.github | ||
.gitignore | ||
.mdl_config.yaml | ||
.pre-commit-config.yaml | ||
.prettierignore | ||
.yamllint | ||
CONTRIBUTING.md | ||
LICENSE | ||
README.md |
CISA Log4j (CVE-2021-44228) Vulnerability Guidance
This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
Official CISA Guidance & Resources
- CISA Apache Log4j Vulnerability Guidance
- Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alerts
- Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
- CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
National Vulnerability Database (NVD) Information: CVE-2021-44228
CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open an issue here. We have a template available for your submission. Please also feel free to submit a pull request.
Mitigation Guidance
CISA urges organizations operating products marked as "Fixed" to immediately implement listed patches/mitigations here.
CISA urges organizations operating products marked as "Not Fixed" to immediately implement alternate controls, including:
- Install a WAF with rules that automatically update.
- Set
log4j2.formatMsgNoLookups
to true by adding-Dlog4j2.formatMsgNoLookups=True
to the Java Virtual Machine command for starting your application. - Ensure that any alerts from a vulnerable device are immediately actioned.
- Report incidents promptly to CISA and/or the FBI here.
Status Descriptions
Status | Description |
---|---|
Unknown | Status unknown. Default choice. |
Affected | Reported to be affected by CVE-2021-44228. |
Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
Fixed | Patch and/or mitigations available (see provided links). |
Under Investigation | Vendor investigating status. |
Software List
This list was initially populated using information from the following sources:
- Kevin Beaumont
| ExtraHop | Reveal(x) | <=8.4.6, <=8.5.3, <=8.6.4 | Affected | Yes | ExtraHop Statement| Contains vulnerable code but not likely to get unauthenticated user input to the log4j component. ||12/14/2021| | FedEx | Ship Manager Software | Unknown | Affected/Under Investigation | | FedEx Statement|Note: FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.||12/15/2021| | F-Secure | Endpoint Proxy | 13-15 | Affected | Yes | F-Secure services Status - 0-day exploit found in the Java logging package log4j2 | | | | | F-Secure | Policy Manager | 13-15 | Affected | Yes | F-Secure services Status - 0-day exploit found in the Java logging package log4j2 | | | | | F-Secure| Policy Manager Proxy | 13-15 | Affected | Yes | F-Secure services Status - 0-day exploit found in the Java logging package log4j2 | | | | | F-Secure | Elements Connector | | Affected | Yes | The Log4J Vulnerability (CVE-2021-44228) – which F-Secure products are affected, what it means, what steps should you take - F-Secure Community | | | | | F-Secure | Messaging Security Gateway | | Affected | Yes | The Log4J Vulnerability (CVE-2021-44228) – which F-Secure products are affected, what it means, what steps should you take - F-Secure Community | | | | | Forcepoint | DLP Manager | | Affected | | Login (forcepoint.com) | | | | | Forcepoint | Security Manager (Web, Email and DLP) | | Affected | | Login (forcepoint.com) | | | | | Forcepoint | Forcepoint Cloud Security Gateway (CSG) | | Not Affected | | Login (forcepoint.com) | | | | | Forcepoint | Next Generation Firewall (NGFW) | | Not Affected | | Login (forcepoint.com) | | | | | Forcepoint | Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder | | Not Affected | | Login (forcepoint.com) | | | | | Forcepoint | One Endpoint | | Not Affected | | Login (forcepoint.com) | | | | | ForgeRock | Autonomous Identity | | Affected | | Security Advisories - Knowledge - BackStage (forgerock.com) | all other ForgeRock products Not vulnerable | | | | Fortinet | FortiAIOps | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiCASB | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiConvertor | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiEDR Cloud | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiNAC | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiNAC | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiPolicy | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiPortal | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiSIEM | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiSOAR | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | ShieldX | | Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiAnalyzer Cloud | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiAnalyzer | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiAP | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiAuthenticator | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiDeceptor | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiEDR Agent | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiGate Cloud | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiGSLB Cloud | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiMail | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiManager Cloud | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiManager | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiOS (includes FortiGate & FortiWiFi) | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiPhish Cloud | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiRecorder | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiSwicth Cloud in FortiLANCloud | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiSwitch & FortiSwitchManager | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiToken Cloud | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiVoice | | Not Affected | | PSIRT Advisories FortiGuard | | | | | Fortinet | FortiWeb Cloud | | Not Affected | | PSIRT Advisories FortiGuard | | || | FusionAuth | FusionAuth | 1.32 | Not Affected | | log4j CVE: How it affects FusionAuth (TLDR: It doesn't) - FusionAuth | | | | | Gradle | Gradle | | Not Affected | No | Gradle Blog - Dealing with the critical Log4j vulnerability | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | | | Gradle | Gradle Enterprise | < 2021.3.6 | Affected | Yes | Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2 | | | | | Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | Affected | Yes | Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2 | | | | | Gradle | Gradle Enterprise Build Cache Node | < 10.1 | Affected | Yes | Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2 | | | | |IBM|Cognos Controller|10.4.2|Affected|Yes|Security Bulletin: IBM Cognos Controller 10.4.2 IF15: Apache log4j Vulnerability (CVE-2021-44228)|||12/15/2021| |IBM|Planning Analytics Workspace|>2.0.57|Affected|Yes|Security Bulletin: IBM Planning Analytics 2.0: Apache log4j Vulnerability (CVE-2021-44228)|||12/15/2021| |IBM|Power HMC|V9.2.950.0 & V10.1.1010.0|Affected|Yes|Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC|||12/15/2021| |IBM|App ID||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Certificate Manager||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Cloud Object Storage||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Cloud Object Storage||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Cloudant||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Container Registry||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Container Security Services||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Continuous Delivery||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Hyper Protect DBaaS for MongoDB||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Hyper Protect DBaaS for PostgreSQL||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Hyper Protect Virtual Server||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Internet Services||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Knowledge Studio||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Managed VMware Service||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Natural Language Understanding||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|VMware Solutions||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|VMware vCenter Server||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|VMware vSphere||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|vRealize Operations and Log Insight||Affected|Yes|An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Analytics Engine ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|App Configuration ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|App Connect ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Application Gateway||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Aspera||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Aspera Endpoint||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Aspera Enterprise||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Aspera fasp.io||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Bare Metal Servers ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Block Storage ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Block Storage for VPC ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Block Storage Snapshots for VPC ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Case Manager||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Client VPN for VPC ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Cloud Activity Tracker ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Cloud Backup ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Cloud Monitoring ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Code Engine ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Cognos Command Center||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Cognos Integration Server||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Compose Enterprise ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Compose for Elasticsearch ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Compose for etcd ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Compose for MongoDB ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Compose for MySQL ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Compose for PostgreSQL ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Compose for RabbitMQ ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Compose for Redis ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Compose for RethinkDB ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Compose for ScyllaDB ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Content Delivery Network ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Copy Services Manager||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Databases for DataStax ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Databases for EDB ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Databases for Elasticsearch ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Databases for etcd ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Databases for MongoDB ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Databases for PostgreSQL ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Databases for Redis ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Datapower Gateway||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Dedicated Host for VPC ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Direct Link Connect ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Direct Link Connect on Classic ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Direct Link Dedicated (2.0) ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Direct Link Dedicated Hosting on Classic ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Direct Link Dedicated on Classic ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Direct Link Exchange on Classic ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|DNS Services ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Emptoris Contract Management||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Emptoris Program Management||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Emptoris Sourcing||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Emptoris Spend Analysis||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Emptoris Supplier Lifecycle Management||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Enterprise Tape Controller Model C07 (3592) (ETC)||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Event Notifications||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Event Streams ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|File Storage||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Flash System 900 (& 840)||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Flow Logs for VPC ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Functions ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|GSKit||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Guardium S-TAP for Data Sets on z/OS||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Guardium S-TAP for DB2 on z/OS||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Guardium S-TAP for IMS on z/OS||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Hyper Protect Crypto Services ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|i2 Analyst’s Notebook||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|i2 Base||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM Application Runtime Expert for i||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM Backup, Recovery and Media Services for i||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM Db2 Mirror for i||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM HTTP Server||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM i Portfolio of products under the Group SWMA||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM i Access Family||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM PowerHA System Mirror for i||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM Sterling Connect:Direct Browser User Interface||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM Sterling Connect:Direct for HP NonStop||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM Sterling Connect:Direct for i5/OS||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM Sterling Connect:Direct for OpenVMS||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM Sterling Connect:Express for Microsoft Windows||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM Sterling Connect:Express for UNIX||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|IBM Sterling Connect:Express for z/OS||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Key Lifecyle Manager for z/OS||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Key Protect ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Kubernetes Service ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Load Balancer for VPC ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Log Analysis ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Mass Data Migration ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Maximo EAM SaaS||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Message Hub||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|MQ Appliance||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|MQ on IBM Cloud||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|OmniFind Text Search Server for DB2 for i||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|OPENBMC||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|PowerSC||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|PowerVM Hypervisor||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|PowerVM VIOS||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|QRadar Advisor||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Qradar Network Threat Analytics||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|QRadar SIEM||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Quantum Services||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Rational Developer for AIX and Linux||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Rational Developer for i||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Red Hat OpenShift on IBM Cloud ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Robotic Process Automation||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|SAN Volume Controller and Storwize Family||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Satellite Infrastructure Service ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Schematics ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Secrets Manager ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Secure Gateway ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Archive Library Edition||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Discover||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect Client Management Service||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect for Databases: Data Protection for Oracle||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect for Databases: Data Protection for SQL||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect for Enterprise Resource Planning||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect for Mail: Data Protection for Domino||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect for Mail: Data Protection for Exchange||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect for Workstations||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect for z/OS USS Client and API||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect Plus Db2 Agent||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect Plus Exchange Agent||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect Plus File Systems Agent||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect Plus MongoDB Agent||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect Plus O365 Agent||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect Server||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect Snapshot for UNIX||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Spectrum Protect Snapshot for UNIX||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|SQL Query ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Gentran||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Order Management||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Pack for ACORD||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Pack for Financial Services||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Pack for FIX||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Pack for NACHA||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Pack for PeopleSoft||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Pack for SAP R/3||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Pack for SEPA||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Pack for Siebel||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Pack for SWIFT||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Packs for EDI||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Packs for Healthcare||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Sterling Transformation Extender Trading Manager||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Storage TS1160||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Storage TS2280||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Storage TS2900 Library||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Storage TS3100-TS3200 Library||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Storage TS4500 Library||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Storage Virtualization Engine TS7700||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Tape System Library Manager||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|TDMF for zOS||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Total Storage Service Console (TSSC) / TS4500 IMC||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Transit Gateway ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Tririga Anywhere||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|TS4300||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Urbancode Deploy||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Virtual Private Cloud ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Virtual Server for Classic ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Virtualization Management Interface||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|VPN for VPC ||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| |IBM|Workload Automation||Not Affected||An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog|||12/15/2021| | ISEC7 | Sphere | N/A | Not Affected | No | | | |12/15/2021| | Jenkins | CI/CD Core | | Not Affected | | | | | | | Jenkins | Plugins | | Unkown | | | Need to audit plugins for use of log4j | | | | Jetbrains | | | Affected | Yes | https://www.jetbrains.com/help/license_server/release_notes.html | | | | | McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | | Not Affected | | | | | | | McAfee | Data Exchange Layer (DXL) | | Under Investigation | | | | | | | McAfee | Enterprise Security Manager (ESM) | | Under Investigation | | | | | | | McAfee | ePolicy Orchestrator Application Server (ePO) | | Under Investigation | | | | | | | McAfee | McAfee Active Response (MAR) | | Under Investigation | | | | | | | McAfee | Network Security Manager (NSM) | | Under Investigation | | | | | | | McAfee | Network Security Platform (NSP) | | Under Investigation | | | | | | | McAfee | Threat Intelligence Exchange (TIE) | | Under Investigation | | | | | | | Microsoft | Azure Data lake store java | < 2.3.10 | Affected | | azure-data-lake-store-java/CHANGES.md at ed5d6304783286c3cfff0a1dee457a922e23ad48 · Azure/azure-data-lake-store-java · GitHub | | | | | MongoDB | MongoDB Atlas Search | | Affected | yes | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | MongoDB Drivers | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | MongoDB Realm (including Realm Database, Sync, Functions, APIs) | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | Netapp | Multiple NetApp products | | Affected | | https://security.netapp.com/advisory/ntap-20211210-0007/ | | | | | Neo4j | Neo4j Graph Database| Version >4.2, <4..2.12 | Affected | No | | | | 12/13/2021| |New Relic|New Relic Java Agent|<7.4.2|Affected|Yes|Java agent v7.4.2|Initially fixed in 7.4.1, but additional vulnerability found|New Relic tracking, covers CVE-2021-44228, CVE-2021-45046|12/15/2021| | Okta | Okta RADIUS Server Agent | < 2.17.0 | Affected | | Okta RADIUS Server Agent CVE-2021-44228 Okta | | | 12/12/2021 | | Okta| Okta On-Prem MFA Agent| < 1.4.6 | Affected | | Okta On-Prem MFA Agent CVE-2021-44228 Okta| || 12/12/2021 | | Okta | Advanced Server Access | | Not Affected | | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta Access Gateway | | Not Affected | | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta AD Agent | | Not Affected | | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta Browser Plugin | | Not Affected | | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta IWA Web Agent | | Not Affected | | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021| | Okta | Okta LDAP Agent | | Not Affected | | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta Mobile | | Not Affected | | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta Workflows | | Not Affected | | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta Verify | | Not Affected | | Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Palo-Alto | Prisma Cloud Compute| | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | Prisma Cloud | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | PAN-OS | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | GlobalProtect App | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | Cortex XSOAR | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | Cortex XDR Agent | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | CloudGenix | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | Panorama | 9.0, 9.1, 10.0 | Affected | Yes | Unit42 Palo-Alto Apache Log4j Vulnerability | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available | 12/15/2021 | | Pulse Secure | Pulse Secure Virtual Traffic Manager | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Secure Services Director | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Secure Web Application Firewall | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Connect Secure | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Ivanti Connect Secure (ICS) | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Policy Secure | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Desktop Client | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Mobile Client | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse One | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse ZTA | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Ivanti Neurons for ZTA | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Ivanti Neurons for secure Access | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Rapid7 | AlcidekArt, kAdvisor, and kAudit | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | AppSpider Pro | on-prem | Not Affected | |Rapid7 Statement | || 12/15/2021| | Rapid7 | AppSpider Enterprise | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | Insight Agent | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightAppSec Scan Engine| on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightAppSec Scan Engine| on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightCloudSec/DivvyCloud | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightConnect Orchestrator | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightIDR/InsightOps Collector & Event Sources| on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightIDR Network Sensor| on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightOps DataHub | InsightOps DataHub <= 2.0 | Affected | Yes | Rapid7 Statement | Upgrade DataHub to version 2.0.1 using the following instructions.|| 12/15/2021| | Rapid7 | InsightOps non-Java logging libraries | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightOps r7insight_java logging library | <=3.0.8 | Affected | Yes | Rapid7 Statement | Upgrade r7insight_java to 3.0.9 || 12/15/2021| | Rapid7 | InsightVM Kubernetes Monitor | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightVM/Nexpose | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightVM/Nexpose Console | on-prem | Not Affected | | Rapid7 Statement |Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell.|| 12/15/2021| | Rapid7 | InsightVM/Nexpose Engine | on-prem | Not Affected | | Rapid7 Statement |Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell.|| 12/15/2021| | Rapid7 | IntSights virtual appliance | on-prem | Not Affected | | Rapid7 Statement ||| 12/15/2021| | Rapid7 | Logentries DataHub | Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 | Affected | Yes | Rapid7 Statement | Linux: Install DataHub_1.2.0.822.deb using the following instructions. Windows: Run version 1.2.0.822 in a Docker container or as a Java command per these instructions. You can find more details here.|| 12/15/2021| | Rapid7 | Logentries le_java logging library | All versions: this is a deprecated component | Affected | Yes | Rapid7 Statement | Migrate to version 3.0.9 of r7insight_java || 12/15/2021| | Rapid7 | Metasploit Pro| on-prem | Not Affected | | Rapid7 Statement |Metasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j.|| 12/15/2021| | Rapid7 | Metasploit Framework| on-prem | Not Affected | | Rapid7 Statement ||| 12/15/2021| | Rapid7 | tCell Java Agent| on-prem | Not Affected | | Rapid7 Statement ||| 12/15/2021| | Rapid7 | Velociraptor| on-prem | Not Affected | | Rapid7 Statement ||| 12/15/2021| | Red Hat build of Quarkus | log4j-core low | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat CodeReady Studio 12 | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Data Grid 8 | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Descision Manager 7 | log4j-core low | | Affected | No| CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Enterprise Linux 6 | log4j | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Enterprise Linux 7 | log4j | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Enterprise Linux 8 | parfait:0.5/log4j12 | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Integration Camel K | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Integration Camel Quarkus | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat JBoss A-MQ Streaming | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat JBoss Enterprise Application Platform 7 | log4j-core low | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat JBoss Enterprise Application Platform Expansion Pack | log4j-core low | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat JBoss Fuse 7 | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Application Runtimes | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-presto | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hive | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch6 | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Logging | logging-elasticsearch6-container | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenStack Platform 13 (Queens) | opendaylight | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Process Automation 7 | log4j-core low | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Single Sign-On 7 | log4j-core | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Software Collections | rh-maven36-log4j12 | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Software Collections | rh-maven35-log4j12 | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Software Collections | rh-java-common-log4j | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Redhat | log4j-core | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | RSA | SecurID Authentication Manager | | Not Affected | | | | | | | RSA | SecurID Authentication Manager Prime | | Not Affected | | | | | | | RSA | SecurID Authentication Manager WebTier | | Not Affected | | | | | | | RSA | SecurID Identity Router | | Not Affected | | | | | | | RSA | SecurID Governance and Lifecycle | | Not Affected | | | | | | | RSA | SecurID Governance and Lifecycle Cloud | | Not Affected | | | | | | | Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | Affected | | Ruckus Wireless (support.ruckuswireless.com) | | | 12/13/2021 | | Siemens | Capital | All Versions >- 2019.1 SP1912 | Affected | Yes | Siemens Advisory Link | Only affected if Teamcenter integration feature is used. Mitigation: Mitigation Link | | 12/15/2021 | | Siemens | Comos Desktop App | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Desigo CC Advanced Reporting | V4.0, 4.1, 4.2, 5.0, 5.1 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Desigo CC Info Center | V5.0, 5.1 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | E-Car OC Cloud Application | All Versions < 2021-12-13 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | EnergyIP Prepay | V3.7. V3.8 | Affected | Yes | Siemens Advisory Link | | | 12/15 2021 | | Siemens | GMA-Manager | All Version > V8.6.2j-398 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021| | Siemens | HES UDIS | All Versions | Affected | Yes | Siemens Advisory Link ||| 12/15/2021 | | Siemens | Industrial Edge Management App | All Versions | Affected | Yes | Siemens Advisory Link| | | 12/15/2021 | | Siemens | Industrial Edge Management OS | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Industrial Edge Management Hub | All versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | LOGO! Soft Comfort | All versions | Affected | Yes | Siemens Advisory Link | | |12/15/2021 | | Siemens | Mendix Applications | All Versions | Not Affected | Yes | Siemens Advisory Link| | | 12/15/2021 | | Siemens | NX | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Opcenter Intelligence | All Versions >=3.2 | Affected | Yes |Siemens Advisory Link | Only OEM version that ships Tableau | | 12/15/2021 | | Siemens | Mindsphere Cloud Application | All Versions < 2021-12-11 | Affected | Yes | Siemens Advisory Link| Fixed on Cloud Version | |12/15/2021 | | Siemens | Operation Scheduler | All versions >= V1.1.3 | Affected | Yes | Siemens Advisory Link |Block incoming and outgoing connections | | 12/15/2021 | | Siemens | SIGUARD DSA | V4.2, 4.3, 4.4 | Affected | Yes | Siemens Advisory Link | | |12/15/2021 | | Siemens | SIMATIC WinCC | All Versions <V7.4 SP1 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | SiPass integrated V2.80 | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | SiPass integrated V2.85 | All Versions | Affected | Yes | Siemens Advisory Link| | | 12/15/2021 | | Siemens | Siveillance Command | All Versions >=4.16.2.1 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Siveillance Control Pro | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Siveillance Identity V1.5 | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Siveillance Identity V1.6 | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Siveillance Vantage | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Solid Edge Wiring Harness Design | All Versions >= 2020 | Affected | Yes | Siemens Advisory Link |only if Teamcenter integration feature is used | | 12/15/2021 | | Siemens | Spectrum Power 4 | All versions | Affected | Yes | Siemens Advisory Link|only with component jROS in version 3.0.0|| 12/15/2021| | Siemens | Spectrum Power 7 | All Versions < V2.30 SP2 | Affected | Yes | Siemens Advisory Link| only with component jROS | | 12/15/2021 | |Siemens | Teamcenter Suite | All Versions | Affected | Yes| Siemens Advisory Link| ||12/15/2021| | Siemens | VeSys | All Versions >=2019.1 SP1912 |Affected | Yes |Siemens Advisory Link | only if Teamcenter integration feature is used| |12/15/2021 | | Siemens | Xpedition EDM Server | VX.2.6-VX.2.10 | Affected | Yes | Siemens Advisory Link | | |12/15/2021 | | Siemens | Xpedition EDM Client | VX.2.6-VX.2.10 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | Affected | No | Apache Log4j Critical Vulnerability (CVE-2021-44228) Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228) | Workarounds available, hotfix under development | | 12/14/2021 | | SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | Affected | No | Apache Log4j Critical Vulnerability (CVE-2021-44228) Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228) | Workarounds available, hotfix under development | | 12/14/2021 | | SonicWall | Gen5 Firewalls (EOS) | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the appliance. | | 12/12/2021 | | SonicWall | Gen6 Firewalls | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the appliance. | | 12/12/2021 | | SonicWall | Gen7 Firewalls | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the appliance. | | 12/12/2021 | | SonicWall | SonicWall Switch | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the SonicWall Switch. | | 12/12/2021 | | SonicWall | SMA 100 | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the SMA100 appliance. | | 12/12/2021 | | SonicWall | SMA 1000 | | Not Affected | | Security Advisory (sonicwall.com) | Version 12.1.0 and 12.4.1 doesn't use a vulnerable version | | 12/12/2021 | | SonicWall | Email Security | | Not Affected | | [Security Advisory (sonicwall.com)] | Version 10.x doesn't use a vulnerable version | | 12/12/2021 | | SonicWall | MSW | | Not Affected | | Security Advisory (sonicwall.com) | Mysonicwall service doesn't use Log4j | | 12/12/2021 | | SonicWall | NSM | | Not Affected | | Security Advisory (sonicwall.com) | NSM On-Prem and SaaS doesn't use a vulnerable version | | 12/12/2021 | | SonicWall | Capture Client & Capture Client Portal | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the Capture Client.| | 12/12/2021 | | SonicWall | Access Points| | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the SonicWall Access Points | | 12/12/2021 | | SonicWall | WNM | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the WNM. | | 12/12/2021 | | SonicWall | Capture Security Appliance | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the Capture Security appliance. | | 12/12/2021 | | SonicWall | WXA | | Not Affected | | Security Advisory (sonicwall.com) | WXA doesn't use a vulnerable version | | 12/12/2021 | | SonicWall | SonicCore | | Not Affected | | Security Advisory (sonicwall.com) | SonicCore doesn't use a Log4j2 | | 12/12/2021 | | SonicWall | Analyzer | | Under Investigation | | Security Advisory (sonicwall.com) | Under Review | | 12/12/2021 | | SonicWall | Analytics | | Under Investigation | | Security Advisory (sonicwall.com) | Under Review | | 12/12/2021 | | SonicWall | GMS | | Under Investigation | | Security Advisory (sonicwall.com) | Under Review | | 12/12/2021 | | SonicWall | CAS | | Under Investigation | | Security Advisory (sonicwall.com) | Under Review | | 12/12/2021 | | SonicWall | WAF | | Under Investigation | | Security Advisory (sonicwall.com) | Under Review | | 12/12/2021 | | Sophos | Sophos Mobile EAS Proxy | < 9.7.2 | Affected | No | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers will need to download and install version 9.7.2, available from Monday December 13, 2021, on the same machine where it is currently running. PowerShell mode is not affected. Customers can download the Standalone EAS Proxy Installer version 9.7.2 from the Sophos website. | | 12/12/2021 | | Sophos | Cloud Optix | | Fixed | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Users may have noticed a brief outage around 12:30 GMT as updates were deployed. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted. | | 12/12/2021 | | Sophos | Sophos Firewall (all versions) | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Firewall does not use Log4j. | | 12/12/2021 | | Sophos | SG UTM (all versions) | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos SG UTM does not use Log4j. | | 12/12/2021 | | Sophos | SG UTM Manager (SUM) (all versions) | All versions | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | SUM does not use Log4j. | | 12/12/2021 | | Sophos | Sophos ZTNA | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos ZTNA does not use Log4j. | | 12/12/2021 | | Sophos | Sophos Home | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Home does not use Log4j. | | 12/12/2021 | | Sophos | Sophos Central | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Central does not run an exploitable configuration. | | 12/12/2021 | | Sophos | Sophos Mobile | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable configuration. | | 12/12/2021 | | Sophos | Reflexion | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Reflexion does not run an exploitable configuration. | | 12/12/2021 | | Splunk | Data Stream Processor | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | IT Service Intelligence (ITSI) | 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Enterprise | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Enterprise Amazon Machine Image (AMI) | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Enterprise Docker Container | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Stream Processor Service | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Cloud Developer Edition | | Under Investigation | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Connect for SNMP | | Under Investigation | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk DB Connect | | Under Investigation | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Forwarders (UF/HWF) | | Under Investigation | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Mint | | Under Investigation | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Spring | Spring Boot | | Unkown | | https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | | | | TrendMicro | All | | Under Investigation | | https://success.trendmicro.com/solution/000289940 | | | | | Ubiquiti | UniFi Network Application | 6.5.53 & lower versions | Affected | Yes | UniFi Network Application 6.5.54 Ubiquiti Community | | | | | Ubiquiti | UniFi Network Controller | 6.5.54 & lower versions | Affected | Yes | UniFi Network Application 6.5.55 Ubiquiti Community | | 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 | 12/15/2021 | | VMware | VMware vCenter Server | 8.x, 7.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vCenter Server | 7.x, 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vCenter Server | 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware HCX | 4.x, 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware NSX-T Data Centern | 3.x, 2.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Unified Access Gateway | 21.x, 20.x, 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Workspace ONE Access | 21.x, 20.10.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Identity Manager | 3.3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Operations | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Operations Cloud Proxy | Any | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Log Insight | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Automation | 8.x, 7.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Lifecycle Manager | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Telco Cloud Automation | 2.x, 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Carbon Black Cloud Workload Appliance | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Carbon Black EDR Server | 7.x, 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Site Recovery Manager | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware| VMware Tanzu GemFire | 9.x, 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Tanzu Greenplum | 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Tanzu Operations Manager | 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware| VMware Tanzu Application Service for VMs | 2.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware| VMware Tanzu Kubernetes Grid Integrated Edition | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Tanzu Observability by Wavefront Nozzle | 3.x, 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | Healthwatch for Tanzu Application Service | 2.x, 1.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | Spring Cloud Services for VMware Tanzu | 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | Spring Cloud Gateway for VMware Tanzu | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | Spring Cloud Gateway for Kubernetes | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | || 12/12/2021 | | VMware | API Portal for VMware Tanzu | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | Single Sign-On for VMware Tanzu Application Service | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | App Metrics | 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vCenter Cloud Gateway | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Tanzu SQL with MySQL for VMs | 2.x, 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Orchestrator | 8.x, 7.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Cloud Foundation | 4.x, 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Horizon DaaS | 9.1.x, 9.0.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Horizon Cloud Connector | 1.x, 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | |Zendesk|All Products|All Versions|Affected |No|2021-12-13 Security Advisory - Apache Log4j (CVE-2021-44228)|Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems.||12/13/2021| |Zscaler|Multiple Products||Not Affected|No|CVE-2021-44228 log4j Vulnerability|||