes source 12/14/21
Broadcom SiteMinder (CA Single Sign-On) Unknown Fixed Yes source 12/14/21
Broadcom SSL Visibility (SSLV) Unknown Fixed Yes source 12/14/21
Broadcom Symantec Endpoint Detection and Response (EDR) Unknown Fixed Yes source 12/14/21
Broadcom Symantec Endpoint Encryption (SEE) Unknown Fixed Yes source 12/14/21
Broadcom Symantec Endpoint Protection (SEP) Unknown Fixed Yes source 12/14/21
Broadcom Symantec Endpoint Protection (SEP) for Mobile Unknown Fixed Yes source 12/14/21
Broadcom Symantec Mail Security for Microsoft Exchange (SMSMSE) Unknown Fixed Yes source 12/14/21
Broadcom Symantec Messaging Gateway (SMG) Unknown Fixed Yes source 12/14/21
Broadcom Symantec Protection Engine (SPE) Unknown Fixed Yes source 12/14/21
Broadcom Symantec Protection for SharePoint Servers (SPSS) Unknown Fixed Yes source 12/14/21
Broadcom VIP Authentication Hub Unknown Fixed Yes source 12/14/21
Broadcom Web Isolation (WI) Unknown Fixed Yes source 12/14/21
Broadcom Web Security Service (WSS)) Unknown Fixed Yes source 12/14/21
Broadcom WebPulse Unknown Fixed Yes source 12/14/21
Broadcom CloudSOC Cloud Access Security Broker (CASB) Unknown Fixed Yes source 12/14/21
Broadcom Symantec Control Compliance Suite (CCS) Unknown Fixed Yes source 12/14/21
Broadcom Data Center Security (DCS) Unknown Fixed Yes source 12/14/21
Broadcom Data Loss Prevention (DLP) Unknown Fixed Yes source 12/14/21
Broadcom Ghost Solution Suite (GSS) Unknown Fixed Yes source 12/14/21
Broadcom IT Management Suite Unknown Fixed Yes source 12/14/21
Broadcom Layer7 API Gateway Unknown Fixed Yes source 12/14/21
Broadcom Layer7 Mobile API Gateway Unknown Fixed Yes source 12/14/21
Broadcom ProxySG Unknown Fixed Yes source 12/14/21
Broadcom Security Analytics (SA) Unknown Fixed Yes source 12/14/21
Broadcom Symantec Directory Unknown Fixed Yes source 12/14/21
Broadcom Symantec Identity Governance and Administration (IGA) Unknown Fixed Yes source 12/14/21
Broadcom Symantec PGP Solutions Unknown Fixed Yes source 12/14/21
Broadcom VIP Unknown Fixed Yes source 12/14/21
Carbon Black Cloud Workload Appliance Unknown Fixed Yes source More information on pages linked bottom of blogpost (behind login) 12/14/21
Carbon Black EDR Servers Unknown Fixed Yes source More information on pages linked bottom of blogpost (behind login) 12/14/21
Cerberus FTP Unknown Fixed Yes source 12/14/21
Cerebrate Cerebrate All Fixed Yes source 12/14/21
Checkpoint Quantum Security Gateway Unknown Fixed Yes source 12/14/21
Checkpoint Quantum Security Management Unknown Fixed Yes source 12/14/21
Checkpoint CloudGuard Unknown Fixed Yes source 12/14/21
Checkpoint Infinity Portal Unknown Fixed Yes source 12/14/21
Checkpoint Harmony Endpoint & Harmony Mobile Unknown Fixed Yes source 12/14/21
Checkpoint SMB Unknown Fixed Yes source 12/14/21
Checkpoint ThreatCloud Unknown Fixed Yes source 12/14/21
Chef Infra Server All Fixed Yes source 12/14/21
Chef Automate All Fixed Yes source 12/14/21
Chef Backend All Fixed Yes source 12/14/21
Cisco General Cisco Disclaimer Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly Fixed Yes 12/14/21
Cisco AnyConnect Secure Mobility Client All versions Fixed Yes source 12/14/21
Cisco Cisco SocialMiner All versions Fixed Yes source 12/14/21
Cisco Cisco Extensible Network Controller (XNC) Unknown Fixed Yes source 12/14/21
Cisco Cisco Nexus Data Broker Unknown Fixed Yes source 12/14/21
Cisco Cisco Nexus Insights Unknown Fixed Yes source 12/14/21
Cisco Cisco Wide Area Application Services (WAAS) All versions Fixed Yes source 12/14/21
Cisco Cisco AMP Virtual Private Cloud Appliance Unknown Fixed Yes source 12/14/21
Cisco Cisco Adaptive Security Appliance (ASA) Software Unknown Fixed Yes source 12/14/21
Cisco Cisco Advanced Web Security Reporting Application Unknown Fixed Yes source 12/14/21
Cisco Cisco Content Security Management Appliance (SMA) Unknown Fixed Yes source 12/14/21
Cisco Cisco Email Security Appliance (ESA) Unknown Fixed Yes source 12/14/21
Cisco Cisco Firepower 4100 Series Unknown Fixed Yes source 12/14/21
Cisco Cisco Firepower 9300 Security Appliances Unknown Fixed Yes source 12/14/21
Cisco Cisco Firepower Management Center Unknown Fixed Yes source 12/14/21
Cisco Cisco Firepower Threat Defense (FTD) Unknown Fixed Yes source 12/14/21
Cisco Cisco Identity Services Engine (ISE) Unknown Affected No source 12/14/21
Cisco Cisco Web Security Appliance (WSA) Unknown Fixed Yes source 12/14/21
Cisco Cisco ACI Multi-Site Orchestrator Unknown Fixed Yes source 12/14/21
Cisco Cisco Application Policy Infrastructure Controller (APIC) Unknown Fixed Yes source 12/14/21
Cisco Cisco CloudCenter Suite Admin Unknown Fixed Yes source 12/14/21
Cisco Cisco CloudCenter Workload Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco Connected Grid Device Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco Connected Mobile Experiences Unknown Fixed Yes source 12/14/21
Cisco Cisco Crosswork Change Automation Unknown Fixed Yes source 12/14/21
Cisco Cisco DNA Assurance Unknown Fixed Yes source 12/14/21
Cisco Cisco Data Center Network Manager (DCNM) Unknown Fixed Yes source 12/14/21
Cisco Cisco Elastic Services Controller (ESC) Unknown Fixed Yes source 12/14/21
Cisco Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) Unknown Fixed Yes source 12/14/21
Cisco Cisco Modeling Labs Unknown Fixed Yes source 12/14/21
Cisco Cisco Network Planner Unknown Fixed Yes source 12/14/21
Cisco Cisco Network Services Orchestrator (NSO) Unknown Fixed Yes source 12/14/21
Cisco Cisco Nexus Dashboard (formerly Cisco Application Services Engine) <2.1.2 Affected No source Patch expected 7-jan-2022 12/14/21
Cisco Cisco Optical Network Planner Unknown Fixed Yes source 12/14/21
Cisco Cisco Policy Suite Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Central for Service Providers Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Collaboration Assurance Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Collaboration Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Collaboration Provisioning Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Infrastructure Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime License Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Network Registrar Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Optical for Service Providers Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Provisioning Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Service Catalog Unknown Fixed Yes source 12/14/21
Cisco Cisco UCS Performance Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM Unknown Fixed Yes source 12/14/21
Cisco Cisco WAN Automation Engine (WAE) Unknown Fixed Yes source 12/14/21
Cisco Cisco ACI Virtual Edge Unknown Fixed Yes source 12/14/21
Cisco Cisco ASR 5000 Series Routers Unknown Fixed Yes source 12/14/21
Cisco Cisco DNA Center Unknown Fixed Yes source 12/14/21
Cisco Cisco Enterprise NFV Infrastructure Software (NFVIS) Unknown Fixed Yes source 12/14/21
Cisco Cisco GGSN Gateway GPRS Support Node Unknown Fixed Yes source 12/14/21
Cisco Cisco IOS and IOS XE Software Unknown Fixed Yes source 12/14/21
Cisco Cisco IOx Fog Director Unknown Fixed Yes source 12/14/21
Cisco Cisco IP Services Gateway (IPSG) Unknown Fixed Yes source 12/14/21
Cisco Cisco MDS 9000 Series Multilayer Switches Unknown Fixed Yes source 12/14/21
Cisco Cisco MME Mobility Management Entity Unknown Fixed Yes source 12/14/21
Cisco Cisco Mobility Unified Reporting and Analytics System Unknown Fixed Yes source 12/14/21
Cisco Cisco Network Assurance Engine Unknown Fixed Yes source 12/14/21
Cisco Cisco Network Convergence System 2000 Series Unknown Fixed Yes source 12/14/21
Cisco Cisco Nexus 5500 Platform Switches Unknown Fixed Yes source 12/14/21
Cisco Cisco Nexus 5600 Platform Switches Unknown Fixed Yes source 12/14/21
Cisco Cisco Nexus 6000 Series Switches Unknown Fixed Yes source 12/14/21
Cisco Cisco Nexus 7000 Series Switches Unknown Fixed Yes source 12/14/21
Cisco Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode Unknown Fixed Yes source 12/14/21
Cisco Cisco PDSN/HA Packet Data Serving Node and Home Agent Unknown Fixed Yes source 12/14/21
Cisco Cisco PGW Packet Data Network Gateway Unknown Fixed Yes source 12/14/21
Cisco Cisco SD-WAN vEdge 1000 Series Routers Unknown Fixed Yes source 12/14/21
Cisco Cisco SD-WAN vEdge 2000 Series Routers Unknown Fixed Yes source 12/14/21
Cisco Cisco SD-WAN vEdge 5000 Series Routers Unknown Fixed Yes source 12/14/21
Cisco Cisco SD-WAN vEdge Cloud Router Platform Unknown Fixed Yes source 12/14/21
Cisco Cisco SD-WAN vManage Unknown Fixed Yes source 12/14/21
Cisco Cisco Secure Network Analytics (SNA), formerly Stealthwatch Unknown Fixed Yes source 12/14/21
Cisco Cisco System Architecture Evolution Gateway (SAEGW) Unknown Fixed Yes source 12/14/21
Cisco Cisco HyperFlex System Unknown Fixed Yes source 12/14/21
Cisco Cisco UCS Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco BroadWorks Unknown Fixed Yes source 12/14/21
Cisco Cisco Broadcloud Calling Unknown Fixed Yes source 12/14/21
Cisco Cisco Computer Telephony Integration Object Server (CTIOS) Unknown Fixed Yes source 12/14/21
Cisco Cisco Contact Center Domain Manager (CCDM) Unknown Fixed Yes source 12/14/21
Cisco Cisco Contact Center Management Portal (CCMP) Unknown Fixed Yes source 12/14/21
Cisco Cisco Emergency Responder Unknown Fixed Yes source 12/14/21
Cisco Cisco Enterprise Chat and Email Unknown Fixed Yes source 12/14/21
Cisco Cisco Finesse Unknown Fixed Yes source 12/14/21
Cisco Cisco Packaged Contact Center Enterprise Unknown Fixed Yes source 12/14/21
Cisco Cisco Paging Server (InformaCast) Unknown Fixed Yes source 12/14/21
Cisco Cisco Paging Server Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Attendant Console Advanced Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Attendant Console Business Edition Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Attendant Console Department Edition Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Attendant Console Enterprise Edition Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Attendant Console Premium Edition Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Contact Center Enterprise Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Contact Center Express Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Customer Voice Portal Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Intelligent Contact Management Enterprise Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified SIP Proxy Software Unknown Fixed Yes source 12/14/21
Cisco Cisco Virtualized Voice Browser Unknown Fixed Yes source 12/14/21
Cisco Exony Virtualized Interaction Manager (VIM) Unknown Fixed Yes source 12/14/21
Cisco Cisco Expressway Series Unknown Fixed Yes source 12/14/21
Cisco Cisco Meeting Server Unknown Fixed Yes source 12/14/21
Cisco Cisco TelePresence Management Suite Unknown Fixed Yes source 12/14/21
Cisco Cisco TelePresence Video Communication Server (VCS) Unknown Fixed Yes source 12/14/21
Cisco Cisco Vision Dynamic Signage Director Unknown Fixed Yes source 12/14/21
Cisco Cisco Mobility Services Engine Unknown Fixed Yes source 12/14/21
Cisco Cisco CX Cloud Agent Software Unknown Fixed Yes source 12/14/21
Cisco Cisco Cloud Email Security Unknown Fixed Yes source 12/14/21
Cisco Cisco Cognitive Intelligence Unknown Fixed Yes source 12/14/21
Cisco Cisco Common Services Platform Collector Unknown Fixed Yes source 12/14/21
Cisco Cisco Connectivity Unknown Fixed Yes source 12/14/21
Cisco Cisco DNA Spaces Unknown Fixed Yes source 12/14/21
Cisco Cisco Defense Orchestrator Unknown Fixed Yes source 12/14/21
Cisco Cisco Intersight Unknown Fixed Yes source 12/14/21
Cisco Cisco IoT Operations Dashboard Unknown Fixed Yes source 12/14/21
Cisco Cisco Kinetic for Cities Unknown Fixed Yes source 12/14/21
Cisco Cisco Network Assessment (CNA) Tool Unknown Fixed Yes source 12/14/21
Cisco Cisco Umbrella Unknown Fixed Yes source 12/14/21
Cisco Managed Services Accelerator (MSX) Network Access Control Service Unknown Fixed Yes source 12/14/21
Cisco AppDynamics <21.12.0 Fixed Yes source 12/14/21
Cisco Cisco Webex Meetings Server Unknown Fixed Yes source 12/14/21
Cisco Cisco Evolved Programmable Network Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco Integrated Management Controller (IMC) Supervisor Unknown Fixed Yes source 12/14/21
Cisco Cisco Intersight Virtual Appliance Unknown Fixed Yes source 12/14/21
Cisco Cisco UCS Director Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Contact Center Enterprise - Live Data server Unknown Fixed Yes source 12/14/21
Cisco Cisco Video Surveillance Operations Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Communications Manager Cloud Unknown Fixed Yes source 12/14/21
Cisco Cisco Webex Cloud-Connected UC (CCUC) Unknown Fixed Yes source 12/14/21
Cisco Duo Unknown Fixed Yes source 12/14/21
Cisco Cisco Jabber Guest All versions Fixed Yes source 12/14/21
Cisco Cisco Cloud Services Platform 2100 All versions Fixed Yes source 12/14/21
Cisco Cisco Cloud Services Platform 5000 Series All versions Fixed Yes source 12/14/21
Cisco Cisco Tetration Analytics All versions Fixed Yes source 12/14/21
Cisco Cisco Adaptive Security Device Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco Registered Envelope Service Unknown Fixed Yes source 12/14/21
Cisco Cisco Business Process Automation Unknown Fixed Yes source 12/14/21
Cisco Cisco CloudCenter Action Orchestrator Unknown Fixed Yes source 12/14/21
Cisco Cisco Container Platform Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Access Registrar Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Cable Provisioning Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Collaboration Deployment Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime IP Express Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Network Registrar Unknown Fixed Yes source 12/14/21
Cisco Cisco Prime Performance Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco Security Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco UCS Central Software Unknown Fixed Yes source 12/14/21
Cisco Cisco IOS XR Software Unknown Fixed Yes source 12/14/21
Cisco Cisco Nexus 3000 Series Switches Unknown Fixed Yes source 12/14/21
Cisco Cisco Nexus 9000 Series Switches in standalone NX-OS mode Unknown Fixed Yes source 12/14/21
Cisco Cisco UCS C-Series Rack Servers - Integrated Management Controller Unknown Fixed Yes source 12/14/21
Cisco Cisco Hosted Collaboration Mediation Fulfillment Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Communications Domain Manager Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) Unknown Fixed Yes source 12/14/21
Cisco Cisco Unified Intelligence Center Unknown Fixed Yes source 12/14/21
Cisco Cisco Unity Connection Unknown Fixed Yes source 12/14/21
Cisco Cisco Unity Express Unknown Fixed Yes source 12/14/21
Cisco Cisco Ultra Packet Core Unknown Fixed Yes source 12/14/21
Cisco Cisco Smart Software Manager On-Prem Unknown Fixed Yes source 12/14/21
CIS-CAT CIS-CAT Pro Assessor 4.12.0 and below Affected No [proof] (https://ibb.co/98kyxqK) Found by manual scanning 12/14/21
Citrix NetScaler ADC Unknown Fixed Yes source Implementation not using WlonNS feature, is not impacted 12/14/21
Citrix NetScaler Gateway Unknown Fixed Yes source 12/14/21
Citrix Analytics Unknown Fixed Yes source 12/14/21
Citrix Application Delivery Management (NetScaler MAS) Unknown Fixed Yes source 12/14/21
Citrix Hypervisor (XenServer) Unknown Fixed Yes source 12/14/21
Citrix SD-WAN Unknown Fixed Yes source 12/14/21
Citrix Virtual Apps and Desktops (XenApp & XenDesktop) Unknown Fixed Yes source 12/14/21
Citrix Workspace Unknown Fixed Yes source 12/14/21
Citrix Workspace App Unknown Fixed Yes source 12/14/21
Citrix Sharefile Unknown Fixed Yes source 12/14/21
cPanel cPanel Unknown Fixed Yes source 12/14/21
Commvault All products All versions Fixed Yes source 12/14/21
Commvault Cloud Apps & Oracle & MS-SQL All supported versions Fixed Yes source 12/14/21
Connect2id Connect2id server < 12.5.1 Fixed Yes source 12/14/21
Connectwise Perch Unknown Fixed Yes source 12/14/21
Connectwise Manage on-premise's Global Search Unknown Fixed Yes source 12/14/21
Connectwise Marketplace Unknown Fixed Yes source 12/14/21
Connectwise Global search capability of Manage Cloud Unknown Fixed Yes source 12/14/21
Connectwise StratoZen Unknown Fixed Yes source Urgent action for self-hosted versions 12/14/21
Contrast Hosted SaaS Enviroments All Fixed Yes source 12/14/21
Contrast On-premises (EOP) Environments All Fixed Yes source 12/14/21
Contrast Java Agent All Fixed Yes source 12/14/21
Contrast Scan All Fixed Yes source 12/14/21
ControlUp All products All versions Fixed Yes source 12/14/21
Coralogix Coralogix Unknown Fixed Yes source 12/14/21
Couchbase Couchbase ElasticSearch connector < 4.3.3 & 4.2.13 Fixed Yes source 12/14/21
Cryptshare Cryptshare Server All Fixed Yes source 12/14/21
Cryptshare Cryptshare for Outlook All Fixed Yes source 12/14/21
Cryptshare Cryptshare for Notes All Fixed Yes source 12/14/21
Cryptshare Cryptshare for NTA 7516 All Fixed Yes source 12/14/21
Cryptshare Cryptshare .NET API All Fixed Yes source 12/14/21
Cryptshare Cryptshare Java API All Fixed Yes source 12/14/21
Cryptshare Cryptshare Robot All Fixed Yes source 12/14/21
Cyberark PAS Self Hosted Fixed Yes source 12/14/21
Cybereason All Cybereason products Unknown Fixed Yes source 12/14/21
DatadogHQ Datadog Agent 6 < 6.32.2, 7 < 7.32.2 Fixed Yes source JMX monitoring component leverages an impacted version of log4j 12/14/21
Datto All Datto products Unknown Fixed Yes source 12/14/21
Debian Apache-log4j.1.2 stretch, buster, bullseye Fixed Yes source 12/14/21
Debian Apache-log4j2 stretch, buster, bullseye Fixed Yes source 12/14/21
Dell BSAFE Crypto-C Micro Edition Unknown Fixed Yes source 12/14/21
Dell BSAFE Crypto-J Unknown Fixed Yes source 12/14/21
Dell BSAFE Micro Edition Suite Unknown Fixed Yes source 12/14/21
Dell Centera Unknown Fixed Yes source 12/14/21
Dell Chassis Management Controller (CMC) Unknown Fixed Yes source 12/14/21
Dell Cloudlink Unknown Fixed Yes source 12/14/21
Dell Cloud Mobility for Dell EMC Storage Unknown Fixed Yes source 12/14/21
Dell Data Domain OS Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell Disk Library for Mainframe Unknown Fixed Yes source 12/14/21
Dell Embedded NAS Unknown Fixed Yes source 12/14/21
Dell EMC Cloud Disaster Recovery Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell EMC DataIQ Unknown Fixed Yes source 12/14/21
Dell EMC ECS Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell EMC Integrated System for Microsoft Azure Stack Hub Unknown Fixed Yes source 12/14/21
Dell EMC License Manager Unknown Fixed Yes source 12/14/21
Dell EMC NetWorker Unknown Fixed Yes source 12/14/21
Dell EMC Networking Onie Unknown Fixed Yes source 12/14/21
Dell EMC ObjectScale Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell EMC PowerFlex Appliance Unknown Fixed Yes source 12/14/21
Dell EMC PowerFlex Manager Unknown Fixed Yes source 12/14/21
Dell EMC PowerFlex Rack Unknown Fixed Yes source 12/14/21
Dell EMC PowerMax Unknown Fixed Yes source 12/14/21
Dell EMC PowerPath Management Appliance Unknown Fixed Yes source 12/14/21
Dell EMC PowerPath Unknown Fixed Yes source 12/14/21
Dell EMC PowerProtect Cyber Recovery Unknown Fixed Yes source 12/14/21
Dell EMC PowerProtect Data Manager Unknown Fixed Yes source 12/14/21
Dell EMC PowerProtect DP Series Appliance (iDPA) Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell EMC PowerScale OneFS Unknown Fixed Yes source 12/14/21
Dell EMC PowerShell for PowerMax Unknown Fixed Yes source 12/14/21
Dell EMC PowerShell for Powerstore Unknown Fixed Yes source 12/14/21
Dell EMC PowerShell for Unity Unknown Fixed Yes source 12/14/21
Dell EMC PowerStore Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell EMC PowerSwitch Z9264F-ON BMC, Dell EMC PowerSwitch Z9432F-ON BMC Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell EMC RecoverPoint Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell EMC Repository Manager (DRM) Unknown Fixed Yes source 12/14/21
Dell EMC SourceOne Unknown Fixed Yes source 12/14/21
Dell EMC SRM vApp Unknown Fixed Yes source 12/14/21
Dell EMC Streaming Data Platform Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell EMC Systems Update (DSU) Unknown Fixed Yes source 12/14/21
Dell EMC Unity Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell EMC Virtual Storage Integrator Unknown Fixed Yes source 12/14/21
Dell EMC VPLEX Unknown Fixed Yes source 12/14/21
Dell EMC VxRail Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell EMC XtremIO Unknown Fixed Yes source 12/14/21
Dell Enterprise Hybrid Cloud Unknown Fixed Yes source 12/14/21
Dell GeoDrive Unknown Fixed Yes source 12/14/21
Dell Hybrid Client (DHC) Unknown Fixed Yes source 12/14/21
Dell ImageAssist Unknown Fixed Yes source 12/14/21
Dell Insight IQ Unknown Fixed Yes source 12/14/21
Dell Integrated Dell Remote Access Controller (iDRAC) Unknown Fixed Yes source 12/14/21
Dell IsilonSD Management Server Unknown Fixed Yes source 12/14/21
Dell Mainframe Enablers Unknown Fixed Yes source 12/14/21
Dell MyDell Mobile Unknown Fixed Yes source 12/14/21
Dell NetWorker Management Console Unknown Fixed Yes source 12/14/21
Dell NetWorker MM for Hyper-V Unknown Fixed Yes source 12/14/21
Dell Networking N-Series Unknown Fixed Yes source 12/14/21
Dell Networking OS9 Unknown Fixed Yes source 12/14/21
Dell Networking OS Unknown Fixed Yes source 12/14/21
Dell Networking SD-WAN Edge Unknown Fixed Yes source 12/14/21
Dell Networking W-Series Unknown Fixed Yes source 12/14/21
Dell Networking X-Series Unknown Fixed Yes source 12/14/21
Dell OMIMSSC (OpenManage Integration for Microsoft System Center) Unknown Fixed Yes source 12/14/21
Dell OpenManage Change Management Unknown Fixed Yes source 12/14/21
Dell OpenManage Enterprise Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell OpenManage Integration for Microsoft System Center for System Center Operations Manager Unknown Fixed Yes source 12/14/21
Dell OpenManage Integration with Microsoft Windows Admin Center Unknown Fixed Yes source 12/14/21
Dell Open Management Enterprise - Modular Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell Open Manage Mobile Unknown Fixed Yes source 12/14/21
Dell OpenManage Network Integration Unknown Fixed Yes source 12/14/21
Dell Open Manage Server Administrator Unknown Fixed Yes source 12/14/21
Dell PowerEdge BIOS Unknown Fixed Yes source 12/14/21
Dell Remotely Anywhere Unknown Fixed Yes source 12/14/21
Dell Secure Connect Gateway (SCG) 5.0 Appliance Unknown Fixed Yes source 12/14/21
Dell Smart Fabric Storage Software Unknown Fixed Yes source 12/14/21
Dell Solutions Enabler Unknown Fixed Yes source 12/14/21
Dell Sonic Unknown Fixed Yes source 12/14/21
Dell SRS Policy Manager Unknown Fixed Yes source 12/14/21
Dell SRS VE Unknown Fixed Yes source 12/14/21
Dell SupportAssist Client Commercial Unknown Fixed Yes source 12/14/21
Dell SupportAssist Client Consumer Unknown Fixed Yes source 12/14/21
Dell SupportAssist Enterprise Unknown Fixed Yes source 12/14/21
Dell Unisphere Central Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell Unisphere for PowerMax Unknown Fixed Yes source 12/14/21
Dell Vblock Unknown Fixed Yes source 12/14/21
Dell ViPR Controller Unknown Fixed Yes source 12/14/21
Dell VNX2 Unknown Fixed Yes source 12/14/21
Dell VNX Control Station Unknown Fixed Yes source 12/14/21
Dell Vsan Ready Nodes Unknown Fixed Yes source 12/14/21
Dell VxBlock Unknown Fixed Yes source 12/14/21
Dell VxFlex Ready Nodes Unknown Fixed Yes source 12/14/21
Dell Wyse Management Suite Import Tool Unknown Fixed Yes source 12/14/21
Dell Wyse Management Suite Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Dell Wyse Proprietary OS (ThinOS) Unknown Fixed Yes source 12/14/21
Dell Wyse Windows Embedded Unknown Fixed Yes source Fix Release Timeline TBD 12/14/21
Docker Docker infrastructure Unknown Fixed Yes source Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. 12/14/21
Dropwizard Dropwizard Unknown Fixed Yes source Only vulnerable if you manually added Log4j 12/14/21
Dynatrace Dynatrace Cloud Services Unknown Fixed Yes source 12/14/21
Dynatrace ActiveGates 1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926 Fixed Yes source 12/14/21
EAL ATS Classic All Versions Fixed Yes See vendor-statements 12/14/21
Elastic APM Java Agent 1.17.0-1.28.0 Fixed Yes source Only vulnerable with specific configuration 12/14/21
Elastic APM Server Fixed Yes source 12/14/21
Elastic Beats Fixed Yes source 12/14/21
Elastic Cmd Fixed Yes source 12/14/21
Elastic Elastic Agent Fixed Yes source 12/14/21
Elastic Elastic Cloud Fixed Yes source 12/14/21
Elastic Elastic Cloud Enterprise Fixed Yes source 12/14/21
Elastic Elastic Cloud on Kubernetes Fixed Yes source 12/14/21
Elastic Elastic Endgame Fixed Yes source 12/14/21
Elastic Elastic Maps Service Fixed Yes source 12/14/21
Elastic Elasticsearch < 6.8.21, < 7.16.1 Fixed Yes source Information leakage vulnerability 12/14/21
Elastic Endpoint Security Fixed Yes source 12/14/21
Elastic Enterprise Search Fixed Yes source 12/14/21
Elastic Fleet Server Fixed Yes source 12/14/21
Elastic Kibana Fixed Yes source 12/14/21
Elastic Logstash < 6.8.21, < 7.16.1 Fixed Yes source 12/14/21
Elastic Machine Learning Fixed Yes source 12/14/21
Elastic Swiftype Fixed Yes source 12/14/21
ELO Digital Office Fixed Yes source 12/14/21
ESET All products Unknown Fixed Yes source 12/14/21
Esri ArcGIS Enterprise and related products < 10.8.0 Fixed Yes source 12/14/21
EVL Labs JGAAP <8.0.2 Fixed Yes source 12/14/21
eXtreme Hosting All products Unknown Fixed Yes source 12/14/21
F5 All products Fixed Yes source F5 products themselves are not vulnerable, but F5 published guidance on mitigating through BIG-IP ASM/Advanced WAF and NGINX App Protect 12/14/21
FileCap All products <5.1.0 Fixed Yes source Fix: 5.1.1 12/14/21
Fiix CMMS core V5 Fixed Yes source 12/14/21
Forcepoint DLP Manager Fixed Yes source 12/14/21
Forcepoint Forcepoint Cloud Security Gateway (CSG) Fixed Yes source 12/14/21
Forcepoint Next Generation Firewall (NGFW) Fixed Yes source 12/14/21
Forcepoint Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder Fixed Yes source 12/14/21
Forcepoint One Endpoint Fixed Yes source 12/14/21
Forcepoint Security Manager (Web, Email and DLP) Fixed Yes source 12/14/21
ForgeRock Autonomous Identity Fixed Yes source all other ForgeRock products not vuln 12/14/21
Fortinet FortiAIOps Affected No source 12/14/21
Fortinet FortiAnalyzer Cloud Fixed Yes source 12/14/21
Fortinet FortiAnalyzer Fixed Yes source 12/14/21
Fortinet FortiAP Fixed Yes source 12/14/21
Fortinet FortiAuthenticator Fixed Yes source 12/14/21
Fortinet FortiCASB Affected No source 12/14/21
Fortinet FortiConvertor Affected No source 12/14/21
Fortinet FortiDeceptor Fixed Yes source 12/14/21
Fortinet FortiEDR Agent Fixed Yes source 12/14/21
Fortinet FortiEDR Cloud Affected No source 12/14/21
Fortinet FortiGate Cloud Fixed Yes source 12/14/21
Fortinet FortiGSLB Cloud Fixed Yes source 12/14/21
Fortinet FortiMail Fixed Yes source 12/14/21
Fortinet FortiManager Cloud Fixed Yes source 12/14/21
Fortinet FortiManager Fixed Yes source 12/14/21
Fortinet FortiNAC Affected No source 12/14/21
Fortinet FortiNAC Affected No source 12/14/21
Fortinet FortiOS (includes FortiGate & FortiWiFi) Fixed Yes source 12/14/21
Fortinet FortiPhish Cloud Fixed Yes source 12/14/21
Fortinet FortiPolicy Affected No source 12/14/21
Fortinet FortiPortal Affected No source 12/14/21
Fortinet FortiRecorder Fixed Yes source 12/14/21
Fortinet FortiSIEM Affected No source 12/14/21
Fortinet FortiSOAR Affected No source 12/14/21
Fortinet FortiSwitch Cloud in FortiLANCloud Fixed Yes source 12/14/21
Fortinet FortiSwitch & FortiSwitchManager Fixed Yes source 12/14/21
Fortinet FortiToken Cloud Fixed Yes source 12/14/21
Fortinet FortiVoice Fixed Yes source 12/14/21
Fortinet FortiWeb Cloud Fixed Yes source 12/14/21
Fortinet ShieldX Affected No source 12/14/21
F-Secure Endpoint Proxy 13-15 Fixed Yes source 12/14/21
F-Secure Policy Manager 13-15 Fixed Yes source 12/14/21
F-Secure Policy Manager Proxy 13-15 Fixed Yes source 12/14/21
FusionAuth FusionAuth 1.32 Fixed Yes source 12/14/21
Genesys All products Fixed Yes source 12/14/21
GFI Software Kerio Connect Fixed Yes source 12/14/21
GoAnywhere MFT Unknown Fixed Yes source 12/14/21
GoAnywhere Gateway Unknown Fixed Yes source 12/14/21
GoAnywhere Agents Unknown Fixed Yes source 12/14/21
Graylog Graylog < 3.3.15,<4.0.14,<4.1.9,<4.2.3 Fixed Yes source 12/14/21
GuardedBox GuardedBox <3.1.2 Fixed Yes source 12/14/21
HackerOne Unknown Unknown Fixed Yes source 12/14/21
Hashicorp All products Fixed Yes source 12/14/21
HCL Software BigFix Compliance Unknown Fixed Yes source 12/14/21
HCL Software BigFix Inventory Unknown Fixed Yes source 12/14/21
HCL Software BigFix Compliance Unknown Fixed Yes source 12/14/21
HCL Software BigFix Compliance Unknown Fixed Yes source 12/14/21
Hexagon M.App Enterprise Unknown Fixed Yes source Might be vulnerable only when used with Geoprocessing Server 12/14/21
Hexagon ERDAS APOLLO Advantage & Professional Unknown Fixed Yes source 12/14/21
Hexagon GeoMedia Unknown Fixed Yes source 12/14/21
Hexagon IMAGINE Unknown Fixed Yes source 12/14/21
Hexagon ImageStation Unknown Fixed Yes source 12/14/21
Hexagon GeoMedia WebMap Unknown Fixed Yes source 12/14/21
Hexagon Geospatial Portal Unknown Fixed Yes source 12/14/21
Hexagon Geospatial SDI Unknown Fixed Yes source 12/14/21
Hexagon GeoMedia SmartClient Unknown Fixed Yes source 12/14/21
Hexagon ERDAS APOLLO Essentials Unknown Fixed Yes source 12/14/21
Hexagon M.App Enterprise standalone or with Luciad Fusion Unknown Fixed Yes source 12/14/21
Hexagon Luciad Fusion Unknown Fixed Yes source The only risk is if Log4J was implemented outside of the default product install 12/14/21
Hexagon Luciad Lightspeed Unknown Fixed Yes source The only risk is if Log4J was implemented outside of the default product install 12/14/21
Hitachi Vantara Pentaho v8.3.x, v9.2.x Fixed Yes source 12/14/21
HostiFi Unifi hosting Unknown Fixed Yes source Hosted Unifi solution 12/14/21
Huawei All products Fixed Yes source 12/14/21
IBM All products Fixed Yes source 12/14/21
IBM Curam SPM 8.0.0, 7.0.11 Fixed Yes source 12/14/21
IBM Sterling Order Management Unknown Fixed Yes source 12/14/21
IBM Sterling Fulfillment Optimizer Unknown Fixed Yes source 12/14/21
IBM Sterling Inventory Visibility Unknown Fixed Yes source 12/14/21
IBM Websphere 8.5 Fixed Yes source fix: PH42728 12/14/21
IBM Websphere 9.0 Fixed Yes source fix: PH42728 12/14/21
Inductive Automation Ignition All versions Fixed Yes source 12/14/21
Informatica Axon 7.2.x Fixed Yes source 12/14/21
Informatica Data Privacy Management 10.5, 10.5.1 Fixed Yes source 12/14/21
Informatica Information Deployment Manager Fixed Yes source 12/14/21
Informatica Metadata Manager 10.4, 10.4.1, 10.5, 10.5.1 Fixed Yes source 12/14/21
Informatica PowerCenter 10.5.1 Fixed Yes source 12/14/21
Informatica PowerExchange for CDC (Publisher) and Mainframe 10.5.1 Fixed Yes source 12/14/21
Informatica Product 360 All versions Fixed Yes source 12/14/21
Informatica Secure Agents (Cloud hosted) Unknown Fixed Yes source Fixed agents may need to be restarted 12/14/21
IronNet All products All verisons Fixed Yes source 12/14/21
Ivanti All products All versions Fixed Yes source No products are deemed affected at this moment 12/14/21
JFrog all products Fixed Yes source 12/14/21
Jamf Nation Jamf Cloud Unknown Fixed Yes source 12/14/21
Jamf Nation Jamf Pro (hosted on-prem) < 10.34.1 Fixed Yes source <10.14 vulnerable, 10.14-10.34 patch, >= 10.34.1 fix 12/14/21
Jamf Nation Health Care Listener Unknown Fixed Yes source 12/14/21
Jamf Nation Jamf Connect Unknown Fixed Yes source 12/14/21
Jamf Nation Jamf Data Policy Unknown Fixed Yes source 12/14/21
Jamf Nation Jamf Infrastructure Manager Unknown Fixed Yes source 12/14/21
Jamf Nation Jamf Now Unknown Fixed Yes source 12/14/21
Jamf Nation Jamf Private Access Unknown Fixed Yes source 12/14/21
Jamf Nation Jamf Protect Unknown Fixed Yes source 12/14/21
Jamf Nation Jamf School Unknown Fixed Yes source 12/14/21
Jamf Nation Jamf Threat Defense Unknown Fixed Yes source 12/14/21
Jazz/IBM JazzSM DASH Unknown Fixed Yes source DASH on WebSphere Application Server requires mitigations 12/14/21
Jenkins Jenkins CI Unknown Fixed Yes source Invidivual plugins not developed as part of Jenkins core may be vulnerable. 12/14/21
JetBrains YouTrack Standalone >= 2019.2 <= 2021.4.34389 Fixed Yes
email, mitigation 12/14/21
Jetbrains TeamCity Unknown Fixed Yes source 12/14/21
Jitsi jitsi-videobridge v2.1-595-g3637fda42 Fixed Yes source 12/14/21
Kaseya AuthAnvil Unknown Fixed Yes source 12/14/21
Kaseya BMS Unknown Fixed Yes source 12/14/21
Kaseya ID Agent DarkWeb ID and BullPhish ID Unknown Fixed Yes source 12/14/21
Kaseya IT Glue Unknown Fixed Yes source 12/14/21
Kaseya MyGlue Unknown Fixed Yes source 12/14/21
Kaseya Network Glue Unknown Fixed Yes source 12/14/21
Kaseya Passly Unknown Fixed Yes source 12/14/21
Kaseya RocketCyber Unknown Fixed Yes source 12/14/21
Kaseya Spannign Salesforce Backup Unknown Fixed Yes source 12/14/21
Kaseya Spanning O365 Backup Unknown Fixed Yes source 12/14/21
Kaseya Unitrends Unknown Fixed Yes source 12/14/21
Kaseya VSA SaaS and VSA On-Premises Unknown Fixed Yes source 12/14/21
Kaseya Vorex Unknown Fixed Yes source 12/14/21
Kaseya products not listed above Unknown Fixed Yes source 12/14/21
Keycloak Keycloak all version Fixed Yes source 12/14/21
LeanIX All products All versions Fixed Yes source 12/14/21
Lightbend Akka Unknown Fixed Yes source 12/14/21
Lightbend Akka Serverless Unknown Fixed Yes source 12/14/21
Lightbend Lagom Framework Unknown Fixed Yes source Users that switched from logback to log4j are affected 12/14/21
Lightbend Play Framework Unknown Fixed Yes source Users that switched from logback to log4j are affected 12/14/21
LogicMonitor LogicMonitor SaaS Platform Unknown Fixed Yes
Automatic update before 13th December source 12/14/21
The Linux Foundation XCP-ng All versions Fixed Yes source 12/14/21
LiquidFiles LiquidFiles All versions Fixed Yes source 12/14/21
Mailcow Mailcow Solr Docker < 1.8 Fixed Yes source 12/14/21
ManageEngine ADAudit Plus Unknown Fixed Yes Third party components bundle log4j 12/14/21
ManageEngine ADManager Plus Unknown Fixed Yes source Mitigation: set -Dlog4j2.formatMsgNoLookups=true in jvm.options. 12/14/21
ManageEngine Desktop Central Unknown Fixed Yes source 12/14/21
McAfee Data Exchange Layer (DXL) Unknown Fixed Yes source 12/14/21
McAfee Enterprise Security Manager (ESM) Unknown Fixed Yes source 12/14/21
McAfee McAfee Active Response (MAR) Unknown Fixed Yes source 12/14/21
McAfee Network Security Manager (NSM) Unknown Fixed Yes source 12/14/21
McAfee Network Security Platform (NSP) Unknown Fixed Yes source 12/14/21
McAfee Threat Intelligence Exchange (TIE) Unknown Fixed Yes source 12/14/21
McAfee ePolicy Orchestrator Agent Handlers (ePO-AH) Unknown Fixed Yes source 12/14/21
McAfee ePolicy Orchestrator Application Server (ePO) <= 5.10 CU10 Fixed Yes source 12/14/21
McAfee ePolicy Orchestrator Application Server (ePO) 5.10 CU11 Fixed Yes source 12/14/21
Memurai All products Fixed Yes source 12/14/21
Metabase Metabase <0.41.4 Fixed Yes source Mitigations available for earlier versions 12/14/21
Microsoft Fixed Yes source, IOCs Microsoft provided additional guidance for preventing, detecting and hunting for exploitation 12/14/21
Microsoft Azure AD Unknown Fixed Yes source ADFS itself is not vulnerable, federation providers may be 12/14/21
Microsoft Azure App Service Unknown Fixed Yes source This product itself is not vulnerable, Microsoft provides guidance on remediation for hosted applications 12/14/21
Microsoft Azure Application Gateway Unknown Fixed Yes source 12/14/21
Microsoft Azure Front Door Unknown Fixed Yes source 12/14/21
Microsoft Azure WAF Unknown Fixed Yes source 12/14/21
Microsoft Kafka Connect for Azure Cosmo DB < 1.2.1 Fixed Yes source 12/14/21
Minecraft Java edition <1.18.1 Fixed Yes source
Mitigations available for earlier versions 12/14/21
MISP MISP All Fixed Yes source 12/14/21
MONARC MONARC All Fixed Yes source 12/14/21
MongoDB Atlas Search Unknown Fixed Yes source
Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered. 12/14/21
MongoDB Atlas Unknown Fixed Yes source
Including Atlas Database, Data Lake, Charts 12/14/21
MongoDB Enterprise Advanced Unknown Fixed Yes source
Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators. 12/14/21
MongoDB Community Edition Unknown Fixed Yes source
Including Community Server, Cloud Manager, Community Kubernetes Operators. 12/14/21
MongoDB Drivers Unknown Fixed Yes source
12/14/21
MongoDB Tools Unknown Fixed Yes source
Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors 12/14/21
MongoDB Realm Unknown Fixed Yes source
including Realm Database, Sync, Functions, APIs 12/14/21
Moodle Moodle All Fixed Yes source
12/14/21
-------------------- -------------------------------------------------------------------- :--------: Fixed Yes -----------------------------------------------------------------------------------------------------------------: ------------------------------------------------ 12/14/21
N-able Backup Unknown Fixed Yes source 12/14/21
N-able MSP Manager Unknown Fixed Yes source 12/14/21
N-able Mail Assure Unknown Fixed Yes source 12/14/21
N-able N-central Unknown Fixed Yes source 12/14/21
N-able Passportal Unknown Fixed Yes source 12/14/21
N-able RMM Unknown Fixed Yes source 12/14/21
N-able Risk Intelligence Unknown Fixed Yes source 12/14/21
N-able Take Control Unknown Fixed Yes source 12/14/21
Neo4j Neo4j > 4.2 Fixed Yes source Workaround is available, but not released yet. 12/14/21
Nelson Nelson 0.16.185 Fixed Yes source Workaround is available, but not released yet. 12/14/21
NetApp Brocade SAN Naviator Unknown Fixed Yes source 12/14/21
NetApp Cloud Manager Unknown Fixed Yes source 12/14/21
NetApp Element Plug-in for vCenter Server Unknown Fixed Yes source 12/14/21
NetApp Management Services for Element Software and NetApp HCI Unknown Fixed Yes source 12/14/21
NetApp NetApp HCI Compute Node Unknown Fixed Yes source 12/14/21
NetApp NetApp SolidFire & HCI Management Node Unknown Fixed Yes source 12/14/21
NetApp NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO) Unknown Fixed Yes source 12/14/21
NetApp NetApp SolidFire, Enterprise SDS & HCI Storage Unknown Fixed Yes source 12/14/21
NetApp NetApp SolidFireStorage Replication Adapter Unknown Fixed Yes source 12/14/21
Netflix atlas 1.6.6 Fixed Yes source 12/14/21
Netflix dgs-framework < 4.9.11 Fixed Yes fix 12/14/21
Netflix spectator < 1.0.9 Fixed Yes fix 12/14/21
Netflix zuul Unknown Fixed Yes source 12/14/21
NetIQ Access Manager > 4.5.x & > 5.0.x Fixed Yes workaround 12/14/21
Netwrix Netwrix Auditor Fixed Yes source 12/14/21
New Relic Java Agent 6.5.1 & 7.4.1 Fixed Yes source 12/14/21
NextGen Healthcare Mirth Unknown Fixed Yes source 12/14/21
NSA Ghidra < 10.1 Fixed Yes source, fix 12/14/21
Nutanix AOS All versions Fixed Yes source Patch pending 12/14/21
Nutanix AHV All versions Fixed Yes source Investigating 12/14/21
Nutanix Prism Central All versions Fixed Yes source Patch pending 12/14/21
Nutanix Flow Security Central All versions Fixed Yes source 12/14/21
Nutanix Files All versions Fixed Yes source Investigating 12/14/21
Nutanix Objects All versions Fixed Yes source Investigating 12/14/21
Nutanix Volumes All versions Fixed Yes source Patch pending 12/14/21
Nutanix Mine All versions Fixed Yes source Investigating 12/14/21
Nutanix Era All versions Fixed Yes source Investigating 12/14/21
Nutanix X-Ray All versions Fixed Yes source Investigating 12/14/21
Nutanix LCM All versions Fixed Yes source Investigating 12/14/21
Nutanix Move All versions Fixed Yes source Investigating 12/14/21
Nutanix NCC All versions Fixed Yes source Investigating 12/14/21
Nutanix Foundation All versions Fixed Yes source Investigating 12/14/21
Nutanix Karbon All versions Fixed Yes source Patch pending 12/14/21
Nutanix Leap All versions Fixed Yes source Patch pending 12/14/21
Nutanix Calm All versions Fixed Yes source Patch pending 12/14/21
Nutanix Beam All versions Fixed Yes source Patch pending 12/14/21
Nutanix Frame All versions Fixed Yes source 12/14/21
Nutanix Sizer Unknown Fixed Yes source See advisory 12/14/21
Nutanix Insights All versions Fixed Yes source Patch pending 12/14/21
NXLog NXLog Manager 5.x Fixed Yes source 12/14/21
Obsidian Dynamics kafdrop all Fixed Yes source 12/14/21
Okta AD Agent Unknown Fixed Yes source 12/14/21
Okta Access Gateway Unknown Fixed Yes source 12/14/21
Okta Advanced Server Access Unknown Fixed Yes source 12/14/21
Okta Browser Plugin Unknown Fixed Yes source 12/14/21
Okta IWA Web Agent Unknown Fixed Yes source 12/14/21
Okta LDAP Agent Unknown Fixed Yes source 12/14/21
Okta Mobile Unknown Fixed Yes source 12/14/21
Okta On-Prem MFA Agent <1.4.6 Fixed Yes source, fix 12/14/21
Okta Radius Server Agent 2.17.0 Fixed Yes source/fix 12/14/21
Okta Verify Unknown Fixed Yes source 12/14/21
Okta Workflow Unknown Fixed Yes source 12/14/21
Okta RADIUS Server Agent <2.17.0 Fixed Yes source, fix 12/14/21
OpenMRS Talk 2.4.0-2.4.1 Fixed Yes source Mitigations are available, pending a new release 12/14/21
OpenNMS Horizon (including derived Sentinels) < 29.0.3 Fixed Yes source Workarounds are available too for earlier versions 12/14/21
OpenNMS Meridian (including derived Minions and Sentinels) < 2021.1.8, 2020.1.15, 2019.1.27 Fixed Yes source Workarounds are available too for earlier versions 12/14/21
OpenNMS Minion appliance Unknown Fixed Yes source 12/14/21
OpenNMS PoweredBy OpenNMS Unknown Fixed Yes source 12/14/21
OpenSearch OpenSearch < 1.2.1 Fixed Yes source 12/14/21
Oracle Database Unknown Fixed Yes source, Support note 2827611.1 12/14/21
Oracle Fusion Middleware Unknown Fixed Yes source, Support note 209768.1, Support note 2827611.1 12/14/21
Oracle Oracle Enterprise Manager Unknown Fixed Yes source, Support note 209768.1, Support note 2827611.1 12/14/21
Oracle Oracle WebLogic Server Unknown Fixed Yes source, Support note 209768.1, Support note 2827611.1 12/14/21
Oracle Oracle HTTP Server Unknown Fixed Yes source, Support note 209768.1, Support note 2827611.1 12/14/21
Oracle Oracle Internet Directory Unknown Fixed Yes source, Support note 209768.1, Support note 2827611.1 12/14/21
Oracle Oracle SOA Suite Unknown Fixed Yes source, Support note 2827611.1 12/14/21
Oracle Oracle Fusion Middleware Infrastructure Unknown Fixed Yes source, Support note 2827611.1 12/14/21
Oracle Oracle Access Manager Unknown Fixed Yes source, Support note 2827611.1 12/14/21
Oracle Oracle eBusiness Suite Unknown Fixed Yes source, Support note 2827611.1 12/14/21
Oracle Oracle Policy Automation (OPA) Unknown Fixed Yes source, Support note 2827611.1 12/14/21
Oracle NoSQL Database Unknown Fixed Yes source, Support note 2827611.1 12/14/21
Oracle Oracle WebCenter Portal Unknown Fixed Yes source, Support note 2827611.1 12/14/21
Oracle Oracle Data Integrator (ODI) Unknown Fixed Yes source, Support note 2827611.1, Support Note 2827793.1 [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) 12/14/21
Oracle Oracle WebCenter Sites Unknown Fixed Yes source, Support note 2827611.1, Support Note 2827793.1 [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) 12/14/21
Oracle Oracle Enterprise Repository Unknown Fixed Yes source, Support note 2827611.1, Support Note 2827793.1 [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) 12/14/21
Oracle Oracle JDeveloper Unknown Fixed Yes source, Support note 2827611.1, Support Note 2827793.1 [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) 12/14/21
openHAB openHAB 3.0.4, 3.1.1 Fixed Yes source 12/14/21
OTRS All products Fixed Yes source 12/14/21
OWASP ZAP < 2.11.1 Fixed Yes source 12/14/21
PagerDuty Rundeck 3.3+ Fixed Yes source No statement from PagerDuty yet. 12/14/21
Palo Alto WildFire Appliance Fixed Yes source 12/14/21
Palo Alto Prisma Cloud Compute Fixed Yes source 12/14/21
Palo Alto Prisma Cloud Fixed Yes source 12/14/21
Palo Alto PAN-OS Fixed Yes source 12/14/21
Palo Alto GlobalProtect App Fixed Yes source 12/14/21
Palo Alto Cortex XSOAR Fixed Yes source 12/14/21
Palo Alto Cortex XDR Agent Fixed Yes source 12/14/21
Palo Alto CloudGenix Fixed Yes source 12/14/21
Palo Alto Bridgecrew Fixed Yes source 12/14/21
PaperCut PaperCut MF >= 21.0 Fixed Yes source 12/14/21
PaperCut PaperCut NG >= 21.0 Fixed Yes source 12/14/21
PaperCut PaperCut Hive Fixed Yes source 12/14/21
PaperCut PaperCut Pocket Fixed Yes source 12/14/21
PaperCut PaperCut Views Fixed Yes source 12/14/21
PaperCut PaperCut Print Logger Fixed Yes source 12/14/21
PaperCut PaperCut MobilityPrint Fixed Yes source 12/14/21
PaperCut PaperCut MultiVerse Fixed Yes source 12/14/21
PaperCut PaperCut Online Services Fixed Yes source 12/14/21
Parallels Remote Application Server All versions Fixed Yes source 12/14/21
Pega Pega Platform On Prem Fixed Yes source 12/14/21
Planon Software Planon Universe all Fixed Yes source 12/14/21
Plex Industrial IoT Fixed Yes source Mitigation already applied, patch will be issued today 12/14/21
Postgres PostgreSQL JDBC Fixed Yes source 12/14/21
Progress OpenEdge Fixed Yes source, mitigations 12/14/21
Progress DataDirect Hybrid Data Pipeline Fixed Yes source, mitigations 12/14/21
Portex Portex <3.0.2 Fixed Yes source 12/14/21
Pulse Secure Pulse Secure Virtual Traffic Manager Fixed Yes source 12/14/21
Pulse Secure Pulse Secure Services Director Fixed Yes source 12/14/21
Pulse Secure Pulse Secure Web Application Firewall Fixed Yes source 12/14/21
Pulse Secure Pulse Connect Secure Fixed Yes source 12/14/21
Pulse Secure Ivanti Connect Secure (ICS) Fixed Yes source 12/14/21
Pulse Secure Pulse Policy Secure Fixed Yes source 12/14/21
Pulse Secure Pulse Desktop Client Fixed Yes source 12/14/21
Pulse Secure Pulse Mobile Client Fixed Yes source 12/14/21
Pulse Secure Pulse One Fixed Yes source 12/14/21
Pulse Secure Pulse ZTA Fixed Yes source 12/14/21
Pulse Secure Ivanti Neurons for ZTA Fixed Yes source 12/14/21
Pulse Secure Ivanti Neurons for secure Access Fixed Yes source 12/14/21
Puppet Continuous Delivery for Puppet Enterprise 3.x, < 4.10.2 Fixed Yes source, workaround,mitigations Update available for version 4.x, mitigations for 3.x which is EOL 12/14/21
Puppet Puppet agents Fixed Yes source 12/14/21
Puppet Puppet Enterprise Fixed Yes source 12/14/21
PTV xServer internet 1 / PTV xServer internet 2 PTV xServer internet 1 / PTV xServer internet 2 Unknown Fixed Yes source 12/14/21
PTV TLN planner internet PTV TLN planner internet Unknown Fixed Yes source 12/14/21
PTV Route Optimizer SaaS / Demonstrator PTV Route Optimizer SaaS / Demonstrator Unknown Fixed Yes source 12/14/21
PTV Developer PTV Developer Unknown Fixed Yes source 12/14/21
PTV Visum Publisher PTV Visum Publisher Unknown Fixed Yes source 12/14/21
PTV xServer 2.x (on prem) PTV xServer 2.x (on prem) Unknown Fixed Yes source 12/14/21
PTV xServer 1.34 (on prem) PTV xServer 1.34 (on prem) Unknown Fixed Yes source 12/14/21
PTV MaaS Modeller PTV MaaS Modeller Unknown Fixed Yes source 12/14/21
PTV Route Optimiser CL PTV Route Optimiser CL Unknown Fixed Yes source 12/14/21
PTV Route Optimiser ST PTV Route Optimiser ST Unknown Fixed Yes source 12/14/21
PTV Map&Market PTV Map&Market Unknown Fixed Yes source 12/14/21
PTV Arrival Board / Trip Creator / EM Portal PTV Arrival Board / Trip Creator / EM Portal Unknown Fixed Yes source 12/14/21
PTV Drive&Arrive PTV Drive&Arrive Unknown Fixed Yes source 12/14/21
PTV xServer < 1.34 (on prem) PTV xServer < 1.34 (on prem) Unknown Fixed Yes source 12/14/21
PTV Road Editor PTV Road Editor Unknown Fixed Yes source 12/14/21
PTV Map&Guide internet PTV Map&Guide internet Unknown Fixed Yes source 12/14/21
PTV Map&Guide intranet PTV Map&Guide intranet Unknown Fixed Yes source 12/14/21
PTV Navigator Licence Manager PTV Navigator Licence Manager Unknown Fixed Yes source 12/14/21
PTV Navigator App PTV Navigator App Unknown Fixed Yes source 12/14/21
PTV Drive&Arrive App PTV Drive&Arrive App Unknown Fixed Yes source 12/14/21
PTV Visum PTV Visum Unknown Fixed Yes source 12/14/21
PTV Vissim PTV Vissim Unknown Fixed Yes source 12/14/21
PTV Vistro PTV Vistro Unknown Fixed Yes source 12/14/21
PTV Viswalk PTV Viswalk Unknown Fixed Yes source 12/14/21
PTV Balance and PTV Epics PTV Balance and PTV Epics Unknown Fixed Yes source 12/14/21
PTV Hyperpath PTV Hyperpath Unknown Fixed Yes source 12/14/21
PTV TRE and PTV Tre-Addin PTV TRE and PTV Tre-Addin Unknown Fixed Yes source 12/14/21
PTV Optima PTV Optima Unknown Fixed Yes source 12/14/21
QlikTech International Compose Fixed Yes source 12/14/21
QlikTech International Nprinting Fixed Yes source 12/14/21
QlikTech International QEM products Fixed Yes source 12/14/21
QlikTech International Qlik Replicate Fixed Yes source 12/14/21
QlikTech International Qlik Sense Enterprise Fixed Yes source 12/14/21
QlikTech International QlikView Fixed Yes source 12/14/21
QOS.ch SLF4J Simple Logging Facade for Java Fixed Yes source SLF4J API doesn't protect against the vulnerability when using a vulnerable version of log4j 12/14/21
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto Fixed Yes source 12/14/21
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive Fixed Yes source 12/14/21
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6 Fixed Yes source 12/14/21
Red Hat Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5 Fixed Yes source 12/14/21
Red Hat Red Hat OpenStack Platform 13 (Queens) opendaylight Fixed Yes source 12/14/21
Red Hat Red Hat OpenShift Logging logging-elasticsearch6-container Fixed Yes source 12/14/21
Red Hat Red Hat build of Quarkus Fixed Yes source 12/14/21
Red Hat Red Hat Descision Manager 7 Fixed Yes source 12/14/21
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack Fixed Yes source 12/14/21
Red Hat Red Hat Process Automation 7 Fixed Yes source 12/14/21
Red Hat A-MQ Clients 2 Fixed Yes source 12/14/21
Red Hat Red Hat CodeReady Studio 12 Fixed Yes source 12/14/21
Red Hat Red Hat Data Grid 8 Fixed Yes source 12/14/21
Red Hat Red Hat Integration Camel K Fixed Yes source 12/14/21
Red Hat Red Hat Integration Camel Quarkus Fixed Yes source 12/14/21
Red Hat Red Hat JBoss A-MQ Streaming Fixed Yes source 12/14/21
Red Hat Red Hat JBoss Fuse 7 Fixed Yes source 12/14/21
Red Hat Red Hat OpenShift Application Runtimes Fixed Yes source 12/14/21
Red Hat Red Hat Single Sign-On 7 Fixed Yes source 12/14/21
Red Hat Red Hat JBoss Enterprise Application Platform 6 Fixed Yes source 12/14/21
Redis Redis Enterprise & Open Source all Fixed Yes source Redis Enterprise and Open Source Redis (self-managed software product) does not use Java and is therefore not impacted by this vulnerability 12/14/21
RSA SecurID Authentication Manager Fixed Yes source Version 8.6 Patch 1 contains a version of log4j that is vulnerable, but this vulnerability is not exploitable. 12/14/21
RSA SecurID Authentication Manager Prime Fixed Yes source 12/14/21
RSA SecurID Authentication Manager WebTier Fixed Yes source 12/14/21
RSA SecurID Identity Router (On-Prem component of Cloud Authentication Service) Fixed Yes source 12/14/21
RSA SecurID Governance and Lifecycle (SecurID G&L) Fixed Yes source 12/14/21
RSA SecurID Governance and Lifecycle Cloud (SecurID G&L Cloud) Fixed Yes source 12/14/21
Safe FME Server Fixed Yes source 12/14/21
Salesforce All products Fixed Yes source 12/14/21
SAS Institute JMP Fixed Yes source 12/14/21
SAS Institute SAS Profile Fixed Yes source 12/14/21
SAS Institute SAS Cloud Solutions Fixed Yes source 12/14/21
Security Onion Solutions Security Onion 2.3.90 20211210 Fixed Yes source 12/14/21
Shibboleth Shibboleth IdP/SP Fixed Yes source 12/14/21
SolarWinds Database Performance Analyzer 2021.1.x, 2021.3.x, 2022.1.x Fixed Yes source, workaround 12/14/21
SolarWinds Server & Application Monitor >= 2020.2.6 Fixed Yes source, workaround 12/14/21
SolarWinds Orion Platform core Fixed Yes source 12/14/21
SonarSource SonarQube Fixed Yes source 12/14/21
SonarSource SonarCloud Fixed Yes source 12/14/21
SonicWall Gen5 Firewalls (EOS) Fixed Yes source 12/14/21
SonicWall Gen6 Firewalls Fixed Yes source 12/14/21
SonicWall Gen7 Firewalls Fixed Yes source 12/14/21
SonicWall SonicWall Switch Fixed Yes source 12/14/21
SonicWall SMA 100 Fixed Yes source 12/14/21
SonicWall SMA 1000 12.1.0, 12.4.1 Fixed Yes source 12/14/21
SonicWall Email Security 10.x Fixed Yes source 12/14/21
SonicWall MSW Fixed Yes source 12/14/21
SonicWall NSM Fixed Yes source 12/14/21
SonicWall Analyzer Fixed Yes source 12/14/21
SonicWall Analytics Fixed Yes source 12/14/21
SonicWall GMS Fixed Yes source 12/14/21
SonicWall Capture Client & Capture Client Portal Fixed Yes source 12/14/21
SonicWall CAS Fixed Yes source 12/14/21
SonicWall WAF Fixed Yes source 12/14/21
SonicWall Access Points Fixed Yes source 12/14/21
SonicWall WNM Fixed Yes source 12/14/21
SonicWall Capture Security Appliance Fixed Yes source 12/14/21
SonicWall WXA Fixed Yes source 12/14/21
SonicWall SonicCore Fixed Yes source 12/14/21
Sophos Sophos Central Fixed Yes source 12/14/21
Sophos Sophos Firewall All Fixed Yes source 12/14/21
Sophos SG UTM All Fixed Yes source 12/14/21
Sophos SG UTM Manager (SUM) All Fixed Yes source 12/14/21
Sophos Sophos ZTNA Fixed Yes source 12/14/21
Sophos Cloud Optix Fixed Yes source 12/14/21
Sophos Sophos Home Fixed Yes source 12/14/21
Sophos Sophos Mobile Fixed Yes source 12/14/21
Sophos Sophos Mobile EAS Proxy 9.7.2 Fixed Yes source 12/14/21
Sophos Reflexion Fixed Yes source 12/14/21
Splunk Add-On: Java Management Extensions 3.0.0, 2.1.0 Fixed Yes source 12/14/21
Splunk Add-On: JBoss 3.0.0, 2.1.0 Fixed Yes source 12/14/21
Splunk Add-On: Tomcat 3.0.0, 2.1.0 Fixed Yes source 12/14/21
Splunk Data Stream Processor DSP 1.0.x, DSP 1.1.x, DSP 1.2.x Fixed Yes source 12/14/21
Splunk IT Service Intelligence (ITSI) 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x Fixed Yes source 12/14/21
Splunk Splunk Connect for Kafka <2.0.4 Fixed Yes source 12/14/21
Splunk Splunk Enterprise All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used. Fixed Yes source 12/14/21
Splunk Splunk Enterprise Amazon Machine Image (AMI) see Splunk Enterprise Fixed Yes source 12/14/21
Splunk Splunk Enterprise Docker Container see Splunk Enterprise Fixed Yes source 12/14/21
Splunk Splunk Logging Library for Java <1.11.1 Fixed Yes source 12/14/21
Splunk Stream Processor Service Current Fixed Yes source 12/14/21
Splunk Admin Config Service all Fixed Yes source 12/14/21
Splunk Analytics Workspace all Fixed Yes source 12/14/21
Splunk Behavior Analytics all Fixed Yes source 12/14/21
Splunk Dashboard Studio all Fixed Yes source 12/14/21
Splunk Developer Tools: AppInspect all Fixed Yes source 12/14/21
Splunk Enterprise Security all Fixed Yes source 12/14/21
Splunk Intelligence Management (TruSTAR) all Fixed Yes source 12/14/21
Splunk KV Service all Fixed Yes source 12/14/21
Splunk Mission Control all Fixed Yes source 12/14/21
Splunk MLTK all Fixed Yes source 12/14/21
Splunk Operator for Kubernetes all Fixed Yes source 12/14/21
Splunk Security Analytics for AWS all Fixed Yes source 12/14/21
Splunk SignalFx Smart Agent all Fixed Yes source 12/14/21
Splunk SOAR Cloud (Phantom) all Fixed Yes source 12/14/21
Splunk SOAR (On-Premises) all Fixed Yes source 12/14/21
Splunk Splunk Application Performance Monitoring all Fixed Yes source 12/14/21
Splunk Splunk Augmented Reality all Fixed Yes source 12/14/21
Splunk Splunk Cloud Data Manager (SCDM) all Fixed Yes source 12/14/21
Splunk Splunk Connect for Kubernetes all Fixed Yes source 12/14/21
Splunk Splunk Connect for SNMP all Fixed Yes source 12/14/21
Splunk Splunk Connect for Syslog all Fixed Yes source 12/14/21
Splunk Splunk DB Connect all Fixed Yes source 12/14/21
Splunk Splunk Enterprise Cloud all Fixed Yes source 12/14/21
Splunk Splunk Heavyweight Forwarder (HWF) all Fixed Yes source 12/14/21
Splunk Splunk Infrastructure Monitoring all Fixed Yes source 12/14/21
Splunk Splunk Log Observer all Fixed Yes source 12/14/21
Splunk Splunk Mint all Fixed Yes source 12/14/21
Splunk Splunk Mobile all Fixed Yes source 12/14/21
Splunk Splunk Network Performance Monitoring all Fixed Yes source 12/14/21
Splunk Splunk On-Call/Victor Ops all Fixed Yes source 12/14/21
Splunk Splunk Open Telemetry Distributions all Fixed Yes source 12/14/21
Splunk Splunk Profiling all Fixed Yes source 12/14/21
Splunk Splunk Real User Monitoring all Fixed Yes source 12/14/21
Splunk Splunk Secure Gateway (Spacebridge) all Fixed Yes source 12/14/21
Splunk Splunk Synthetics all Fixed Yes source 12/14/21
Splunk Splunk TV all Fixed Yes source 12/14/21
Splunk Splunk Universal Forwarder (UF) all Fixed Yes source 12/14/21
Splunk Splunk User Behavior Analytics (UBA) all Fixed Yes source 12/14/21
Stardog Stardog <7.8.1 Fixed Yes source 12/14/21
Synacor Zimbra 8.8.15 and 9.x Fixed Yes source Zimbra stated (in their private support portal) they're not vulnerable. Currently supported Zimbra versions ship 1.2.6 12/14/21
Synology DSM Fixed Yes source The base DSM is not affected. Software installed via the package manager may be vulnerable. 12/14/21
Talend Talend Component Kit Fixed Yes source 12/14/21
Tealium All products Fixed Yes source 12/14/21
TheHive Cortex all Fixed Yes source 12/14/21
TheHive TheHive all Fixed Yes source 12/14/21
Topicus Security Topicus KeyHub all Fixed Yes source 12/14/21
TrendMicro ActiveUpdate Fixed Yes source 12/14/21
TrendMicro Apex Central (including as a Service) Fixed Yes source 12/14/21
TrendMicro Apex One (all versions including Mac and Saas) Fixed Yes source 12/14/21
TrendMicro Cloud App Security Fixed Yes source 12/14/21
TrendMicro Cloud Edge Fixed Yes source 12/14/21
TrendMicro Cloud One - Application Security Fixed Yes source 12/14/21
TrendMicro Cloud One - Common Services Fixed Yes source 12/14/21
TrendMicro Cloud One - Conformity Fixed Yes source 12/14/21
TrendMicro Cloud One - Container Security Fixed Yes source 12/14/21
TrendMicro Cloud One - File Storage Security Fixed Yes source 12/14/21
TrendMicro Cloud One - Network Security Fixed Yes source 12/14/21
TrendMicro Cloud One - Workload Secuity Fixed Yes source 12/14/21
TrendMicro Cloud Sandbox Fixed Yes source 12/14/21
TrendMicro Deep Discovery Advisor Fixed Yes source 12/14/21
TrendMicro Deep Discovery Analyzer Fixed Yes source 12/14/21
TrendMicro Deep Discovery Director Fixed Yes source 12/14/21
TrendMicro Deep Discovery Email Inspector Fixed Yes source 12/14/21
TrendMicro Deep Discovery Inspector Fixed Yes source 12/14/21
TrendMicro Deep Discovery Web Inspector Fixed Yes source 12/14/21
TrendMicro Deep Security Fixed Yes source 12/14/21
TrendMicro Endpoint Application Control Fixed Yes source 12/14/21
TrendMicro Fraudbuster Fixed Yes source 12/14/21
TrendMicro Home Network Security Fixed Yes source 12/14/21
TrendMicro Housecall Fixed Yes source 12/14/21
TrendMicro Instant Messaging Security Fixed Yes source 12/14/21
TrendMicro Internet Security for Mac (Consumer) Fixed Yes source 12/14/21
TrendMicro Interscan Messaging Security Fixed Yes source 12/14/21
TrendMicro Interscan Messaging Security Virtual Appliance (IMSVA) Fixed Yes source 12/14/21
TrendMicro Interscan Web Security Suite Fixed Yes source 12/14/21
TrendMicro Interscan Web Security Virtual Appliance (IWSVA) Fixed Yes source 12/14/21
TrendMicro Mobile Secuirty for Enterprise Fixed Yes source 12/14/21
TrendMicro MyAccount (Consumer Sign-on) Fixed Yes source 12/14/21
TrendMicro Network Viruswall Fixed Yes source 12/14/21
TrendMicro OfficeScan Fixed Yes source 12/14/21
TrendMicro Password Manager Fixed Yes source 12/14/21
TrendMicro Phish Insight Fixed Yes source 12/14/21
TrendMicro Policy Manager Fixed Yes source 12/14/21
TrendMicro Portable Security Fixed Yes source 12/14/21
TrendMicro PortalProtect Fixed Yes source 12/14/21
TrendMicro Remote Manager Fixed Yes source 12/14/21
TrendMicro Rescue Disk Fixed Yes source 12/14/21
TrendMicro Rootkit Buster Fixed Yes source 12/14/21
TrendMicro Safe Lock Fixed Yes source 12/14/21
TrendMicro Safe Lock 2.0 Fixed Yes source 12/14/21
TrendMicro Sandbox as a Service Fixed Yes source 12/14/21
TrendMicro ScanMail for Domino Fixed Yes source 12/14/21
TrendMicro ScanMail for Exchange Fixed Yes source 12/14/21
TrendMicro Secuirty for Mac Fixed Yes source 12/14/21
TrendMicro Security for NAS Fixed Yes source 12/14/21
TrendMicro ServerProtect (all versions) Fixed Yes source 12/14/21
TrendMicro Smart Home Network Fixed Yes source 12/14/21
TrendMicro Smart Protection Complete Fixed Yes source 12/14/21
TrendMicro Smart Protection for Endpoints Fixed Yes source 12/14/21
TrendMicro Smart Protection Server (SPS) Fixed Yes source 12/14/21
TrendMicro TippingPoint (all variations) Fixed Yes source 12/14/21
TrendMicro TMUSB Fixed Yes source 12/14/21
TrendMicro Trend Micro Email Security & HES Fixed Yes source 12/14/21
TrendMicro Trend Micro ID Security Fixed Yes source 12/14/21
TrendMicro Trend Micro Remote Manager Fixed Yes source 12/14/21
TrendMicro Trend Micro Web Security Fixed Yes source 12/14/21
TrendMicro Vision One Fixed Yes source 12/14/21
TrendMicro Vulnerability Protection Fixed Yes source 12/14/21
TrendMicro Worry-Free Business Security (on-prem) Fixed Yes source 12/14/21
TrendMicro Worry-Free Business Security Services Fixed Yes source 12/14/21
Ubiquiti UniFi Network Application 6.5.54 Fixed Yes source 12/14/21
US Signal Remote Management and Monitoring platform Fixed Yes source 12/14/21
USoft USoft 9.1.1F Fixed Yes proof Found by manual scanning 12/14/21
Veeam All products Fixed Yes source Veeam is still investigating, but it looks like the Veeam products don't use log4j 12/14/21
VMware API Portal for VMware Tanzu 1.x Fixed Yes source 12/14/21
VMware AppDefense Appliance 2.x Fixed Yes source, workaround 12/14/21
VMware App Metrics 2.1.1 Fixed Yes source, fix 12/14/21
VMware Carbon Black Cloud Workload Appliance 1.x Fixed Yes source, workaround 12/14/21
VMware Carbon Black EDR Server 7.x, 6.x Fixed Yes source, workaround, fix Fixed in 7.6.0 12/14/21
VMware Cloud Foundation 4.x, 3.x Fixed Yes source, workaround 12/14/21
VMware Cloud Gateway for VMware Tanzu 1.x Fixed Yes source 12/14/21
VMware Cloud Services for VMware Tanzu 3.x Fixed Yes source 12/14/21
VMware HCX 4.x, 3.x Fixed Yes source
12/14/21
VMware Healthwatch for Tanzu Application Service 2.1.7, 1.8.6 Fixed Yes source, fix 12/14/21
VMware Horizon 8.x, 7.x Fixed Yes source, workaround 12/14/21
VMware Horizon Cloud Connector 1.x, 2.x Fixed Yes source, fix 12/14/21
VMware Horizon DaaS 9.1.x, 9.0.x Fixed Yes source, workaround 12/14/21
VMware Identity Manager 3.3.x Fixed Yes source, workaround 12/14/21
VMware NSX Data Center for vSphere 6.x Fixed Yes source, workaround 12/14/21
VMware NSX-T Data Center 3.x, 2.x Fixed Yes source, workaround 12/14/21
VMware Single Sign-On for VMware Tanzu Application Service 1.x Fixed Yes source 12/14/21
VMware Site Recovery Manager 8.x Fixed Yes source, workaround 12/14/21
VMware Spring Boot < 2.5.8, < 2.6.2 Fixed Yes source 12/14/21
VMware Spring Cloud Gateway for Kubernetes 1.x Fixed Yes source 12/14/21
VMware Tanzu Application Service for VMs 2.x Fixed Yes source, workaround, fix 12/14/21
VMware Tanzu GemFire 8.x Fixed Yes source, workaround 12/14/21
VMware Tanzu Greenplum 6.x Fixed Yes source, workaround 12/14/21
VMware Tanzu Kubernetes Grid Integrated Edition 2.x Fixed Yes source, workaround 12/14/21
VMware Tanzu Observability by Wavefront Nozzle 3.0.3 Fixed Yes source, fix 12/14/21
VMware Tanzu Operations Manager 2.x Fixed Yes source, workaround, fix 12/14/21
VMware Tanzu SQL with MySQL for VMs 2.x, 1.x Fixed Yes source 12/14/21
VMware Telco Cloud Automation 2.x, 1.x Fixed Yes source 12/14/21
VMware Unified Access Gateway 21.x, 20.x, 3.x Fixed Yes source, workaround 12/14/21
VMware vCenter Cloud Gateway 1.x Fixed Yes source, workaround 12/14/21
VMware vCenter Server 6.x Fixed Yes source, workaround Running on: Windows 12/14/21
VMware vCenter Server 7.x, 6.x Fixed Yes source, workaround Running on: Virtual Appliance 12/14/21
VMware vCloud Director all Fixed Yes source
12/14/21
VMware vCloud Workstation all Fixed Yes source
12/14/21
VMware vRealize Automation 8.x, 7.x Fixed Yes source 12/14/21
VMware vRealize Lifecycle Manager 8.x Fixed Yes source, workaround 12/14/21
VMware vRealize Log Insight 8.x Fixed Yes source, workaround 12/14/21
VMware vRealize Operations 8.x Fixed Yes source, workaround 12/14/21
VMware vRealize Operations Cloud Proxy Any Fixed Yes source, workaround 12/14/21
VMware vRealize Orchestrator 8.x, 7.x Fixed Yes source 12/14/21
VMware vSphere ESXi Unknown Fixed Yes source 12/14/21
VMware Workspace ONE Access 21.x, 20.x Fixed Yes source, workaround 12/14/21
VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 19.03.0.1, 20.x, 21.x Fixed Yes source, workaround 12/14/21
Watcher Watcher all Fixed Yes source
12/14/21
Wind River Wind River Linux <= 8 Fixed Yes source "contain package log4j, but their version is 1.2.x, too old to be affected" 12/14/21
Wind River Wind River Linux > 8 Fixed Yes source no support for log4j 12/14/21
WitFoo WitFoo Precinct 6.x Fixed Yes source WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable 12/14/21
Wowza Wowza Streaming Engine 4.7.8, 4.8.x Fixed Yes source 12/14/21
Yahoo Vespa Fixed Yes source Your Vespa application may still be affected if log4j is included in your application package 12/14/21
Zabbix Zabbix Fixed Yes source Zabbix is aware of this vulnerability, has completed verification, and can conclude that the only product where we use Java is Zabbix Java Gateway, which does not utilize the log4j library, thereby is not impacted by this vulnerability. 12/14/21
Zammad Zammad Fixed Yes source Most of Zammad instances make use of Elasticsearch which might be vulnerable. 12/14/21
Zerto Virtual Replication Appliance Fixed Yes source 12/14/21
Zerto Zerto Cloud Appliance Fixed Yes source 12/14/21
Zerto Zerto Cloud Manager Fixed Yes source 12/14/21
Zerto Zerto Virtual Manager Fixed Yes source 12/14/21
Zesty Zesty.io Fixed Yes source 12/14/21