1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-18 23:07:54 +00:00
log4j-affected-db/README.md
2021-12-16 12:38:38 -05:00

249 KiB
Raw Blame History

CISA Log4j (CVE-2021-44228) Vulnerability Guidance

This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.

Official CISA Guidance & Resources

CISA Current Activity Alerts

National Vulnerability Database (NVD) Information: CVE-2021-44228

CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open an issue here. We have a template available for your submission. Please also feel free to submit a pull request.

Mitigation Guidance

CISA urges organizations operating products marked as "Fixed" to immediately implement listed patches/mitigations here.

CISA urges organizations operating products marked as "Not Fixed" to immediately implement alternate controls, including:

  • Install a WAF with rules that automatically update.
  • Set log4j2.formatMsgNoLookups to true by adding -Dlog4j2.formatMsgNoLookups=True to the Java Virtual Machine command for starting your application.
  • Ensure that any alerts from a vulnerable device are immediately actioned.
  • Report incidents promptly to CISA and/or the FBI here.

Status Descriptions

Status Description
Unknown Status unknown. Default choice.
Affected Reported to be affected by CVE-2021-44228.
Not Affected Reported to NOT be affected by CVE-2021-44228 and no further action necessary.
Fixed Patch and/or mitigations available (see provided links).
Under Investigation Vendor investigating status.

Software List

This list was initially populated using information from the following sources:

  • Kevin Beaumont
Vendor Product Version(s) Status Update available Vendor link Notes Other References Last Updated
3M Health Information Systems CGS Affected Unknown CGS: Log4j Software Update(login required) This advisory is available to customers only and has not been reviewed by CISA. 12/15/2021
Accellion Kiteworks v7.6 release Fixed Yes Kiteworks Statement "As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to disable the possible attack vector on both CentOS 6 and CentOS 7." 12/16/2021
Akamai SIEM Splunk Connector All Affected GitHub - akamai/siem-splunk-connector: Akamai SIEM Connector for Splunk
Amazon OpenSearch Unknown Affected Yes (R20211203-P2) Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Amazon AWS Lambda Unknown Affected Yes Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Amazon AWS CloudHSM < 3.4.1. Affected Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Amazon EC2 Amazon Linux 1 & 2 Unknown Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Apache Druid < druid 0.22.0 Affected Yes Release druid-0.22.1 · apache/druid · GitHub 12/12/2021
Apache Flink < flink 1.15.0, 1.14.1, 1.13.3 Affected No Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228) 12/12/2021
Apache Log4j < 2.15.0 Affected Yes Log4j Apache Log4j Security Vulnerabilities
Apache Kafka Unknown Affected No Log4j Apache Log4j Security Vulnerabilities Only vulnerable in certain configuration(s)
Apache SOLR 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 Affected Yes Log4j Apache Log4j Security Vulnerabilities
Apereo CAS 6.3.x & 6.4.x Affected Yes CAS Log4J Vulnerability Disclosure Apereo Community Blog
Apereo Opencast < 9.10, < 10.6 Affected Yes Apache Log4j Remote Code Execution · Advisory · opencast/opencast · GitHub
Application Performance Ltd DBMarlin Not Affected Common Vulnerabilities Apache log4j Vulnerability CVE-2021-4428 12/15/2021
Aptible Aptible ElasticSearch 5.x Affected Yes Aptible Status - Log4j security incident CVE-2021-27135
Atlassian Jira Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender,
Atlassian Confluence Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender,
Atlassian Bamboo Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible
Atlassian Crowd Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible
Atlassian Fisheye All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible
Atlassian Crucible All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation
Avaya Avaya Analytics 3.5, 3.6, 3.6.1, 3.7, 4 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Device Services 8, 8.1, 8.1.4, 8.1.5 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura for OneCloud Private Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities.  Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Application Enablement Services 8.1.3.2, 8.1.3.3, 10.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security PSN020551u Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Contact Center 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Device Services 8.0.1, 8.0.2, 8.1.3  Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Media Server 8.0.0, 8.0.1, 8.0.2  Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security PSN020549u Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Presence Services 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Session Manager 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security PSN020550u Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® System Manager 10.1, 8.1.3  Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security PSN005565u Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Web Gateway 3.11[P], 3.8.1[P], 3.8[P], 3.9.1 [P], 3.9[P] Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Breeze™ 3.7, 3.8, 3.8.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Contact Center Select 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya CRM Connector - Connected Desktop 2.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Meetings 9.1.10, 9.1.11, 9.1.12 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya OneCloud-Private 2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Session Border Controller for Enterprise 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 Affected Yes Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security PSN020554u Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Social Media Hub Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Workforce Engagement 5.3 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Business Rules Engine 3.4, 3.5, 3.6, 3.7 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Callback Assist 5, 5.0.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Control Manager 9.0.2, 9.0.2.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Device Enrollment Service 3.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Equinox™ Conferencing 9.1.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Interaction Center 7.3.9 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya IP Office™ Platform 11.0.4, 11.1, 11.1.1, 11.1.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Proactive Outreach Manager 3.1.2, 3.1.3, 4, 4.0.1  Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Device Enablement Service 3.1.22  Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya one cloud private -UCaaS - Mid Market Aura Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Tuesday, December 14, 2021 - 8:30pm ET
Appeon PowerBuilder Appeon PowerBuilder 2017-2021 regardless of product edition Affected No 12/15/2021
BMC BMC Helix ITSM Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Discovery Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Remedyforce Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Digital Workplace Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Business Workflows Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Client Management Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix CMDB Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Knowledge Management Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Operations Management with AIOps Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Platform Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Remediate Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Virtual Agent Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Remedy ITSM (IT Service Management) Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Footprints Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Track-It! Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC SmartIT Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Control-M Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Control-M Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Cloud Lifecycle Management Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Automation for Networks Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Automation for Servers Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Orchestration Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Bladelogic Database Automation Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC AMI Ops Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Automation Console Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Cloud Cost Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Cloud Security Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Continuous Optimization Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix platform Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Remediate Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Capacity Optimization Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Infrastructure Management Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Operations Management Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC AMI Products Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC MainView Middleware Administrator Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC MainView Middleware Monitor Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Compuware Under Investigation BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
Broadcom CA Advanced Authentication 9.1 Affected
Broadcom CA Risk Authentication Affected
Broadcom CA Strong Authentication Affected
Broadcom Symantec Endpoint Protection Manager (SEPM) 14.3 Affected No Broadcom Support Portal
Broadcom CloudSOC Cloud Access Security Broker (CASB) Not Affected Broadcom Support Portal
Broadcom Symantec Control Compliance Suite (CCS) Not Affected Broadcom Support Portal
Broadcom Data Center Security (DCS) Not Affected Broadcom Support Portal
Broadcom Data Loss Prevention (DLP) Not Affected Broadcom Support Portal
Broadcom Ghost Solution Suite (GSS) Not Affected Broadcom Support Portal
Broadcom IT Management Suite Not Affected Broadcom Support Portal
Broadcom Layer7 API Gateway Not Affected Broadcom Support Portal
Broadcom Layer7 Mobile API Gateway Not Affected Broadcom Support Portal
Broadcom ProxySG Not Affected Broadcom Support Portal
Broadcom Security Analytics (SA) Not Affected Broadcom Support Portal
Broadcom Symantec Directory Not Affected Broadcom Support Portal
Broadcom Symantec Identity Governance and Administration (IGA) Not Affected Broadcom Support Portal
Broadcom Symantec PGP Solutions Not Affected Broadcom Support Portal
Broadcom VIP Not Affected Broadcom Support Portal
Broadcom Advanced Secure Gateway (ASG) Under Investigation Broadcom Support Portal
Broadcom BCAAA Under Investigation Broadcom Support Portal
Broadcom Content Analysis (CA) Under Investigation Broadcom Support Portal
Broadcom Cloud Workload Protection (CWP) Under Investigation Broadcom Support Portal
Broadcom Cloud Workload Protection for Storage (CWP:S) Under Investigation Broadcom Support Portal
Broadcom Critical System Protection (CSP) Under Investigation Broadcom Support Portal
Broadcom Email Security Service (ESS) Under Investigation Broadcom Support Portal
Broadcom HSM Agent Under Investigation Broadcom Support Portal
Broadcom Industrial Control System Protection (ICSP) Under Investigation Broadcom Support Portal
Broadcom Integrated Cyber Defense Manager (ICDm) Under Investigation Broadcom Support Portal
Broadcom Integrated Secure Gateway (ISG) Under Investigation Broadcom Support Portal
Broadcom Layer7 API Developer Portal Under Investigation Broadcom Support Portal
Broadcom Management Center (MC) Under Investigation Broadcom Support Portal
Broadcom PacketShaper (PS) S-Series Under Investigation Broadcom Support Portal
Broadcom PolicyCenter (PC) S-Series Under Investigation Broadcom Support Portal
Broadcom Privileged Access Manager Under Investigation Broadcom Support Portal
Broadcom Privileged Access Manager Server Control Under Investigation Broadcom Support Portal
Broadcom Privileged Identity Manager Under Investigation Broadcom Support Portal
Broadcom Reporter Under Investigation Broadcom Support Portal
Broadcom Secure Access Cloud (SAC) Under Investigation Broadcom Support Portal
Broadcom SiteMinder (CA Single Sign-On) Under Investigation Broadcom Support Portal
Broadcom SSL Visibility (SSLV) Under Investigation Broadcom Support Portal
Broadcom Symantec Endpoint Detection and Response (EDR) Under Investigation Broadcom Support Portal
Broadcom Symantec Endpoint Encryption (SEE) Under Investigation Broadcom Support Portal
Broadcom Symantec Endpoint Protection (SEP) Under Investigation Broadcom Support Portal
Broadcom Symantec Endpoint Protection (SEP) for Mobile Under Investigation Broadcom Support Portal
Broadcom Symantec Mail Security for Microsoft Exchange (SMSMSE) Under Investigation Broadcom Support Portal
Broadcom Symantec Messaging Gateway (SMG) Under Investigation Broadcom Support Portal
Broadcom Symantec Protection Engine (SPE) Under Investigation Broadcom Support Portal
Broadcom Symantec Protection for SharePoint Servers (SPSS) Under Investigation Broadcom Support Portal
Broadcom VIP Authentication Hub Under Investigation Broadcom Support Portal
Broadcom Web Isolation (WI) Under Investigation Broadcom Support Portal
Broadcom Web Security Service (WSS) Under Investigation Broadcom Support Portal
Broadcom WebPulse Under Investigation Broadcom Support Portal
Check Point Quantum Security Gateway Not Affected
Check Point Quantum Security Management Not Affected Uses the 1.8.0_u241 version of the JRE that protects against this attack by default.
Check Point CloudGuard Not Affected
Check Point Infinity Portal Not Affected
Check Point Harmony Endpoint & Harmony Mobile Not Affected
Check Point SMB Not Affected
Check Point ThreatCloud Not Affected
Cisco Cisco Webex Meetings Server Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Advanced Web Security Reporting Application Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco CloudCenter Suite Admin Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Crosswork Change Automation Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Evolved Programmable Network Manager Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Integrated Management Controller (IMC) Supervisor Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Intersight Virtual Appliance Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Services Orchestrator (NSO) Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco WAN Automation Engine (WAE) Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco UCS Director Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Computer Telephony Integration Object Server (CTIOS) Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Packaged Contact Center Enterprise Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Contact Center Enterprise - Live Data server Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Contact Center Enterprise Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Intelligent Contact Management Enterprise Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified SIP Proxy Software Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Video Surveillance Operations Manager Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Kinetic for Cities Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Umbrella Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Communications Manager Cloud Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Webex Cloud-Connected UC (CCUC) Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Duo Not Affected Yes Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SocialMiner Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco AnyConnect Secure Mobility Client Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Webex Teams Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Extensible Network Controller (XNC) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus Data Broker Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus Insights Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Wide Area Application Services (WAAS) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco AMP Virtual Private Cloud Appliance Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Adaptive Security Appliance (ASA) Software Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Firepower Management Center Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Firepower Threat Defense (FTD) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Identity Services Engine (ISE) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Registered Envelope Service Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Web Security Appliance (WSA) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco ACI Multi-Site Orchestrator Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Application Policy Infrastructure Controller (APIC) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco CloudCenter Workload Manager Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Connected Grid Device Manager Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Connected Mobile Experiences Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco DNA Assurance Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Data Center Network Manager (DCNM) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Elastic Services Controller (ESC) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IoT Operations Dashboard Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Modeling Labs Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Planner Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus Dashboard (formerly Cisco Application Services Engine) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Optical Network Planner Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Policy Suite Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Central for Service Providers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Collaboration Manager Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Collaboration Provisioning Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Infrastructure Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime License Manager Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Network Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Optical for Service Providers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Provisioning Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Service Catalog Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco UCS Performance Manager Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco ACI Virtual Edge Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco ASR 5000 Series Routers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Catalyst 9800 Series Wireless Controllers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco DNA Center Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Enterprise NFV Infrastructure Software (NFVIS) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco GGSN Gateway GPRS Support Node Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IOS and IOS XE Software Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IOx Fog Director Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IP Services Gateway (IPSG) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco MDS 9000 Series Multilayer Switches Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco MME Mobility Management Entity Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Assurance Engine Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Convergence System 2000 Series Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 5500 Platform Switches Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 5600 Platform Switches Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 6000 Series Switches Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 7000 Series Switches Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco PDSN/HA Packet Data Serving Node and Home Agent Under Investigation Vulnerability in Apache Log4j Library Affecting Cis co Products: December 2021
Cisco Cisco PGW Packet Data Network Gateway Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge 1000 Series Routers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge 2000 Series Routers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge 5000 Series Routers Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge Cloud Router Platform Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vManage Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Secure Network Analytics (SNA), formerly Stealthwatch Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco System Architecture Evolution Gateway (SAEGW) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco HyperFlex System Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco BroadWorks Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Broadcloud Calling Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Contact Center Domain Manager (CCDM) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Contact Center Management Portal (CCMP) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Emergency Responder Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Enterprise Chat and Email Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Finesse Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Paging Server (InformaCast) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Paging Server Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Advanced Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Business Edition Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Department Edition Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Enterprise Edition Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Premium Edition Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Contact Center Express Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Virtualized Voice Browser Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Exony Virtualized Interaction Manager (VIM) Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Meeting Server Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco TelePresence Management Suite Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Vision Dynamic Signage Director Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco CX Cloud Agent Software Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Cognitive Intelligence Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Common Services Platform Collector Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Connectivity Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco DNA Spaces Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Defense Orchestrator Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Intersight Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Assessment (CNA) Tool Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Managed Services Accelerator (MSX) Network Access Control Service Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco AppDynamics Under Investigation Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco duo network gateway (on-prem/self-hosted) Under Investigation
Citrix Citrix ADC Under Investigation https://support.citrix.com/article/CTX335705
Citrix Citrix Endpoint Management Under Investigation https://support.citrix.com/article/CTX335705
Citrix Citrix Gateway Under Investigation https://support.citrix.com/article/CTX335705
Citrix Citrix SD-WAN Under Investigation https://support.citrix.com/article/CTX335705
Citrix Citrix Virtual Apps and Desktops Under Investigation https://support.citrix.com/article/CTX335705
Cloudera CDH, HDP, and HDF Only version 6.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Enterprise Only version 6.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Science Workbench (CDSW) Only versions 2.x, 3.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Hortonworks Data Platform (HDP) Only versions 7.1.x, 2.7.x, 2.6.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Ambari Only versions 2.x, 1.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Cybersecurity Platform All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Data Steward Studio (DSS) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Arcadia Enterprise Only version 7.1.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera CDP Private Cloud Base Only version 7.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Warehouse (CDW) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Machine Learning (CML) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Engineering (CDE) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Management Console All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Workload XM All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Flow Management (CFM) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Edge Management (CEM) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Stream Processing (CSP) All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera CDS 3 Powered by Apache Spark All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera CDS 3.2 for GPUs All versions Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) Only versions 7.0.x, 7.1.x, 7.2.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) Only versions 7.0.x, 7.1.x, 7.2.x Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Warehouse (CDW) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Machine Learning (CML) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Engineering (CDE) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Flow (CFM) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Streaming Analytics (CSA) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Data Visualization (CDV) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera DataFlow (CDF) Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Replication Manager Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Manager (Including Backup Disaster Recovery (BDR)) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera AM2CM Tool Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Hortonworks Data Flow (HDF) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Hortonworks DataPlane Platform Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Data Lifecycle Manager (DLM) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Cloudera Streaming Analytics (CSA) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Management Console for CDP Public Cloud Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera CDP Operational Database (COD) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Data Catalog Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Workload Manager Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Workload XM (SaaS) Not Affected https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera SmartSense Under Investigation https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudera Data Analytics Studio (DAS) Under Investigation https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019
Cloudogu Ecosystem All Affected Yes Cloudogu Community
Cloudogu SCM-Manager Not Affected SCM-Manager Blog
CyberArk Privileged Threat Analytics (PTA) N/A Affected Yes CyberArk Customer Force This advisory is available to customers only and has not been reviewed by CISA. 12/14/2021
Devolutions All products Not Affected https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/
DrayTek Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform Not Affected DrayTek Statement 12/15/2021
Dynatrace Managed cluster nodes Affected
Dynatrace Synthetic Activegates Affected
Elastic Elasticsearch 5,6,8 Affected Yes Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Cloud Under Investigation Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Cloud Enterprise Under Investigation Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic APM Java Agent Under Investigation Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Cloud Enterprise Under Investigation Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Cloud on Kubernetes Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Logstash <6.8.21,<7.16.1 Affected Yes Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Swiftype Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic APM Server Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Beats Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Cmd Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Agent Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Endgame Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Maps Service Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Endpoint Security Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Enterprise Search Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Fleet Server Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Kibana Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Machine Learning Not Affected Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
ExtraHop Reveal(x) <=8.4.6, <=8.5.3, <=8.6.4 Affected Yes ExtraHop Statement Contains vulnerable code but not likely to get unauthenticated user input to the log4j component. 12/14/2021
FedEx Ship Manager Software Unknown Affected/Under Investigation FedEx Statement Note: FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. 12/15/2021
F-Secure Endpoint Proxy 13-15 Affected Yes F-Secure services Status - 0-day exploit found in the Java logging package log4j2
F-Secure Policy Manager 13-15 Affected Yes F-Secure services Status - 0-day exploit found in the Java logging package log4j2
F-Secure Policy Manager Proxy 13-15 Affected Yes F-Secure services Status - 0-day exploit found in the Java logging package log4j2
F-Secure Elements Connector Affected Yes The Log4J Vulnerability (CVE-2021-44228) which F-Secure products are affected, what it means, what steps should you take - F-Secure Community
F-Secure Messaging Security Gateway Affected Yes The Log4J Vulnerability (CVE-2021-44228) which F-Secure products are affected, what it means, what steps should you take - F-Secure Community
Fiix Fiix CMMS Core v5 Fixed PN1579 - Log4Shell Vulnerability Notice The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. 12/15/2021
Forcepoint DLP Manager Affected Login (forcepoint.com)
Forcepoint Security Manager (Web, Email and DLP) Affected Login (forcepoint.com)
Forcepoint Forcepoint Cloud Security Gateway (CSG) Not Affected Login (forcepoint.com)
Forcepoint Next Generation Firewall (NGFW) Not Affected Login (forcepoint.com)
Forcepoint Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder Not Affected Login (forcepoint.com)
Forcepoint One Endpoint Not Affected Login (forcepoint.com)
ForgeRock Autonomous Identity Affected Security Advisories - Knowledge - BackStage (forgerock.com) all other ForgeRock products Not vulnerable
Fortinet FortiAIOps Affected PSIRT Advisories FortiGuard
Fortinet FortiCASB Affected PSIRT Advisories FortiGuard
Fortinet FortiConvertor Affected PSIRT Advisories FortiGuard
Fortinet FortiEDR Cloud Affected PSIRT Advisories FortiGuard
Fortinet FortiNAC Affected PSIRT Advisories FortiGuard
Fortinet FortiNAC Affected PSIRT Advisories FortiGuard
Fortinet FortiPolicy Affected PSIRT Advisories FortiGuard
Fortinet FortiPortal Affected PSIRT Advisories FortiGuard
Fortinet FortiSIEM Affected PSIRT Advisories FortiGuard
Fortinet FortiSOAR Affected PSIRT Advisories FortiGuard
Fortinet ShieldX Affected PSIRT Advisories FortiGuard
Fortinet FortiAnalyzer Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiAnalyzer Not Affected PSIRT Advisories FortiGuard
Fortinet FortiAP Not Affected PSIRT Advisories FortiGuard
Fortinet FortiAuthenticator Not Affected PSIRT Advisories FortiGuard
Fortinet FortiDeceptor Not Affected PSIRT Advisories FortiGuard
Fortinet FortiEDR Agent Not Affected PSIRT Advisories FortiGuard
Fortinet FortiGate Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiGSLB Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiMail Not Affected PSIRT Advisories FortiGuard
Fortinet FortiManager Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiManager Not Affected PSIRT Advisories FortiGuard
Fortinet FortiOS (includes FortiGate & FortiWiFi) Not Affected PSIRT Advisories FortiGuard
Fortinet FortiPhish Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiRecorder Not Affected PSIRT Advisories FortiGuard
Fortinet FortiSwicth Cloud in FortiLANCloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiSwitch & FortiSwitchManager Not Affected PSIRT Advisories FortiGuard
Fortinet FortiToken Cloud Not Affected PSIRT Advisories FortiGuard
Fortinet FortiVoice Not Affected PSIRT Advisories FortiGuard
Fortinet FortiWeb Cloud Not Affected PSIRT Advisories FortiGuard
FusionAuth FusionAuth 1.32 Not Affected log4j CVE: How it affects FusionAuth (TLDR: It doesn't) - FusionAuth
Gradle Gradle Not Affected No Gradle Blog - Dealing with the critical Log4j vulnerability Gradle Scala Compiler Plugin depends upon log4j-core but it is not used.
Gradle Gradle Enterprise < 2021.3.6 Affected Yes Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2
Gradle Gradle Enterprise Test Distribution Agent < 1.6.2 Affected Yes Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2
Gradle Gradle Enterprise Build Cache Node < 10.1 Affected Yes Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2
HPE 3PAR StoreServ Arrays Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE AirWave Management Platform Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Alletra 6000 Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Alletra 9k Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Aruba Central Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Aruba ClearPass Policy Manager Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Aruba ClearPass Policy Manager Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Aruba Instant (IAP) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Aruba Location Services Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Aruba NetEdit Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Aruba PVOS Switches Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Aruba SDN VAN Controller Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Aruba User Experience Insight (UXI) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Aruba VIA Client Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE ArubaOS SD-WAN Controllers and Gateways Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE ArubaOS Wi-Fi Controllers and Gateways Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE ArubaOS-CX switches Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE ArubaOS-S switches Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE BladeSystem Onboard Administrator Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Brocade 16Gb SAN Switch for HPE BladeSystem c-Class Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Brocade Network Advisor Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE CloudAuth Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE CloudPhysics Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Compute Cloud Console Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Compute operations manager- FW UPDATE SERVICE Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE COS (Cray Operating System) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Cray Systems Management (CSM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Custom SPP Portal Link Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Data Services Cloud Console Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Harmony Data Platform Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HOP public services (grafana, vault, rancher, Jenkins) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE B-series SN2600B SAN Extension Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE B-series SN4000B SAN Extension Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE B-series SN6000B Fibre Channel Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE B-series SN6500B Fibre Channel Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE B-series SN6600B Fibre Channel Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE B-series SN6650B Fibre Channel Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE B-series SN6700B Fibre Channel Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Customer Experience Assurance (CEA) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Home Location Register (HLR/I-HLR) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Infosight for Servers Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Integrated Home Subscriber Server (I-HSS) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Intelligent Messaging (IM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Intelligent Network Server (INS) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Multimedia Services Environment (MSE) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE OC Convergent Communications Platform (OCCP) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE OC Media Platform Media Resource Function (OCMP-MRF) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE OC Universal Signaling Platform (OC-USP-M) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE OneView Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE OneView for VMware vRealize Operations (vROps) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE OneView Global Dashboard Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Performance Cluster Manager (HPCM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Performance Manager (PM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE OC Service Access Controller (OC SAC) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE OC Service Controller (OCSC) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Position Determination Entity (PDE) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Secure Identity Broker (SIB) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Service Activator (SA) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Service Governance Framework (SGF) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Service Orchestration Manager (SOM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Service Provisioner (SP) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Short Message Point-to-Point Gateway (SMPP) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Slingshot Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Smart Interaction Server (SIS) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE SN3000B Fibre Channel Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE SN8000B 4-Slot SAN Director Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE SN8000B 8-Slot SAN Backbone Director Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE SN8600B 4-Slot SAN Director Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE SN8600B 8-Slot SAN Director Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE SN8700B 4-Slot Director Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE SN8700B 8-Slot Director Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Subscriber, Network, and Application Policy (SNAP) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Subscription Manager (SM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Synergy Image Streamer Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Systems Insight Manager (SIM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Telecom Application Server (TAS) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Unified Correlation and Automation (UCA) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Unified OSS Console (UOC) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Universal SLA Manager (uSLAM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Unified Mediation Bus (UMB) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Unified Topology Manager (UTM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Universal Identity Repository (VIR) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Virtual Connect Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Virtual Connect Enterprise Manager (VCEM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Virtual Provisioning Gateway (vPGW) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Virtual Server Environment (VSE) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE HPE Virtual Subscriber Data Management (vSDM) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE WebRTC Gateway Controller (WGW) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-14
HPE HPE Wi-Fi Authentication Gateway (WauG) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Insight Cluster Management Utility (CMU) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Integrated Lights-Out (iLO) Amplifier Pack Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Integrated Lights-Out 4 (iLO 4) 4 Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Integrated Lights-Out 5 (iLO 5) 5 Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Integrity BL860c, BL870c, BL890c Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Integrity Rx2800/Rx2900 Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Integrity Superdome 2 Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Integrity Superdome X Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Intelligent Provisioning Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE iSUT integrated smart update tool Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Maven Artifacts (Atlas) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE MSA Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE NetEdit Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Nimble Storage Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE NS-T0634-OSM CONSOLE TOOLS Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE NS-T0977-SCHEMA VALIDATOR Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE OfficeConnect Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Primera Storage Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE RepoServer part of OPA (on Premises aggregator) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Resource Aggregator for Open Distributed Infrastructure Management Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE RESTful Interface Tool (iLOREST) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE SAT (System Admin Toolkit) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Scripting Tools for Windows PowerShell (HPEiLOCmdlets) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE SGI MC990 X Server Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE SGI UV 2000 Server Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE SGI UV 300, 300H, 300RL, 30EX Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE SGI UV 3000 Server Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE SN8700B 8-Slot Director Switch Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE StoreEasy Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE StoreEver CVTL Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE StoreEver LTO Tape Drives Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE StoreEver MSL Tape Libraries Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE StoreOnce Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE SUM (Smart Update Manager) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Superdome Flex 280 Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE Superdome Flex Server Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
HPE UAN (User Access Node) Not Affected (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387 2021-12-12
IBM Cognos Controller 10.4.2 Affected Yes Security Bulletin: IBM Cognos Controller 10.4.2 IF15: Apache log4j Vulnerability (CVE-2021-44228) 12/15/2021
IBM Planning Analytics Workspace >2.0.57 Affected Yes Security Bulletin: IBM Planning Analytics 2.0: Apache log4j Vulnerability (CVE-2021-44228) 12/15/2021
IBM Power HMC V9.2.950.0 & V10.1.1010.0 Affected Yes Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC 12/15/2021
IBM App ID Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Certificate Manager Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Cloud Object Storage Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Cloud Object Storage Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Cloudant Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Container Registry Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Container Security Services Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Continuous Delivery Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Hyper Protect DBaaS for MongoDB Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Hyper Protect DBaaS for PostgreSQL Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Hyper Protect Virtual Server Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Internet Services Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Knowledge Studio Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Managed VMware Service Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Natural Language Understanding Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM VMware Solutions Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM VMware vCenter Server Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM VMware vSphere Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM vRealize Operations and Log Insight Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Analytics Engine Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM App Configuration Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM App Connect Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Application Gateway Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Aspera Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Aspera Endpoint Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Aspera Enterprise Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Aspera fasp.io Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Bare Metal Servers Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Block Storage Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Block Storage for VPC Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Block Storage Snapshots for VPC Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Case Manager Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Client VPN for VPC Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Cloud Activity Tracker Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Cloud Backup Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Cloud Monitoring Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Code Engine Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Cognos Command Center Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Cognos Integration Server Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Compose Enterprise Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Compose for Elasticsearch Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Compose for etcd Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Compose for MongoDB Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Compose for MySQL Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Compose for PostgreSQL Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Compose for RabbitMQ Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Compose for Redis Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Compose for RethinkDB Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Compose for ScyllaDB Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Content Delivery Network Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Copy Services Manager Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Databases for DataStax Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Databases for EDB Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Databases for Elasticsearch Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Databases for etcd Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Databases for MongoDB Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Databases for PostgreSQL Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Databases for Redis Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Datapower Gateway Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Dedicated Host for VPC Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Direct Link Connect Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Direct Link Connect on Classic Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Direct Link Dedicated (2.0) Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Direct Link Dedicated Hosting on Classic Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Direct Link Dedicated on Classic Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Direct Link Exchange on Classic Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM DNS Services Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Emptoris Contract Management Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Emptoris Program Management Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Emptoris Sourcing Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Emptoris Spend Analysis Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Emptoris Supplier Lifecycle Management Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Enterprise Tape Controller Model C07 (3592) (ETC) Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Event Notifications Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Event Streams Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM File Storage Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Flash System 900 (& 840) Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Flow Logs for VPC Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Functions Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM GSKit Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Guardium S-TAP for Data Sets on z/OS Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Guardium S-TAP for DB2 on z/OS Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Guardium S-TAP for IMS on z/OS Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Hyper Protect Crypto Services Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM i2 Analysts Notebook Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM i2 Base Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Application Runtime Expert for i Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Backup, Recovery and Media Services for i Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Db2 Mirror for i Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM HTTP Server Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM i Portfolio of products under the Group SWMA Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM i Access Family Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM PowerHA System Mirror for i Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Sterling Connect:Direct Browser User Interface Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Sterling Connect:Direct for HP NonStop Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Sterling Connect:Direct for i5/OS Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Sterling Connect:Direct for OpenVMS Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Sterling Connect:Express for Microsoft Windows Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Sterling Connect:Express for UNIX Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Sterling Connect:Express for z/OS Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM IBM Instana Agent Lower than 12-11-2021 Affected Yes Instana Status Incidents 12/14/2021
IBM Key Lifecyle Manager for z/OS Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Key Protect Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Kubernetes Service Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Load Balancer for VPC Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Log Analysis Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Mass Data Migration Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Maximo EAM SaaS Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Message Hub Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM MQ Appliance Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM MQ on IBM Cloud Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM OmniFind Text Search Server for DB2 for i Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM OPENBMC Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM PowerSC Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM PowerVM Hypervisor Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM PowerVM VIOS Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM QRadar Advisor Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Qradar Network Threat Analytics Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM QRadar SIEM Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Quantum Services Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Rational Developer for AIX and Linux Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Rational Developer for i Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Red Hat OpenShift on IBM Cloud Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Robotic Process Automation Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM SAN Volume Controller and Storwize Family Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Satellite Infrastructure Service Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Schematics Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Secrets Manager Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Secure Gateway Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Archive Library Edition Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Discover Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect Client Management Service Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect for Databases: Data Protection for Oracle Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect for Databases: Data Protection for SQL Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect for Enterprise Resource Planning Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect for Mail: Data Protection for Domino Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect for Mail: Data Protection for Exchange Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect for Workstations Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect for z/OS USS Client and API Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect Plus Db2 Agent Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect Plus Exchange Agent Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect Plus File Systems Agent Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect Plus MongoDB Agent Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect Plus O365 Agent Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect Server Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect Snapshot for UNIX Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Spectrum Protect Snapshot for UNIX Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM SQL Query Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Gentran Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Order Management Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Pack for ACORD Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Pack for Financial Services Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Pack for FIX Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Pack for NACHA Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Pack for PeopleSoft Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Pack for SAP R/3 Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Pack for SEPA Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Pack for Siebel Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Pack for SWIFT Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Packs for EDI Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Packs for Healthcare Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Sterling Transformation Extender Trading Manager Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Storage TS1160 Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Storage TS2280 Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Storage TS2900 Library Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Storage TS3100-TS3200 Library Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Storage TS4500 Library Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Storage Virtualization Engine TS7700 Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Tape System Library Manager Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM TDMF for zOS Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Total Storage Service Console (TSSC) / TS4500 IMC Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Transit Gateway Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Tririga Anywhere Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM TS4300 Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Urbancode Deploy Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Virtual Private Cloud Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Virtual Server for Classic Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Virtualization Management Interface Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM VPN for VPC Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
IBM Workload Automation Not Affected An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog 12/15/2021
Intland codebeamer <= 20.11-SP11, <= 21.09-SP3 Affected Some releases [https://codebeamer.com/cb/wiki/19872365](Apache Log4j vulnerability and fixes) A fix has been released for https://codebeamer.com/cb/wiki/13134438 and https://codebeamer.com/cb/wiki/19418497, but not yet for https://codebeamer.com/cb/wiki/16937839
ISEC7 Sphere N/A Not Affected No 12/15/2021
Jenkins CI/CD Core Not Affected
Jenkins Plugins Unkown Need to audit plugins for use of log4j
Jetbrains Affected Yes https://www.jetbrains.com/help/license_server/release_notes.html
MathWorks All MathWorks general release desktop or server products Not Affected No MathWorks statement regarding CVE-2021-44228
Lenovo DSS-G Affected Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Administrator (LXCA) Affected Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Energy Manager (LXEM) Affected Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Integrator (LXCI) for VMware vCenter Affected Apache Log4j Vulnerability 2021-12-14
Lenovo NetApp ONTAP Tools for VMware vSphere Affected Apache Log4j Vulnerability See NetApp advisory. 2021-12-14
Lenovo ThinkAgile HX Affected Apache Log4j Vulnerability Nutanix and VMware components only; hardware not affected. See Nutanix and VMWare advisories. 2021-12-14
Lenovo ThinkAgile VX Affected Apache Log4j Vulnerability VMware components only; hardware not affected. See VMWare advisory. 2021-12-14
Lenovo XClarity Integrator (LXCI) for ServiceNow Under Investigation Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Integrator (LXCI) for Nagios Under Investigation Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Integrator (LXCI) for Microsoft Azure Log Analytics Under Investigation Apache Log4j Vulnerability 2021-12-14
Lenovo Storage Management utilities Under Investigation Apache Log4j Vulnerability 2021-12-14
Lenovo BIOS/UEFI Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Chassis Management Module 2 (CMM) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Commercial Vantage Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Confluent Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Embedded System Management Java-based KVM clients Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Fan Power Controller (FPC) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Fan Power Controller2 (FPC2) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Integrated Management Module II (IMM2) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo System Update Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Thin Installer Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Update Retriever Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Vantage Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Orchestrator (LXCO) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Mobile (LXCM) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Integrator (LXCI) for Windows Admin Center Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Integrator (LXCI) for Microsoft System Center Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Controller (XCC) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Essentials (LXCE) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo XClarity Provisioning Manager (LXPM) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade FOS Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo System Management Module (SMM) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo System Management Module 2 (SMM2) Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo ThinkSystem DE Series Storage Not Affected Apache Log4j Vulnerability See also NetApp advisory. 2021-12-14
Lenovo ThinkSystem DM Series Storage Not Affected Apache Log4j Vulnerability See also NetApp advisory. 2021-12-14
Lenovo ThinkSystem DS Series Storage Not Affected Apache Log4j Vulnerability 2021-12-14
Lenovo ThinkSystem Manager (TSM) Not Affected Apache Log4j Vulnerability 2021-12-14

| McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | | Not Affected | | | | | | | McAfee | Data Exchange Layer (DXL) | | Under Investigation | | | | | | | McAfee | Enterprise Security Manager (ESM) | | Under Investigation | | | | | | | McAfee | ePolicy Orchestrator Application Server (ePO) | | Under Investigation | | | | | | | McAfee | McAfee Active Response (MAR) | | Under Investigation | | | | | | | McAfee | Network Security Manager (NSM) | | Under Investigation | | | | | | | McAfee | Network Security Platform (NSP) | | Under Investigation | | | | | | | McAfee | Threat Intelligence Exchange (TIE) | | Under Investigation | | | | | | | Microsoft| Azure Data lake store java| < 2.3.10| Affected|| azure-data-lake-store-java/CHANGES.md at ed5d6304783286c3cfff0a1dee457a922e23ad48 · Azure/azure-data-lake-store-java · GitHub|||| | Microsoft| Azure DevOps|| Not Affected| | Azure DevOps (and Azure DevOps Server) and the log4j vulnerability|||| | Microsoft| Azure DevOps Server| 2019.0 - 2020.1| Affected| No | Azure DevOps (and Azure DevOps Server) and the log4j vulnerability|||| | Microsoft| Team Foundation Server| 2018.2+| Affected| No | Azure DevOps (and Azure DevOps Server) and the log4j vulnerability|||| | MongoDB | MongoDB Atlas Search | | Affected | yes | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | MongoDB Drivers | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | MongoDB | MongoDB Realm (including Realm Database, Sync, Functions, APIs) | | Not Affected | | https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb | | | | | Netapp | Multiple NetApp products | | Affected | | https://security.netapp.com/advisory/ntap-20211210-0007/ | | | | | Neo4j | Neo4j Graph Database| Version >4.2, <4..2.12 | Affected | No | | | | 12/13/2021| |New Relic|New Relic Java Agent|<7.4.2|Affected|Yes|Java agent v7.4.2|Initially fixed in 7.4.1, but additional vulnerability found|New Relic tracking, covers CVE-2021-44228, CVE-2021-45046|12/15/2021| | Okta | Okta RADIUS Server Agent | < 2.17.0 | Affected | | Okta RADIUS Server Agent CVE-2021-44228 Okta | | | 12/12/2021 | | Okta| Okta On-Prem MFA Agent| < 1.4.6 | Affected | | Okta On-Prem MFA Agent CVE-2021-44228 Okta| || 12/12/2021 | | Okta | Advanced Server Access | | Not Affected | | Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta Access Gateway | | Not Affected | | Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta AD Agent | | Not Affected | | Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta Browser Plugin | | Not Affected | | Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta IWA Web Agent | | Not Affected | | Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021| | Okta | Okta LDAP Agent | | Not Affected | | Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta Mobile | | Not Affected | | Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta Workflows | | Not Affected | | Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Okta | Okta Verify | | Not Affected | | Oktas response to CVE-2021-44228 (“Log4Shell”) Okta Security | | | 12/12/2021 | | Palo-Alto | Prisma Cloud Compute| | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | Prisma Cloud | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | PAN-OS | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | GlobalProtect App | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | Cortex XSOAR | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | Cortex XDR Agent | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Palo-Alto | CloudGenix | | Not Affected | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) | | | | | Plex | Plex Industrial IoT | | Fixed | | PN1579 - Log4Shell Vulnerability Notice | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. | | 12/15/2021 | | Palo-Alto | Panorama | 9.0, 9.1, 10.0 | Affected | Yes | Unit42 Palo-Alto Apache Log4j Vulnerability | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available | 12/15/2021 | | Pulse Secure | Pulse Secure Virtual Traffic Manager | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Secure Services Director | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Secure Web Application Firewall | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Connect Secure | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Ivanti Connect Secure (ICS) | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Policy Secure | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Desktop Client | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse Mobile Client | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse One | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Pulse ZTA | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Ivanti Neurons for ZTA | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Pulse Secure | Ivanti Neurons for secure Access | | Not Affected | | Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j) | | | | | Rapid7 | AlcidekArt, kAdvisor, and kAudit | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | AppSpider Pro | on-prem | Not Affected | |Rapid7 Statement | || 12/15/2021| | Rapid7 | AppSpider Enterprise | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | Insight Agent | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightAppSec Scan Engine| on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightAppSec Scan Engine| on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightCloudSec/DivvyCloud | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightConnect Orchestrator | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightIDR/InsightOps Collector & Event Sources| on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightIDR Network Sensor| on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightOps DataHub | InsightOps DataHub <= 2.0 | Affected | Yes | Rapid7 Statement | Upgrade DataHub to version 2.0.1 using the following instructions.|| 12/15/2021| | Rapid7 | InsightOps non-Java logging libraries | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightOps r7insight_java logging library | <=3.0.8 | Affected | Yes | Rapid7 Statement | Upgrade r7insight_java to 3.0.9 || 12/15/2021| | Rapid7 | InsightVM Kubernetes Monitor | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightVM/Nexpose | on-prem | Not Affected | | Rapid7 Statement | || 12/15/2021| | Rapid7 | InsightVM/Nexpose Console | on-prem | Not Affected | | Rapid7 Statement |Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell.|| 12/15/2021| | Rapid7 | InsightVM/Nexpose Engine | on-prem | Not Affected | | Rapid7 Statement |Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell.|| 12/15/2021| | Rapid7 | IntSights virtual appliance | on-prem | Not Affected | | Rapid7 Statement ||| 12/15/2021| | Rapid7 | Logentries DataHub | Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 | Affected | Yes | Rapid7 Statement | Linux: Install DataHub_1.2.0.822.deb using the following instructions. Windows: Run version 1.2.0.822 in a Docker container or as a Java command per these instructions. You can find more details here.|| 12/15/2021| | Rapid7 | Logentries le_java logging library | All versions: this is a deprecated component | Affected | Yes | Rapid7 Statement | Migrate to version 3.0.9 of r7insight_java || 12/15/2021| | Rapid7 | Metasploit Pro| on-prem | Not Affected | | Rapid7 Statement |Metasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j.|| 12/15/2021| | Rapid7 | Metasploit Framework| on-prem | Not Affected | | Rapid7 Statement ||| 12/15/2021| | Rapid7 | tCell Java Agent| on-prem | Not Affected | | Rapid7 Statement ||| 12/15/2021| | Rapid7 | Velociraptor| on-prem | Not Affected | | Rapid7 Statement ||| 12/15/2021| | Red Hat build of Quarkus | log4j-core low | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat CodeReady Studio 12 | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Data Grid 8 | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Descision Manager 7 | log4j-core low | | Affected | No| CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Enterprise Linux 6 | log4j | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Enterprise Linux 7 | log4j | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Enterprise Linux 8 | parfait:0.5/log4j12 | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Integration Camel K | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Integration Camel Quarkus | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat JBoss A-MQ Streaming | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat JBoss Enterprise Application Platform 7 | log4j-core low | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat JBoss Enterprise Application Platform Expansion Pack | log4j-core low | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat JBoss Fuse 7 | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Application Runtimes | log4j-core | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-presto | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hive | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch6 | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenShift Logging | logging-elasticsearch6-container | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat OpenStack Platform 13 (Queens) | opendaylight | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Process Automation 7 | log4j-core low | | Affected | No | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Single Sign-On 7 | log4j-core | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Software Collections | rh-maven36-log4j12 | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Software Collections | rh-maven35-log4j12 | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Red Hat Software Collections | rh-java-common-log4j | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Redhat | log4j-core | | Not Affected | | CVE-2021-44228- Red Hat Customer Portal | | | | | Rockwell Automation | Warehouse Management | 4.01.00, 4.02.00, 4.02.01, 4.02.02| Affected | Under development | PN1579 - Log4Shell Vulnerability Notice | | | 12/15/2021 | | Rockwell Automation | MES EIG | 3.03.00 | Affected | No, product discontinued | PN1579 - Log4Shell Vulnerability Notice | Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions. | | 12/15/2021 | | Rockwell Automation | Industrial Data Center | Gen 1, Gen 2, Gen 3, Gen 3.5 | Fixed | Follow the mitigation instructions outlined by VMware in VMSA-2021-0028 | PN1579 - Log4Shell Vulnerability Notice | | | 12/15/2021 | | Rockwell Automation | VersaVirtual | Series A | Fixed | Follow the mitigation instructions outlined by VMware in VMSA-2021-0028 | PN1579 - Log4Shell Vulnerability Notice | | | 12/15/2021 | | Rockwell Automation | FactoryTalk Analytics DataFlowML | 4.00.00 | Affected | Under development | PN1579 - Log4Shell Vulnerability Notice | | | 12/15/2021 | | Rockwell Automation | FactoryTalk Analytics DataView | 3.03.00 | Affected | Under development | PN1579 - Log4Shell Vulnerability Notice | | | 12/15/2021 | | RSA | SecurID Authentication Manager | | Not Affected | | | | | | | RSA | SecurID Authentication Manager Prime | | Not Affected | | | | | | | RSA | SecurID Authentication Manager WebTier | | Not Affected | | | | | | | RSA | SecurID Identity Router | | Not Affected | | | | | | | RSA | SecurID Governance and Lifecycle | | Not Affected | | | | | | | RSA | SecurID Governance and Lifecycle Cloud | | Not Affected | | | | | | | Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | Affected | | Ruckus Wireless (support.ruckuswireless.com) | | | 12/13/2021 | | Salesforce | Sales Cloud || Affected | | Salesforce Statement|"Sales Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | Service Cloud || Affected | | Salesforce Statement| "Service Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | Community Cloud ||Affected|| Salesforce Statement|"Community Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | B2C Commerce Cloud ||Affected||Salesforce Statement|"B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | Analytics Cloud ||Affected||Salesforce Statement|"Analytics Cloud is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps."||12/15/2021| | Salesforce | Force.com ||Affected||Salesforce Statement|"Force.com is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | Social Studio ||Affected||Salesforce Statement|"Social Studio is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | Datorama ||Affected||Salesforce Statement|"Datorama is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | Pardot ||Affected||Salesforce Statement|"Pardot is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | Data.com ||Affected||Salesforce Statement|"Data.com is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | Heroku ||Not Affected||Salesforce Statement|"Heroku is reported to not be affected by CVE-2021-44228; no further action is necessary at this time."||12/15/2021| | Salesforce | Marketing Cloud ||Affected||Salesforce Statement|"Marketing Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | MuleSoft (Cloud) ||Affected||Salesforce Statement|"MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | MuleSoft (On-Premise) ||Unknown||Salesforce Statement|"Please contact Customer Support."||12/15/2021| | Salesforce | ClickSoftware (As-a-Service) ||Affected||Salesforce Statement |"ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | ClickSoftware (On-Premise) ||Unknown||Salesforce Statement |"Please contact Customer Support."||12/15/2021| | Salesforce | Tableau (Online) | | Affected| | Salesforce Statement |"Tableau (Online) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | Tableau (On-Premise) | | Unknown | | Salesforce Statement|"Please contact Customer Support." ||12/15/2021| | Salesforce | Slack | | Affected | | Salesforce Statement|"Slack is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021| | Salesforce | Evergage (Interaction Studio) | | Affected | |Salesforce Statement|"Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps."||12/15/2021| | Siemens | Capital | All Versions >- 2019.1 SP1912 | Affected | Yes | Siemens Advisory Link | Only affected if Teamcenter integration feature is used. Mitigation: Mitigation Link | | 12/15/2021 | | Siemens | Comos Desktop App | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Desigo CC Advanced Reporting | V4.0, 4.1, 4.2, 5.0, 5.1 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Desigo CC Info Center | V5.0, 5.1 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | E-Car OC Cloud Application | All Versions < 2021-12-13 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | EnergyIP Prepay | V3.7. V3.8 | Affected | Yes | Siemens Advisory Link | | | 12/15 2021 | | Siemens | GMA-Manager | All Version > V8.6.2j-398 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021| | Siemens | HES UDIS | All Versions | Affected | Yes | Siemens Advisory Link ||| 12/15/2021 | | Siemens | Industrial Edge Management App | All Versions | Affected | Yes | Siemens Advisory Link| | | 12/15/2021 | | Siemens | Industrial Edge Management OS | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Industrial Edge Management Hub | All versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | LOGO! Soft Comfort | All versions | Affected | Yes | Siemens Advisory Link | | |12/15/2021 | | Siemens | Mendix Applications | All Versions | Not Affected | Yes | Siemens Advisory Link| | | 12/15/2021 | | Siemens | Mindsphere Cloud Application | All Versions < 2021-12-11 | Affected | Yes | Siemens Advisory Link| Fixed on Cloud Version | |12/15/2021 |' | Siemens | NX | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Opcenter Intelligence | All Versions >=3.2 | Affected | Yes |Siemens Advisory Link | Only OEM version that ships Tableau | | 12/15/2021 | | Siemens | Operation Scheduler | All versions >= V1.1.3 | Affected | Yes | Siemens Advisory Link |Block incoming and outgoing connections | | 12/15/2021 | | Siemens | SIGUARD DSA | V4.2, 4.3, 4.4 | Affected | Yes | Siemens Advisory Link | | |12/15/2021 | | Siemens | SIMATIC WinCC | All Versions <V7.4 SP1 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | SiPass integrated V2.80 | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | SiPass integrated V2.85 | All Versions | Affected | Yes | Siemens Advisory Link| | | 12/15/2021 | | Siemens | Siveillance Command | All Versions >=4.16.2.1 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Siveillance Control Pro | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Siveillance Identity V1.5 | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Siveillance Identity V1.6 | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Siveillance Vantage | All Versions | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | Siemens | Solid Edge Wiring Harness Design | All Versions >= 2020 | Affected | Yes | Siemens Advisory Link |only if Teamcenter integration feature is used | | 12/15/2021 | | Siemens | Spectrum Power 4 | All versions | Affected | Yes | Siemens Advisory Link|only with component jROS in version 3.0.0|| 12/15/2021| | Siemens | Spectrum Power 7 | All Versions < V2.30 SP2 | Affected | Yes | Siemens Advisory Link| only with component jROS | | 12/15/2021 | |Siemens | Teamcenter Suite | All Versions | Affected | Yes| Siemens Advisory Link| ||12/15/2021| | Siemens | VeSys | All Versions >=2019.1 SP1912 |Affected | Yes |Siemens Advisory Link | only if Teamcenter integration feature is used| |12/15/2021 | | Siemens | Xpedition EDM Server | VX.2.6-VX.2.10 | Affected | Yes | Siemens Advisory Link | | |12/15/2021 | | Siemens | Xpedition EDM Client | VX.2.6-VX.2.10 | Affected | Yes | Siemens Advisory Link | | | 12/15/2021 | | SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | Affected | No | Apache Log4j Critical Vulnerability (CVE-2021-44228) Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228) | Workarounds available, hotfix under development | | 12/14/2021 | | SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | Affected | No | Apache Log4j Critical Vulnerability (CVE-2021-44228) Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228) | Workarounds available, hotfix under development | | 12/14/2021 | | SonicWall | Gen5 Firewalls (EOS) | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the appliance. | | 12/12/2021 | | SonicWall | Gen6 Firewalls | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the appliance. | | 12/12/2021 | | SonicWall | Gen7 Firewalls | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the appliance. | | 12/12/2021 | | SonicWall | SonicWall Switch | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the SonicWall Switch. | | 12/12/2021 | | SonicWall | SMA 100 | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the SMA100 appliance. | | 12/12/2021 | | SonicWall | SMA 1000 | | Not Affected | | Security Advisory (sonicwall.com) | Version 12.1.0 and 12.4.1 doesn't use a vulnerable version | | 12/12/2021 | | SonicWall | Email Security | | Not Affected | | [Security Advisory (sonicwall.com)] | Version 10.x doesn't use a vulnerable version | | 12/12/2021 | | SonicWall | MSW | | Not Affected | | Security Advisory (sonicwall.com) | Mysonicwall service doesn't use Log4j | | 12/12/2021 | | SonicWall | NSM | | Not Affected | | Security Advisory (sonicwall.com) | NSM On-Prem and SaaS doesn't use a vulnerable version | | 12/12/2021 | | SonicWall | Capture Client & Capture Client Portal | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the Capture Client.| | 12/12/2021 | | SonicWall | Access Points| | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the SonicWall Access Points | | 12/12/2021 | | SonicWall | WNM | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the WNM. | | 12/12/2021 | | SonicWall | Capture Security Appliance | | Not Affected | | Security Advisory (sonicwall.com) | Log4j2 not used in the Capture Security appliance. | | 12/12/2021 | | SonicWall | WXA | | Not Affected | | Security Advisory (sonicwall.com) | WXA doesn't use a vulnerable version | | 12/12/2021 | | SonicWall | SonicCore | | Not Affected | | Security Advisory (sonicwall.com) | SonicCore doesn't use a Log4j2 | | 12/12/2021 | | SonicWall | Analyzer | | Under Investigation | | Security Advisory (sonicwall.com) | Under Review | | 12/12/2021 | | SonicWall | Analytics | | Under Investigation | | Security Advisory (sonicwall.com) | Under Review | | 12/12/2021 | | SonicWall | GMS | | Under Investigation | | Security Advisory (sonicwall.com) | Under Review | | 12/12/2021 | | SonicWall | CAS | | Under Investigation | | Security Advisory (sonicwall.com) | Under Review | | 12/12/2021 | | SonicWall | WAF | | Under Investigation | | Security Advisory (sonicwall.com) | Under Review | | 12/12/2021 | | Sophos | Sophos Mobile EAS Proxy | < 9.7.2 | Affected | No | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers will need to download and install version 9.7.2, available from Monday December 13, 2021, on the same machine where it is currently running. PowerShell mode is not affected. Customers can download the Standalone EAS Proxy Installer version 9.7.2 from the Sophos website. | | 12/12/2021 | | Sophos | Cloud Optix | | Fixed | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Users may have noticed a brief outage around 12:30 GMT as updates were deployed. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted. | | 12/12/2021 | | Sophos | Sophos Firewall (all versions) | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Firewall does not use Log4j. | | 12/12/2021 | | Sophos | SG UTM (all versions) | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos SG UTM does not use Log4j. | | 12/12/2021 | | Sophos | SG UTM Manager (SUM) (all versions) | All versions | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | SUM does not use Log4j. | | 12/12/2021 | | Sophos | Sophos ZTNA | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos ZTNA does not use Log4j. | | 12/12/2021 | | Sophos | Sophos Home | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Home does not use Log4j. | | 12/12/2021 | | Sophos | Sophos Central | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Central does not run an exploitable configuration. | | 12/12/2021 | | Sophos | Sophos Mobile | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable configuration. | | 12/12/2021 | | Sophos | Reflexion | | Not Affected | | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos | Reflexion does not run an exploitable configuration. | | 12/12/2021 | | Splunk | Data Stream Processor | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | IT Service Intelligence (ITSI) | 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Enterprise | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Enterprise Amazon Machine Image (AMI) | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Enterprise Docker Container | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Stream Processor Service | non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used | Affected | No | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Cloud Developer Edition | | Under Investigation | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Connect for SNMP | | Under Investigation | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk DB Connect | | Under Investigation | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Forwarders (UF/HWF) | | Under Investigation | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Splunk | Splunk Mint | | Under Investigation | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk | | | 12/12/2021 | | Spring | Spring Boot | | Unkown | | https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | | | | Tech Software | OneAegis (f/k/a IRBManager) | All versions | Not Affected | | Log4j CVE-2021-44228 Vulnerability Impact Statement | OneAegis does not use Log4j. | | 12/15/2021 | | Tech Software | SMART | All versions | Not Affected | | Log4j CVE-2021-44228 Vulnerability Impact Statement | SMART does not use Log4j. | | 12/15/2021 | | Tech Software | Study Binders | All versions | Not Affected | | Log4j CVE-2021-44228 Vulnerability Impact Statement | Study Binders does not use Log4j. | | 12/15/2021 | |TPLink|Omega Controller|Linux/Windows all|Affected|Yes|Statement on Apache Log4j Vulnerability|Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16|Tp Community Link, Reddit Link|12/15/2021| | TrendMicro | All | | Under Investigation | | https://success.trendmicro.com/solution/000289940 | | | | | Ubiquiti | UniFi Network Application | 6.5.53 & lower versions | Affected | Yes | UniFi Network Application 6.5.54 Ubiquiti Community | | | | | Ubiquiti | UniFi Network Controller | 6.5.54 & lower versions | Affected | Yes | UniFi Network Application 6.5.55 Ubiquiti Community | | 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 | 12/15/2021 | | VMware | VMware vCenter Server | 8.x, 7.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vCenter Server | 7.x, 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vCenter Server | 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Horizon | N/A | Affected | Yes | VMSA-2021-0028 | | | 12/14/2021 | | VMware | VMware HCX | 4.x, 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware NSX-T Data Centern | 3.x, 2.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Unified Access Gateway | 21.x, 20.x, 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Workspace ONE Access | 21.x, 20.10.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Identity Manager | 3.3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Operations | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Operations Cloud Proxy | Any | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Log Insight | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Automation | 8.x, 7.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Lifecycle Manager | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Telco Cloud Automation | 2.x, 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Carbon Black Cloud Workload Appliance | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Carbon Black EDR Server | 7.x, 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Site Recovery Manager | 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware| VMware Tanzu GemFire | 9.x, 8.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Tanzu Greenplum | 6.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Tanzu Operations Manager | 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware| VMware Tanzu Application Service for VMs | 2.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware| VMware Tanzu Kubernetes Grid Integrated Edition | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Tanzu Observability by Wavefront Nozzle | 3.x, 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | Healthwatch for Tanzu Application Service | 2.x, 1.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | Spring Cloud Services for VMware Tanzu | 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | Spring Cloud Gateway for VMware Tanzu | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | Spring Cloud Gateway for Kubernetes | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | || 12/12/2021 | | VMware | API Portal for VMware Tanzu | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | Single Sign-On for VMware Tanzu Application Service | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | App Metrics | 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vCenter Cloud Gateway | 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Tanzu SQL with MySQL for VMs | 2.x, 1.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware vRealize Orchestrator | 8.x, 7.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Cloud Foundation | 4.x, 3.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Horizon DaaS | 9.1.x, 9.0.x | Affected | No | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | | VMware | VMware Horizon Cloud Connector | 1.x, 2.x | Affected | Yes | VMSA-2021-0028.1 (vmware.com) | | | 12/12/2021 | |Zendesk|All Products|All Versions|Affected |No|2021-12-13 Security Advisory - Apache Log4j (CVE-2021-44228)|Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems.||12/13/2021| |Zscaler|Multiple Products||Not Affected|No|CVE-2021-44228 log4j Vulnerability|||