mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-18 23:07:54 +00:00
31 lines
2 KiB
Markdown
31 lines
2 KiB
Markdown
# CISA Log4j (CVE-2021-44228) Vulnerability Guidance
|
|
|
|
This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the [official Apache release](https://logging.apache.org/log4j/2.x/security.html) and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
|
|
</br>
|
|
</br>
|
|
**Official CISA Guidance & Resources:**
|
|
</br>
|
|
CISA Director Jen Easterly's Statement: [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability).
|
|
</br> CISA Current Activity Alert: [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)
|
|
</br>
|
|
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
|
|
</br>
|
|
</br>
|
|
CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability.
|
|
|
|
# Status
|
|
|
|
|Status| Description |
|
|
|------|-------------|
|
|
| Unknown | Status unknown. Default choice. |
|
|
| Affected| Reported to be affected by CVE-2021-44228. |
|
|
| Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
|
|
| Fixed | Patch and/or mitigations available (see provided links). |
|
|
| Under Investigation | Vendor investigating status. |
|
|
|
|
# Software List
|
|
|
|
| Vendor | Product | Version | Status | Update Available | Notes | References | Last Updated |
|
|
|:--------------|:----------------|:---------------:|:---------------:|:-----------------|-----------------------|:-------|--------------:|
|
|
| Sample-Vendor | Product-A | 1.15.0 | Affected | Yes/No [Link]() | <Statement by vendor, vuln note, etc.>| [Link Here]() | 12/11/2021|
|