GitHub - cisagov/log4j-affected-db
source link: https://github.com/cisagov/log4j-affected-db
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
CISA Log4j (CVE-2021-44228) Vulnerability Guidance
This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
Official CISA Guidance & Resources
CISA Current Activity Alerts
National Vulnerability Database (NVD) Information: CVE-2021-44228
CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open an issue here. We have a template available for your submission. Please also feel free to submit a pull request.
Mitigation Guidance
CISA urges organizations operating products marked as "Fixed" to immediately implement listed patches/mitigations here.
CISA urges organizations operating products marked as "Not Fixed" to immediately implement alternate controls, including:
- Install a WAF with rules that automatically update.
- Set
log4j2.formatMsgNoLookupsto true by adding-Dlog4j2.formatMsgNoLookups=Trueto the Java Virtual Machine command for starting your application. - Ensure that any alerts from a vulnerable device are immediately actioned.
- Report incidents promptly to CISA and/or the FBI here.
Status Descriptions
Status Description
Unknown Status unknown. Default choice.
Affected Reported to be affected by CVE-2021-44228.
Not Affected Reported to NOT be affected by CVE-2021-44228 and no further action necessary.
Fixed Patch and/or mitigations available (see provided links).
Under Investigation Vendor investigating status.
Software List
This list was initially populated using information from the following sources:
- Kevin Beaumont
Vendor Product Version(s) Status Update available Vendor link Notes Other References Last Updated
3M Health Information Systems CGS
Affected Unknown CGS: Log4j Software Update(login required) This advisory is available to customers only and has not been reviewed by CISA.
12/15/2021
Akamai SIEM Splunk Connector All Affected
GitHub - akamai/siem-splunk-connector: Akamai SIEM Connector for Splunk
Amazon OpenSearch Unknown Affected Yes (R20211203-P2) Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Amazon AWS Lambda Unknown Affected Yes Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Amazon AWS CloudHSM < 3.4.1. Affected
Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Amazon EC2 Amazon Linux 1 & 2 Unknown
Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)
Apache Druid < druid 0.22.0 Affected Yes Release druid-0.22.1 · apache/druid · GitHub
12/12/2021
Apache Flink < flink 1.15.0, 1.14.1, 1.13.3 Affected No Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228)
12/12/2021
Apache Log4j < 2.15.0 Affected Yes Log4j – Apache Log4j Security Vulnerabilities
Apache Kafka Unknown Affected No Log4j – Apache Log4j Security Vulnerabilities Only vulnerable in certain configuration(s)
Apache SOLR 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 Affected Yes Log4j – Apache Log4j Security Vulnerabilities
Apereo CAS 6.3.x & 6.4.x Affected Yes CAS Log4J Vulnerability Disclosure – Apereo Community Blog
Apereo Opencast < 9.10, < 10.6 Affected Yes Apache Log4j Remote Code Execution · Advisory · opencast/opencast · GitHub
Application Performance Ltd DBMarlin Not Affected
Common Vulnerabilities Apache log4j Vulnerability CVE-2021-4428
12/15/2021
Aptible Aptible ElasticSearch 5.x Affected Yes Aptible Status - Log4j security incident CVE-2021-27135
Atlassian Jira Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender,
Atlassian Confluence Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender,
Atlassian Bamboo Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible
Atlassian Crowd Server & Data Center All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible
Atlassian Fisheye All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible
Atlassian Crucible All Affected Yes FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation
Avaya Avaya Analytics 3.5, 3.6, 3.6.1, 3.7, 4 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Device Services 8, 8.1, 8.1.4, 8.1.5 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura for OneCloud Private
Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes.
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Application Enablement Services 8.1.3.2, 8.1.3.3, 10.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
PSN020551u Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Contact Center 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Device Services 8.0.1, 8.0.2, 8.1.3 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Media Server 8.0.0, 8.0.1, 8.0.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
PSN020549u Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Presence Services 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Session Manager 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
PSN020550u Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® System Manager 10.1, 8.1.3 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
PSN005565u Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Aura® Web Gateway 3.11[P], 3.8.1[P], 3.8[P], 3.9.1 [P], 3.9[P] Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Breeze™ 3.7, 3.8, 3.8.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Contact Center Select 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya CRM Connector - Connected Desktop 2.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Meetings 9.1.10, 9.1.11, 9.1.12 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya OneCloud-Private 2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Session Border Controller for Enterprise 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 Affected Yes Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
PSN020554u Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Social Media Hub
Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Workforce Engagement 5.3 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Business Rules Engine 3.4, 3.5, 3.6, 3.7 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Callback Assist 5, 5.0.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Control Manager 9.0.2, 9.0.2.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Device Enrollment Service 3.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Equinox™ Conferencing 9.1.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Interaction Center 7.3.9 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya IP Office™ Platform 11.0.4, 11.1, 11.1.1, 11.1.2 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Proactive Outreach Manager 3.1.2, 3.1.3, 4, 4.0.1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya Device Enablement Service 3.1.22 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Avaya Avaya one cloud private -UCaaS - Mid Market Aura 1 Affected No Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security
Tuesday, December 14, 2021 - 8:30pm ET
Appeon PowerBuilder Appeon PowerBuilder 2017-2021 regardless of product edition Affected No
12/15/2021
BMC BMC Helix ITSM
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Discovery
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Remedyforce
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Digital Workplace
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Business Workflows
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Client Management
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix CMDB
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Knowledge Management
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Operations Management with AIOps
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Platform
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Remediate
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Virtual Agent
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Remedy ITSM (IT Service Management)
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Footprints
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Track-It!
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC SmartIT
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Control-M
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Control-M
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Cloud Lifecycle Management
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Automation for Networks
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Automation for Servers
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Orchestration
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC Bladelogic Database Automation
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC AMI Ops
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Automation Console
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Cloud Cost
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Cloud Security
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Continuous Optimization
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix platform
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Helix Remediate
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Capacity Optimization
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Infrastructure Management
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC TrueSight Operations Management
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC AMI Products
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC MainView Middleware Administrator
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC MainView Middleware Monitor
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
BMC BMC Compuware
Under Investigation
BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community
Broadcom CA Advanced Authentication 9.1 Affected
Broadcom CA Risk Authentication
Affected
Broadcom CA Strong Authentication
Affected
Broadcom Symantec Endpoint Protection Manager (SEPM) 14.3 Affected No Broadcom Support Portal
Broadcom CloudSOC Cloud Access Security Broker (CASB)
Not Affected
Broadcom Symantec Control Compliance Suite (CCS)
Not Affected
Broadcom Data Center Security (DCS)
Not Affected
Broadcom Data Loss Prevention (DLP)
Not Affected
Broadcom Ghost Solution Suite (GSS)
Not Affected
Broadcom IT Management Suite
Not Affected
Broadcom Layer7 API Gateway
Not Affected
Broadcom Layer7 Mobile API Gateway
Not Affected
Broadcom ProxySG
Not Affected
Broadcom Security Analytics (SA)
Not Affected
Broadcom Symantec Directory
Not Affected
Broadcom Symantec Identity Governance and Administration (IGA)
Not Affected
Broadcom Symantec PGP Solutions
Not Affected
Broadcom VIP
Not Affected
Broadcom Advanced Secure Gateway (ASG)
Under Investigation
Broadcom BCAAA
Under Investigation
Broadcom Content Analysis (CA)
Under Investigation
Broadcom Cloud Workload Protection (CWP)
Under Investigation
Broadcom Cloud Workload Protection for Storage (CWP:S)
Under Investigation
Broadcom Critical System Protection (CSP)
Under Investigation
Broadcom Email Security Service (ESS)
Under Investigation
Broadcom HSM Agent
Under Investigation
Broadcom Industrial Control System Protection (ICSP)
Under Investigation
Broadcom Integrated Cyber Defense Manager (ICDm)
Under Investigation
Broadcom Integrated Secure Gateway (ISG)
Under Investigation
Broadcom Layer7 API Developer Portal
Under Investigation
Broadcom Management Center (MC)
Under Investigation
Broadcom PacketShaper (PS) S-Series
Under Investigation
Broadcom PolicyCenter (PC) S-Series
Under Investigation
Broadcom Privileged Access Manager
Under Investigation
Broadcom Privileged Access Manager Server Control
Under Investigation
Broadcom Privileged Identity Manager
Under Investigation
Broadcom Reporter
Under Investigation
Broadcom Secure Access Cloud (SAC)
Under Investigation
Broadcom SiteMinder (CA Single Sign-On)
Under Investigation
Broadcom SSL Visibility (SSLV)
Under Investigation
Broadcom Symantec Endpoint Detection and Response (EDR)
Under Investigation
Broadcom Symantec Endpoint Encryption (SEE)
Under Investigation
Broadcom Symantec Endpoint Protection (SEP)
Under Investigation
Broadcom Symantec Endpoint Protection (SEP) for Mobile
Under Investigation
Broadcom Symantec Mail Security for Microsoft Exchange (SMSMSE)
Under Investigation
Broadcom Symantec Messaging Gateway (SMG)
Under Investigation
Broadcom Symantec Protection Engine (SPE)
Under Investigation
Broadcom Symantec Protection for SharePoint Servers (SPSS)
Under Investigation
Broadcom VIP Authentication Hub
Under Investigation
Broadcom Web Isolation (WI)
Under Investigation
Broadcom Web Security Service (WSS)
Under Investigation
Broadcom WebPulse
Under Investigation
Check Point Quantum Security Gateway
Not Affected
Check Point Quantum Security Management
Not Affected
Uses the 1.8.0_u241 version of the JRE that protects against this attack by default.
Check Point CloudGuard
Not Affected
Check Point Infinity Portal
Not Affected
Check Point Harmony Endpoint & Harmony Mobile
Not Affected
Check Point SMB
Not Affected
Check Point ThreatCloud
Not Affected
Cisco Cisco Webex Meetings Server
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Advanced Web Security Reporting Application
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco CloudCenter Suite Admin
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Crosswork Change Automation
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Evolved Programmable Network Manager
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Integrated Management Controller (IMC) Supervisor
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Intersight Virtual Appliance
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Services Orchestrator (NSO)
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco WAN Automation Engine (WAE)
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco UCS Director
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Computer Telephony Integration Object Server (CTIOS)
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Packaged Contact Center Enterprise
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Contact Center Enterprise - Live Data server
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Contact Center Enterprise
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Intelligent Contact Management Enterprise
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified SIP Proxy Software
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Video Surveillance Operations Manager
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Kinetic for Cities
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Umbrella
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Communications Manager Cloud
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Webex Cloud-Connected UC (CCUC)
Affected No Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Duo
Not Affected Yes Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SocialMiner
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco AnyConnect Secure Mobility Client
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Webex Teams
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Extensible Network Controller (XNC)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus Data Broker
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus Insights
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Wide Area Application Services (WAAS)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco AMP Virtual Private Cloud Appliance
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Adaptive Security Appliance (ASA) Software
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Firepower Management Center
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Firepower Threat Defense (FTD)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Identity Services Engine (ISE)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Registered Envelope Service
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Web Security Appliance (WSA)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco ACI Multi-Site Orchestrator
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Application Policy Infrastructure Controller (APIC)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco CloudCenter Workload Manager
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Connected Grid Device Manager
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Connected Mobile Experiences
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco DNA Assurance
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Data Center Network Manager (DCNM)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Elastic Services Controller (ESC)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IoT Operations Dashboard
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Modeling Labs
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Planner
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus Dashboard (formerly Cisco Application Services Engine)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Optical Network Planner
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Policy Suite
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Central for Service Providers
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Collaboration Manager
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Collaboration Provisioning
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Infrastructure
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime License Manager
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Network
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Optical for Service Providers
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Provisioning
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Prime Service Catalog
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco UCS Performance Manager
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco ACI Virtual Edge
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco ASR 5000 Series Routers
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Catalyst 9800 Series Wireless Controllers
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco DNA Center
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Enterprise NFV Infrastructure Software (NFVIS)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco GGSN Gateway GPRS Support Node
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IOS and IOS XE Software
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IOx Fog Director
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco IP Services Gateway (IPSG)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco MDS 9000 Series Multilayer Switches
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco MME Mobility Management Entity
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Assurance Engine
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Convergence System 2000 Series
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 5500 Platform Switches
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 5600 Platform Switches
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 6000 Series Switches
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 7000 Series Switches
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco PDSN/HA Packet Data Serving Node and Home Agent
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cis co Products: December 2021
Cisco Cisco PGW Packet Data Network Gateway
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge 1000 Series Routers
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge 2000 Series Routers
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge 5000 Series Routers
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vEdge Cloud Router Platform
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco SD-WAN vManage
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Secure Network Analytics (SNA), formerly Stealthwatch
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco System Architecture Evolution Gateway (SAEGW)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco HyperFlex System
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco BroadWorks
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Broadcloud Calling
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Contact Center Domain Manager (CCDM)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Contact Center Management Portal (CCMP)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Emergency Responder
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Enterprise Chat and Email
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Finesse
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Paging Server (InformaCast)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Paging Server
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Advanced
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Business Edition
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Department Edition
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Enterprise Edition
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Attendant Console Premium Edition
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Unified Contact Center Express
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Virtualized Voice Browser
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Exony Virtualized Interaction Manager (VIM)
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Meeting Server
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco TelePresence Management Suite
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Vision Dynamic Signage Director
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco CX Cloud Agent Software
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Cognitive Intelligence
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Common Services Platform Collector
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Connectivity
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco DNA Spaces
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Defense Orchestrator
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Intersight
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Cisco Network Assessment (CNA) Tool
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco Managed Services Accelerator (MSX) Network Access Control Service
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco AppDynamics
Under Investigation
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
Cisco duo network gateway (on-prem/self-hosted)
Under Investigation
Citrix Citrix ADC
Under Investigation
https://support.citrix.com/article/CTX335705
Citrix Citrix Endpoint Management
Under Investigation
https://support.citrix.com/article/CTX335705
Citrix Citrix Gateway
Under Investigation
https://support.citrix.com/article/CTX335705
Citrix Citrix SD-WAN
Under Investigation
https://support.citrix.com/article/CTX335705
Citrix Citrix Virtual Apps and Desktops
Under Investigation
https://support.citrix.com/article/CTX335705
Cloudera CDH, HDP, and HDF Only version 6.x Affected
Cloudera Cloudera Enterprise Only version 6.x Affected
Cloudera Cloudera Data Science Workbench (CDSW) Only versions 2.x, 3.x Affected
Cloudera Hortonworks Data Platform (HDP) Only versions 7.1.x, 2.7.x, 2.6.x Affected
Cloudera Ambari Only versions 2.x, 1.x Affected
Cloudera Cloudera Cybersecurity Platform All versions Affected
Cloudera Data Steward Studio (DSS) All versions Affected
Cloudera Arcadia Enterprise Only version 7.1.x Affected
Cloudera CDP Private Cloud Base Only version 7.x Affected
Cloudera Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) All versions Affected
Cloudera Cloudera Data Warehouse (CDW) All versions Affected
Cloudera Cloudera Machine Learning (CML) All versions Affected
Cloudera Cloudera Data Engineering (CDE) All versions Affected
Cloudera Management Console All versions Affected
Cloudera Workload XM All versions Affected
Cloudera Cloudera Flow Management (CFM) All versions Affected
Cloudera Cloudera Edge Management (CEM) All versions Affected
Cloudera Cloudera Stream Processing (CSP) All versions Affected
Cloudera CDS 3 Powered by Apache Spark All versions Affected
Cloudera CDS 3.2 for GPUs All versions Affected
Cloudera Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) Only versions 7.0.x, 7.1.x, 7.2.x Affected
Cloudera Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) Only versions 7.0.x, 7.1.x, 7.2.x Affected
Cloudera Cloudera Data Warehouse (CDW)
Affected
Cloudera Cloudera Machine Learning (CML)
Affected
Cloudera Cloudera Data Engineering (CDE)
Affected
Cloudera Cloudera Data Flow (CFM)
Affected
Cloudera Cloudera Streaming Analytics (CSA)
Affected
Cloudera Cloudera Data Visualization (CDV)
Affected
Cloudera Cloudera DataFlow (CDF)
Affected
Cloudera Replication Manager
Affected
Cloudera Cloudera Manager (Including Backup Disaster Recovery (BDR))
Not Affected
Cloudera AM2CM Tool
Not Affected
Cloudera Hortonworks Data Flow (HDF)
Not Affected
Cloudera Hortonworks DataPlane Platform
Not Affected
Cloudera Data Lifecycle Manager (DLM)
Not Affected
Cloudera Cloudera Streaming Analytics (CSA)
Not Affected
Cloudera Management Console for CDP Public Cloud
Not Affected
Cloudera CDP Operational Database (COD)
Not Affected
Cloudera Data Catalog
Not Affected
Cloudera Workload Manager
Not Affected
Cloudera Workload XM (SaaS)
Not Affected
Cloudera SmartSense
Under Investigation
Cloudera Data Analytics Studio (DAS)
Under Investigation
Cloudogu Ecosystem All Affected Yes Cloudogu Community
Cloudogu SCM-Manager
Not Affected
CyberArk Privileged Threat Analytics (PTA) N/A Affected Yes CyberArk Customer Force
This advisory is available to customers only and has not been reviewed by CISA. 12/14/2021
Devolutions All products
Not Affected
https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/
DrayTek Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform
Not Affected
12/15/2021
Dynatrace Managed cluster nodes
Affected
Dynatrace Synthetic Activegates
Affected
Elastic Elasticsearch 5,6,8 Affected Yes Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31
12/15/2021
Elastic Elastic Cloud
Under Investigation
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Cloud Enterprise
Under Investigation
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic APM Java Agent
Under Investigation
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Cloud Enterprise
Under Investigation
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Cloud on Kubernetes
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Logstash <6.8.21,<7.16.1 Affected Yes Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Swiftype
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic APM Server
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Beats
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Cmd
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Agent
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Endgame
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Elastic Maps Service
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Endpoint Security
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Enterprise Search
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Fleet Server
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Kibana
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
Elastic Machine Learning
Not Affected
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 12/15/2021
ExtraHop Reveal(x) <=8.4.6, <=8.5.3, <=8.6.4 Affected Yes ExtraHop Statement Contains vulnerable code but not likely to get unauthenticated user input to the log4j component.
12/14/2021
FedEx Ship Manager Software Unknown Affected/Under Investigation
FedEx Statement Note: FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.
12/15/2021
F-Secure Endpoint Proxy 13-15 Affected Yes F-Secure services Status - 0-day exploit found in the Java logging package log4j2
F-Secure Policy Manager 13-15 Affected Yes F-Secure services Status - 0-day exploit found in the Java logging package log4j2
F-Secure Policy Manager Proxy 13-15 Affected Yes F-Secure services Status - 0-day exploit found in the Java logging package log4j2
F-Secure Elements Connector
F-Secure Messaging Security Gateway
Fiix Fiix CMMS Core v5 Fixed
PN1579 - Log4Shell Vulnerability Notice The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required.
12/15/2021
Forcepoint DLP Manager
Affected
Forcepoint Security Manager (Web, Email and DLP)
Affected
Forcepoint Forcepoint Cloud Security Gateway (CSG)
Not Affected
Forcepoint Next Generation Firewall (NGFW)
Not Affected
Forcepoint Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder
Not Affected
Forcepoint One Endpoint
Not Affected
ForgeRock Autonomous Identity
Affected
Security Advisories - Knowledge - BackStage (forgerock.com) all other ForgeRock products Not vulnerable
Fortinet FortiAIOps
Affected
Fortinet FortiCASB
Affected
Fortinet FortiConvertor
Affected
Fortinet FortiEDR Cloud
Affected
Fortinet FortiNAC
Affected
Fortinet FortiNAC
Affected
Fortinet FortiPolicy
Affected
Fortinet FortiPortal
Affected
Fortinet FortiSIEM
Affected
Fortinet FortiSOAR
Affected
Fortinet ShieldX
Affected
Fortinet FortiAnalyzer Cloud
Not Affected
Fortinet FortiAnalyzer
Not Affected
Fortinet FortiAP
Not Affected
Fortinet FortiAuthenticator
Not Affected
Fortinet FortiDeceptor
Not Affected
Fortinet FortiEDR Agent
Not Affected
Fortinet FortiGate Cloud
Not Affected
Fortinet FortiGSLB Cloud
Not Affected
Fortinet FortiMail
Not Affected
Fortinet FortiManager Cloud
Not Affected
Fortinet FortiManager
Not Affected
Fortinet FortiOS (includes FortiGate & FortiWiFi)
Not Affected
Fortinet FortiPhish Cloud
Not Affected
Fortinet FortiRecorder
Not Affected
Fortinet FortiSwicth Cloud in FortiLANCloud
Not Affected
Fortinet FortiSwitch & FortiSwitchManager
Not Affected
Fortinet FortiToken Cloud
Not Affected
Fortinet FortiVoice
Not Affected
Fortinet FortiWeb Cloud
Not Affected
FusionAuth FusionAuth 1.32 Not Affected
log4j CVE: How it affects FusionAuth (TLDR: It doesn't) - FusionAuth
Gradle Gradle
Not Affected No Gradle Blog - Dealing with the critical Log4j vulnerability Gradle Scala Compiler Plugin depends upon log4j-core but it is not used.
Gradle Gradle Enterprise < 2021.3.6 Affected Yes Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2
Gradle Gradle Enterprise Test Distribution Agent < 1.6.2 Affected Yes Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2
Gradle Gradle Enterprise Build Cache Node < 10.1 Affected Yes Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2
HPE 3PAR StoreServ Arrays
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE AirWave Management Platform
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Alletra 6000
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Alletra 9k
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Aruba Central
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Aruba ClearPass Policy Manager
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Aruba ClearPass Policy Manager
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Aruba Instant (IAP)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Aruba Location Services
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Aruba NetEdit
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Aruba PVOS Switches
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Aruba SDN VAN Controller
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Aruba User Experience Insight (UXI)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Aruba VIA Client
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE ArubaOS SD-WAN Controllers and Gateways
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE ArubaOS Wi-Fi Controllers and Gateways
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE ArubaOS-CX switches
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE ArubaOS-S switches
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE BladeSystem Onboard Administrator
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Brocade 16Gb SAN Switch for HPE BladeSystem c-Class
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Brocade Network Advisor
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE CloudAuth
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE CloudPhysics
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Compute Cloud Console
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Compute operations manager- FW UPDATE SERVICE
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE COS (Cray Operating System)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Cray Systems Management (CSM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Custom SPP Portal Link
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Data Services Cloud Console
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Harmony Data Platform
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HOP public services (grafana, vault, rancher, Jenkins)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE B-series SN2600B SAN Extension Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE B-series SN4000B SAN Extension Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE B-series SN6000B Fibre Channel Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE B-series SN6500B Fibre Channel Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE B-series SN6600B Fibre Channel Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE B-series SN6650B Fibre Channel Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE B-series SN6700B Fibre Channel Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Customer Experience Assurance (CEA)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Home Location Register (HLR/I-HLR)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Infosight for Servers
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Integrated Home Subscriber Server (I-HSS)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Intelligent Messaging (IM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Intelligent Network Server (INS)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Multimedia Services Environment (MSE)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE OC Convergent Communications Platform (OCCP)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE OC Media Platform Media Resource Function (OCMP-MRF)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE OC Universal Signaling Platform (OC-USP-M)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE OneView
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE OneView for VMware vRealize Operations (vROps)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE OneView Global Dashboard
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Performance Cluster Manager (HPCM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Performance Manager (PM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE OC Service Access Controller (OC SAC)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE OC Service Controller (OCSC)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Position Determination Entity (PDE)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Secure Identity Broker (SIB)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Service Activator (SA)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Service Governance Framework (SGF)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Service Orchestration Manager (SOM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Service Provisioner (SP)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Short Message Point-to-Point Gateway (SMPP)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Slingshot
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Smart Interaction Server (SIS)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE SN3000B Fibre Channel Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE SN8000B 4-Slot SAN Director Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE SN8000B 8-Slot SAN Backbone Director Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE SN8600B 4-Slot SAN Director Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE SN8600B 8-Slot SAN Director Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE SN8700B 4-Slot Director Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE SN8700B 8-Slot Director Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Subscriber, Network, and Application Policy (SNAP)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Subscription Manager (SM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Synergy Image Streamer
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Systems Insight Manager (SIM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Telecom Application Server (TAS)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Unified Correlation and Automation (UCA)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Unified OSS Console (UOC)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Universal SLA Manager (uSLAM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Unified Mediation Bus (UMB)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Unified Topology Manager (UTM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Universal Identity Repository (VIR)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Virtual Connect
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Virtual Connect Enterprise Manager (VCEM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Virtual Provisioning Gateway (vPGW)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Virtual Server Environment (VSE)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE HPE Virtual Subscriber Data Management (vSDM)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE WebRTC Gateway Controller (WGW)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-14
HPE HPE Wi-Fi Authentication Gateway (WauG)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Insight Cluster Management Utility (CMU)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Integrated Lights-Out (iLO) Amplifier Pack
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Integrated Lights-Out 4 (iLO 4) 4 Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Integrated Lights-Out 5 (iLO 5) 5 Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Integrity BL860c, BL870c, BL890c
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Integrity Rx2800/Rx2900
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Integrity Superdome 2
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Integrity Superdome X
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Intelligent Provisioning
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE iSUT integrated smart update tool
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Maven Artifacts (Atlas)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE MSA
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE NetEdit
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Nimble Storage
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE NS-T0634-OSM CONSOLE TOOLS
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE NS-T0977-SCHEMA VALIDATOR
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE OfficeConnect
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Primera Storage
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE RepoServer part of OPA (on Premises aggregator)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Resource Aggregator for Open Distributed Infrastructure Management
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE RESTful Interface Tool (iLOREST)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE SAT (System Admin Toolkit)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Scripting Tools for Windows PowerShell (HPEiLOCmdlets)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE SGI MC990 X Server
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE SGI UV 2000 Server
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE SGI UV 300, 300H, 300RL, 30EX
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE SGI UV 3000 Server
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE SN8700B 8-Slot Director Switch
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE StoreEasy
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE StoreEver CVTL
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE StoreEver LTO Tape Drives
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE StoreEver MSL Tape Libraries
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE StoreOnce
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE SUM (Smart Update Manager)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Superdome Flex 280
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE Superdome Flex Server
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
HPE UAN (User Access Node)
Not Affected
(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 Support Communication Cross Reference ID: SIK7387
2021-12-12
IBM Cognos Controller 10.4.2 Affected Yes Security Bulletin: IBM Cognos Controller 10.4.2 IF15: Apache log4j Vulnerability (CVE-2021-44228)
12/15/2021
IBM Planning Analytics Workspace >2.0.57 Affected Yes Security Bulletin: IBM Planning Analytics 2.0: Apache log4j Vulnerability (CVE-2021-44228)
12/15/2021
IBM Power HMC V9.2.950.0 & V10.1.1010.0 Affected Yes Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC
12/15/2021
IBM App ID
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Certificate Manager
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Cloud Object Storage
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Cloud Object Storage
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Cloudant
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Container Registry
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Container Security Services
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Continuous Delivery
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Hyper Protect DBaaS for MongoDB
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Hyper Protect DBaaS for PostgreSQL
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Hyper Protect Virtual Server
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Internet Services
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Knowledge Studio
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Managed VMware Service
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Natural Language Understanding
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM VMware Solutions
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM VMware vCenter Server
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM VMware vSphere
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM vRealize Operations and Log Insight
Affected Yes An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Analytics Engine
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM App Configuration
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM App Connect
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Application Gateway
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Aspera
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Aspera Endpoint
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Aspera Enterprise
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Aspera fasp.io
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Bare Metal Servers
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Block Storage
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Block Storage for VPC
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Block Storage Snapshots for VPC
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Case Manager
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Client VPN for VPC
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Cloud Activity Tracker
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Cloud Backup
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Cloud Monitoring
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Code Engine
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Cognos Command Center
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Cognos Integration Server
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Compose Enterprise
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Compose for Elasticsearch
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Compose for etcd
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Compose for MongoDB
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Compose for MySQL
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Compose for PostgreSQL
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Compose for RabbitMQ
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Compose for Redis
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Compose for RethinkDB
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Compose for ScyllaDB
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Content Delivery Network
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Copy Services Manager
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Databases for DataStax
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Databases for EDB
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Databases for Elasticsearch
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Databases for etcd
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Databases for MongoDB
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Databases for PostgreSQL
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Databases for Redis
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Datapower Gateway
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Dedicated Host for VPC
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Direct Link Connect
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Direct Link Connect on Classic
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Direct Link Dedicated (2.0)
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Direct Link Dedicated Hosting on Classic
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Direct Link Dedicated on Classic
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Direct Link Exchange on Classic
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM DNS Services
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Emptoris Contract Management
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Emptoris Program Management
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Emptoris Sourcing
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Emptoris Spend Analysis
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Emptoris Supplier Lifecycle Management
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Enterprise Tape Controller Model C07 (3592) (ETC)
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Event Notifications
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Event Streams
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM File Storage
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Flash System 900 (& 840)
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Flow Logs for VPC
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Functions
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM GSKit
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Guardium S-TAP for Data Sets on z/OS
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Guardium S-TAP for DB2 on z/OS
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Guardium S-TAP for IMS on z/OS
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Hyper Protect Crypto Services
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM i2 Analyst’s Notebook
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM i2 Base
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Application Runtime Expert for i
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Backup, Recovery and Media Services for i
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Db2 Mirror for i
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM HTTP Server
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM i Portfolio of products under the Group SWMA
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM i Access Family
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM PowerHA System Mirror for i
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Sterling Connect:Direct Browser User Interface
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Sterling Connect:Direct for HP NonStop
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Sterling Connect:Direct for i5/OS
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Sterling Connect:Direct for OpenVMS
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Sterling Connect:Express for Microsoft Windows
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Sterling Connect:Express for UNIX
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Sterling Connect:Express for z/OS
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM IBM Instana Agent Lower than 12-11-2021 Affected Yes Instana Status Incidents
12/14/2021
IBM Key Lifecyle Manager for z/OS
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Key Protect
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Kubernetes Service
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Load Balancer for VPC
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Log Analysis
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Mass Data Migration
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Maximo EAM SaaS
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Message Hub
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM MQ Appliance
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM MQ on IBM Cloud
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM OmniFind Text Search Server for DB2 for i
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM OPENBMC
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM PowerSC
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM PowerVM Hypervisor
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM PowerVM VIOS
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM QRadar Advisor
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Qradar Network Threat Analytics
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM QRadar SIEM
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Quantum Services
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Rational Developer for AIX and Linux
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Rational Developer for i
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Red Hat OpenShift on IBM Cloud
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Robotic Process Automation
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM SAN Volume Controller and Storwize Family
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Satellite Infrastructure Service
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Schematics
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Secrets Manager
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Secure Gateway
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Archive Library Edition
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Discover
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect Client Management Service
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect for Databases: Data Protection for Oracle
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect for Databases: Data Protection for SQL
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect for Enterprise Resource Planning
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect for Mail: Data Protection for Domino
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect for Mail: Data Protection for Exchange
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect for Workstations
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect for z/OS USS Client and API
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect Plus Db2 Agent
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect Plus Exchange Agent
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect Plus File Systems Agent
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect Plus MongoDB Agent
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect Plus O365 Agent
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect Server
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect Snapshot for UNIX
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Spectrum Protect Snapshot for UNIX
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM SQL Query
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Gentran
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Order Management
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Pack for ACORD
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Pack for Financial Services
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Pack for FIX
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Pack for NACHA
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Pack for PeopleSoft
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Pack for SAP R/3
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Pack for SEPA
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Pack for Siebel
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Pack for SWIFT
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Packs for EDI
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Packs for Healthcare
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Sterling Transformation Extender Trading Manager
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Storage TS1160
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Storage TS2280
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Storage TS2900 Library
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Storage TS3100-TS3200 Library
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Storage TS4500 Library
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Storage Virtualization Engine TS7700
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Tape System Library Manager
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM TDMF for zOS
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Total Storage Service Console (TSSC) / TS4500 IMC
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Transit Gateway
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Tririga Anywhere
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM TS4300
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Urbancode Deploy
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Virtual Private Cloud
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Virtual Server for Classic
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Virtualization Management Interface
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM VPN for VPC
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
IBM Workload Automation
Not Affected
An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog
12/15/2021
ISEC7 Sphere N/A Not Affected No
12/15/2021
Jenkins CI/CD Core
Not Affected
Jenkins Plugins
Unkown
Need to audit plugins for use of log4j
Jetbrains
Affected Yes https://www.jetbrains.com/help/license_server/release_notes.html
Lenovo DSS-G
Affected
2021-12-14
Lenovo XClarity Administrator (LXCA)
Affected
2021-12-14
Lenovo XClarity Energy Manager (LXEM)
Affected
2021-12-14
Lenovo XClarity Integrator (LXCI) for VMware vCenter
Affected
2021-12-14
Lenovo NetApp ONTAP Tools for VMware vSphere
Affected
Apache Log4j Vulnerability See NetApp advisory.
2021-12-14
Lenovo ThinkAgile HX
Affected
Apache Log4j Vulnerability Nutanix and VMware components only; hardware not affected. See Nutanix and VMWare advisories.
2021-12-14
Lenovo ThinkAgile VX
Affected
Apache Log4j Vulnerability VMware components only; hardware not affected. See VMWare advisory.
2021-12-14
Lenovo XClarity Integrator (LXCI) for ServiceNow
Under Investigation
2021-12-14
Lenovo XClarity Integrator (LXCI) for Nagios
Under Investigation
2021-12-14
Lenovo XClarity Integrator (LXCI) for Microsoft Azure Log Analytics
Under Investigation
2021-12-14
Lenovo Storage Management utilities
Under Investigation
2021-12-14
Lenovo BIOS/UEFI
Not Affected
2021-12-14
Lenovo Chassis Management Module 2 (CMM)
Not Affected
2021-12-14
Lenovo Commercial Vantage
Not Affected
2021-12-14
Lenovo Confluent
Not Affected
2021-12-14
Lenovo Embedded System Management Java-based KVM clients
Not Affected
2021-12-14
Lenovo Fan Power Controller (FPC)
Not Affected
2021-12-14
Lenovo Fan Power Controller2 (FPC2)
Not Affected
2021-12-14
Lenovo Integrated Management Module II (IMM2)
Not Affected
2021-12-14
Lenovo System Update
Not Affected
2021-12-14
Lenovo Thin Installer
Not Affected
2021-12-14
Lenovo Update Retriever
Not Affected
2021-12-14
Lenovo Vantage
Not Affected
2021-12-14
Lenovo XClarity Orchestrator (LXCO)
Not Affected
2021-12-14
Lenovo XClarity Mobile (LXCM)
Not Affected
2021-12-14
Lenovo XClarity Integrator (LXCI) for Windows Admin Center
Not Affected
2021-12-14
Lenovo XClarity Integrator (LXCI) for Microsoft System Center
Not Affected
2021-12-14
Lenovo XClarity Controller (XCC)
Not Affected
2021-12-14
Lenovo XClarity Essentials (LXCE)
Not Affected
2021-12-14
Lenovo XClarity Provisioning Manager (LXPM)
Not Affected
2021-12-14
Lenovo Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade FOS
Not Affected
2021-12-14
Lenovo System Management Module (SMM)
Not Affected
2021-12-14
Lenovo System Management Module 2 (SMM2)
Not Affected
2021-12-14
Lenovo ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T
Not Affected
2021-12-14
Lenovo ThinkSystem DE Series Storage
Not Affected
Apache Log4j Vulnerability See also NetApp advisory.
2021-12-14
Lenovo ThinkSystem DM Series Storage
Not Affected
Apache Log4j Vulnerability See also NetApp advisory.
2021-12-14
Lenovo ThinkSystem DS Series Storage
Not Affected
2021-12-14
Lenovo ThinkSystem Manager (TSM)
Not Affected
2021-12-14
McAfee ePolicy Orchestrator Agent Handlers (ePO-AH)
Not Affected
McAfee Data Exchange Layer (DXL)
Under Investigation
McAfee Enterprise Security Manager (ESM)
Under Investigation
McAfee ePolicy Orchestrator Application Server (ePO)
Under Investigation
McAfee McAfee Active Response (MAR)
Under Investigation
McAfee Network Security Manager (NSM)
Under Investigation
McAfee Network Security Platform (NSP)
Under Investigation
McAfee Threat Intelligence Exchange (TIE)
Under Investigation
Microsoft Azure Data lake store java < 2.3.10 Affected
Microsoft Azure DevOps
Not Affected
Azure DevOps (and Azure DevOps Server) and the log4j vulnerability
Microsoft Azure DevOps Server 2019.0 - 2020.1 Affected No Azure DevOps (and Azure DevOps Server) and the log4j vulnerability
Microsoft Team Foundation Server 2018.2+ Affected No Azure DevOps (and Azure DevOps Server) and the log4j vulnerability
MongoDB MongoDB Atlas Search
Affected yes https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts)
Not Affected
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators)
Not Affected
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators)
Not Affected
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB MongoDB Drivers
Not Affected
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors)
Not Affected
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
MongoDB MongoDB Realm (including Realm Database, Sync, Functions, APIs)
Not Affected
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
Netapp Multiple NetApp products
Affected
https://security.netapp.com/advisory/ntap-20211210-0007/
Neo4j Neo4j Graph Database Version >4.2, <4..2.12 Affected No
12/13/2021
New Relic New Relic Java Agent <7.4.2 Affected Yes Java agent v7.4.2 Initially fixed in 7.4.1, but additional vulnerability found New Relic tracking, covers CVE-2021-44228, CVE-2021-45046 12/15/2021
Okta Okta RADIUS Server Agent < 2.17.0 Affected
Okta RADIUS Server Agent CVE-2021-44228 Okta
12/12/2021
Okta Okta On-Prem MFA Agent < 1.4.6 Affected
Okta On-Prem MFA Agent CVE-2021-44228 Okta
12/12/2021
Okta Advanced Server Access
Not Affected
Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security
12/12/2021
Okta Okta Access Gateway
Not Affected
Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security
12/12/2021
Okta Okta AD Agent
Not Affected
Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security
12/12/2021
Okta Okta Browser Plugin
Not Affected
Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security
12/12/2021
Okta Okta IWA Web Agent
Not Affected
Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security
12/12/2021
Okta Okta LDAP Agent
Not Affected
Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security
12/12/2021
Okta Okta Mobile
Not Affected
Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security
12/12/2021
Okta Okta Workflows
Not Affected
Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security
12/12/2021
Okta Okta Verify
Not Affected
Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security
12/12/2021
Palo-Alto Prisma Cloud Compute
Not Affected
CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto Prisma Cloud
Not Affected
CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto PAN-OS
Not Affected
CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto GlobalProtect App
Not Affected
CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto Cortex XSOAR
Not Affected
CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto Cortex XDR Agent
Not Affected
CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Palo-Alto CloudGenix
Not Affected
CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)
Plex Plex Industrial IoT
Fixed
PN1579 - Log4Shell Vulnerability Notice The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required.
12/15/2021
Palo-Alto Panorama 9.0, 9.1, 10.0 Affected Yes Unit42 Palo-Alto Apache Log4j Vulnerability
Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available 12/15/2021
Pulse Secure Pulse Secure Virtual Traffic Manager
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Secure Services Director
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Secure Web Application Firewall
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Connect Secure
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Ivanti Connect Secure (ICS)
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Policy Secure
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Desktop Client
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse Mobile Client
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse One
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Pulse ZTA
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Ivanti Neurons for ZTA
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Pulse Secure Ivanti Neurons for secure Access
Not Affected
Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)
Rapid7 AlcidekArt, kAdvisor, and kAudit on-prem Not Affected
12/15/2021
Rapid7 AppSpider Pro on-prem Not Affected
12/15/2021
Rapid7 AppSpider Enterprise on-prem Not Affected
12/15/2021
Rapid7 Insight Agent on-prem Not Affected
12/15/2021
Rapid7 InsightAppSec Scan Engine on-prem Not Affected
12/15/2021
Rapid7 InsightAppSec Scan Engine on-prem Not Affected
12/15/2021
Rapid7 InsightCloudSec/DivvyCloud on-prem Not Affected
12/15/2021
Rapid7 InsightConnect Orchestrator on-prem Not Affected
12/15/2021
Rapid7 InsightIDR/InsightOps Collector & Event Sources on-prem Not Affected
12/15/2021
Rapid7 InsightIDR Network Sensor on-prem Not Affected
12/15/2021
Rapid7 InsightOps DataHub InsightOps DataHub <= 2.0 Affected Yes Rapid7 Statement Upgrade DataHub to version 2.0.1 using the following instructions.
12/15/2021
Rapid7 InsightOps non-Java logging libraries on-prem Not Affected
12/15/2021
Rapid7 InsightOps r7insight_java logging library <=3.0.8 Affected Yes Rapid7 Statement Upgrade r7insight_java to 3.0.9
12/15/2021
Rapid7 InsightVM Kubernetes Monitor on-prem Not Affected
12/15/2021
Rapid7 InsightVM/Nexpose on-prem Not Affected
12/15/2021
Rapid7 InsightVM/Nexpose Console on-prem Not Affected
Rapid7 Statement Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell.
12/15/2021
Rapid7 InsightVM/Nexpose Engine on-prem Not Affected
Rapid7 Statement Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell.
12/15/2021
Rapid7 IntSights virtual appliance on-prem Not Affected
12/15/2021
Rapid7 Logentries DataHub Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 Affected Yes Rapid7 Statement Linux: Install DataHub_1.2.0.822.deb using the following instructions. Windows: Run version 1.2.0.822 in a Docker container or as a Java command per these instructions. You can find more details here.
12/15/2021
Rapid7 Logentries le_java logging library All versions: this is a deprecated component Affected Yes Rapid7 Statement Migrate to version 3.0.9 of r7insight_java
12/15/2021
Rapid7 Metasploit Pro on-prem Not Affected
Rapid7 Statement Metasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j.
12/15/2021
Rapid7 Metasploit Framework on-prem Not Affected
12/15/2021
Rapid7 tCell Java Agent on-prem Not Affected
12/15/2021
Rapid7 Velociraptor on-prem Not Affected
12/15/2021
Red Hat build of Quarkus log4j-core low
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat CodeReady Studio 12 log4j-core
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Data Grid 8 log4j-core
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Descision Manager 7 log4j-core low
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Enterprise Linux 6 log4j
Not Affected
CVE-2021-44228- Red Hat Customer Portal
Red Hat Enterprise Linux 7 log4j
Not Affected
CVE-2021-44228- Red Hat Customer Portal
Red Hat Enterprise Linux 8 parfait:0.5/log4j12
Not Affected
CVE-2021-44228- Red Hat Customer Portal
Red Hat Integration Camel K log4j-core
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Integration Camel Quarkus log4j-core
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat JBoss A-MQ Streaming log4j-core
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat JBoss Enterprise Application Platform 7 log4j-core low
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat JBoss Enterprise Application Platform Expansion Pack log4j-core low
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat JBoss Fuse 7 log4j-core
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Application Runtimes log4j-core
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Logging logging-elasticsearch6-container
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenStack Platform 13 (Queens) opendaylight
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Process Automation 7 log4j-core low
Affected No CVE-2021-44228- Red Hat Customer Portal
Red Hat Single Sign-On 7 log4j-core
Not Affected
CVE-2021-44228- Red Hat Customer Portal
Red Hat Software Collections rh-maven36-log4j12
Not Affected
CVE-2021-44228- Red Hat Customer Portal
Red Hat Software Collections rh-maven35-log4j12
Not Affected
CVE-2021-44228- Red Hat Customer Portal
Red Hat Software Collections rh-java-common-log4j
Not Affected
CVE-2021-44228- Red Hat Customer Portal
Redhat log4j-core
Not Affected
CVE-2021-44228- Red Hat Customer Portal
Rockwell Automation Warehouse Management 4.01.00, 4.02.00, 4.02.01, 4.02.02 Affected Under development PN1579 - Log4Shell Vulnerability Notice
12/15/2021
Rockwell Automation MES EIG 3.03.00 Affected No, product discontinued PN1579 - Log4Shell Vulnerability Notice Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions.
12/15/2021
Rockwell Automation Industrial Data Center Gen 1, Gen 2, Gen 3, Gen 3.5 Fixed Follow the mitigation instructions outlined by VMware in VMSA-2021-0028 PN1579 - Log4Shell Vulnerability Notice
12/15/2021
Rockwell Automation VersaVirtual Series A Fixed Follow the mitigation instructions outlined by VMware in VMSA-2021-0028 PN1579 - Log4Shell Vulnerability Notice
12/15/2021
Rockwell Automation FactoryTalk Analytics DataFlowML 4.00.00 Affected Under development PN1579 - Log4Shell Vulnerability Notice
12/15/2021
Rockwell Automation FactoryTalk Analytics DataView 3.03.00 Affected Under development PN1579 - Log4Shell Vulnerability Notice
12/15/2021
RSA SecurID Authentication Manager
Not Affected
RSA SecurID Authentication Manager Prime
Not Affected
RSA SecurID Authentication Manager WebTier
Not Affected
RSA SecurID Identity Router
Not Affected
RSA SecurID Governance and Lifecycle
Not Affected
RSA SecurID Governance and Lifecycle Cloud
Not Affected
Ruckus Virtual SmartZone (vSZ) 5.1 to 6.0 Affected
Ruckus Wireless (support.ruckuswireless.com)
12/13/2021
Siemens Capital All Versions >- 2019.1 SP1912 Affected Yes Siemens Advisory Link Only affected if Teamcenter integration feature is used. Mitigation: Mitigation Link
12/15/2021
Siemens Comos Desktop App All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Desigo CC Advanced Reporting V4.0, 4.1, 4.2, 5.0, 5.1 Affected Yes Siemens Advisory Link
12/15/2021
Siemens Desigo CC Info Center V5.0, 5.1 Affected Yes Siemens Advisory Link
12/15/2021
Siemens E-Car OC Cloud Application All Versions < 2021-12-13 Affected Yes Siemens Advisory Link
12/15/2021
Siemens EnergyIP Prepay V3.7. V3.8 Affected Yes Siemens Advisory Link
12/15 2021
Siemens GMA-Manager All Version > V8.6.2j-398 Affected Yes Siemens Advisory Link
12/15/2021
Siemens HES UDIS All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Industrial Edge Management App All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Industrial Edge Management OS All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Industrial Edge Management Hub All versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens LOGO! Soft Comfort All versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Mendix Applications All Versions Not Affected Yes Siemens Advisory Link
12/15/2021
Siemens Mindsphere Cloud Application All Versions < 2021-12-11 Affected Yes Siemens Advisory Link Fixed on Cloud Version
12/15/2021
Siemens NX All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Opcenter Intelligence All Versions >=3.2 Affected Yes Siemens Advisory Link Only OEM version that ships Tableau
12/15/2021
Siemens Operation Scheduler All versions >= V1.1.3 Affected Yes Siemens Advisory Link Block incoming and outgoing connections
12/15/2021
Siemens SIGUARD DSA V4.2, 4.3, 4.4 Affected Yes Siemens Advisory Link
12/15/2021
Siemens SIMATIC WinCC All Versions <V7.4 SP1 Affected Yes Siemens Advisory Link
12/15/2021
Siemens SiPass integrated V2.80 All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens SiPass integrated V2.85 All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Siveillance Command All Versions >=4.16.2.1 Affected Yes Siemens Advisory Link
12/15/2021
Siemens Siveillance Control Pro All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Siveillance Identity V1.5 All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Siveillance Identity V1.6 All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Siveillance Vantage All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens Solid Edge Wiring Harness Design All Versions >= 2020 Affected Yes Siemens Advisory Link only if Teamcenter integration feature is used
12/15/2021
Siemens Spectrum Power 4 All versions Affected Yes Siemens Advisory Link only with component jROS in version 3.0.0
12/15/2021
Siemens Spectrum Power 7 All Versions < V2.30 SP2 Affected Yes Siemens Advisory Link only with component jROS
12/15/2021
Siemens Teamcenter Suite All Versions Affected Yes Siemens Advisory Link
12/15/2021
Siemens VeSys All Versions >=2019.1 SP1912 Affected Yes Siemens Advisory Link only if Teamcenter integration feature is used
12/15/2021
Siemens Xpedition EDM Server VX.2.6-VX.2.10 Affected Yes Siemens Advisory Link
12/15/2021
Siemens Xpedition EDM Client VX.2.6-VX.2.10 Affected Yes Siemens Advisory Link
12/15/2021
SolarWinds Server & Application Monitor (SAM) SAM 2020.2.6 and later Affected No Apache Log4j Critical Vulnerability (CVE-2021-44228) Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228) Workarounds available, hotfix under development
12/14/2021
SolarWinds Database Performance Analyzer (DPA) 2021.1.x, 2021.3.x, 2022.1.x Affected No Apache Log4j Critical Vulnerability (CVE-2021-44228) Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228) Workarounds available, hotfix under development
12/14/2021
SonicWall Gen5 Firewalls (EOS)
Not Affected
Security Advisory (sonicwall.com) Log4j2 not used in the appliance.
12/12/2021
SonicWall Gen6 Firewalls
Not Affected
Security Advisory (sonicwall.com) Log4j2 not used in the appliance.
12/12/2021
SonicWall Gen7 Firewalls
Not Affected
Security Advisory (sonicwall.com) Log4j2 not used in the appliance.
12/12/2021
SonicWall SonicWall Switch
Not Affected
Security Advisory (sonicwall.com) Log4j2 not used in the SonicWall Switch.
12/12/2021
SonicWall SMA 100
Not Affected
Security Advisory (sonicwall.com) Log4j2 not used in the SMA100 appliance.
12/12/2021
SonicWall SMA 1000
Not Affected
Security Advisory (sonicwall.com) Version 12.1.0 and 12.4.1 doesn't use a vulnerable version
12/12/2021
SonicWall Email Security
Not Affected
[Security Advisory (sonicwall.com)] Version 10.x doesn't use a vulnerable version
12/12/2021
SonicWall MSW
Not Affected
Security Advisory (sonicwall.com) Mysonicwall service doesn't use Log4j
12/12/2021
SonicWall NSM
Not Affected
Security Advisory (sonicwall.com) NSM On-Prem and SaaS doesn't use a vulnerable version
12/12/2021
SonicWall Capture Client & Capture Client Portal
Not Affected
Security Advisory (sonicwall.com) Log4j2 not used in the Capture Client.
12/12/2021
SonicWall Access Points
Not Affected
Security Advisory (sonicwall.com) Log4j2 not used in the SonicWall Access Points
12/12/2021
SonicWall WNM
Not Affected
Security Advisory (sonicwall.com) Log4j2 not used in the WNM.
12/12/2021
SonicWall Capture Security Appliance
Not Affected
Security Advisory (sonicwall.com) Log4j2 not used in the Capture Security appliance.
12/12/2021
SonicWall WXA
Not Affected
Security Advisory (sonicwall.com) WXA doesn't use a vulnerable version
12/12/2021
SonicWall SonicCore
Not Affected
Security Advisory (sonicwall.com) SonicCore doesn't use a Log4j2
12/12/2021
SonicWall Analyzer
Under Investigation
Security Advisory (sonicwall.com) Under Review
12/12/2021
SonicWall Analytics
Under Investigation
Security Advisory (sonicwall.com) Under Review
12/12/2021
SonicWall GMS
Under Investigation
Security Advisory (sonicwall.com) Under Review
12/12/2021
SonicWall CAS
Under Investigation
Security Advisory (sonicwall.com) Under Review
12/12/2021
SonicWall WAF
Under Investigation
Security Advisory (sonicwall.com) Under Review
12/12/2021
Sophos Sophos Mobile EAS Proxy < 9.7.2 Affected No Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers will need to download and install version 9.7.2, available from Monday December 13, 2021, on the same machine where it is currently running. PowerShell mode is not affected. Customers can download the Standalone EAS Proxy Installer version 9.7.2 from the Sophos website.
12/12/2021
Sophos Cloud Optix
Fixed
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Users may have noticed a brief outage around 12:30 GMT as updates were deployed. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted.
12/12/2021
Sophos Sophos Firewall (all versions)
Not Affected
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos Firewall does not use Log4j.
12/12/2021
Sophos SG UTM (all versions)
Not Affected
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos SG UTM does not use Log4j.
12/12/2021
Sophos SG UTM Manager (SUM) (all versions) All versions Not Affected
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos SUM does not use Log4j.
12/12/2021
Sophos Sophos ZTNA
Not Affected
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos ZTNA does not use Log4j.
12/12/2021
Sophos Sophos Home
Not Affected
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos Home does not use Log4j.
12/12/2021
Sophos Sophos Central
Not Affected
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos Central does not run an exploitable configuration.
12/12/2021
Sophos Sophos Mobile
Not Affected
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable configuration.
12/12/2021
Sophos Reflexion
Not Affected
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos Reflexion does not run an exploitable configuration.
12/12/2021
Splunk Data Stream Processor DSP 1.0.x, DSP 1.1.x, DSP 1.2.x Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Splunk IT Service Intelligence (ITSI) 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Splunk Splunk Enterprise non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Splunk Splunk Enterprise Amazon Machine Image (AMI) non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Splunk Splunk Enterprise Docker Container non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Splunk Stream Processor Service non-Windows versions of 8.1.x and 8.2.x only if Hadoop and/or DFS are used Affected No Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Splunk Splunk Cloud Developer Edition
Under Investigation
Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Splunk Splunk Connect for SNMP
Under Investigation
Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Splunk Splunk DB Connect
Under Investigation
Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Splunk Splunk Forwarders (UF/HWF)
Under Investigation
Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Splunk Splunk Mint
Under Investigation
Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk
12/12/2021
Spring Spring Boot
Unkown
https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2
TPLink Omega Controller Linux/Windows all Affected Yes Statement on Apache Log4j Vulnerability Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16 Tp Community Link, Reddit Link 12/15/2021
TrendMicro All
Under Investigation
https://success.trendmicro.com/solution/000289940
Ubiquiti UniFi Network Application 6.5.53 & lower versions Affected Yes UniFi Network Application 6.5.54 Ubiquiti Community
Ubiquiti UniFi Network Controller 6.5.54 & lower versions Affected Yes UniFi Network Application 6.5.55 Ubiquiti Community
6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 12/15/2021
VMware VMware vCenter Server 8.x, 7.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware vCenter Server 7.x, 6.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware vCenter Server 6.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Horizon N/A Affected Yes VMSA-2021-0028
12/14/2021
VMware VMware HCX 4.x, 3.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware NSX-T Data Centern 3.x, 2.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Unified Access Gateway 21.x, 20.x, 3.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Workspace ONE Access 21.x, 20.10.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Identity Manager 3.3.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware vRealize Operations 8.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware vRealize Operations Cloud Proxy Any Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware vRealize Log Insight 8.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware vRealize Automation 8.x, 7.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware vRealize Lifecycle Manager 8.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Telco Cloud Automation 2.x, 1.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Carbon Black Cloud Workload Appliance 1.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Carbon Black EDR Server 7.x, 6.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Site Recovery Manager 8.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Tanzu GemFire 9.x, 8.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Tanzu Greenplum 6.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Tanzu Operations Manager 2.x Affected Yes VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Tanzu Application Service for VMs 2.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Tanzu Kubernetes Grid Integrated Edition 1.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Tanzu Observability by Wavefront Nozzle 3.x, 2.x Affected Yes VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware Healthwatch for Tanzu Application Service 2.x, 1.x Affected Yes VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware Spring Cloud Services for VMware Tanzu 3.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware Spring Cloud Gateway for VMware Tanzu 1.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware Spring Cloud Gateway for Kubernetes 1.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware API Portal for VMware Tanzu 1.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware Single Sign-On for VMware Tanzu Application Service 1.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware App Metrics 2.x Affected Yes VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware vCenter Cloud Gateway 1.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Tanzu SQL with MySQL for VMs 2.x, 1.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware vRealize Orchestrator 8.x, 7.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Cloud Foundation 4.x, 3.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 21.x, 20.10.x, 19.03.0.1 Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Horizon DaaS 9.1.x, 9.0.x Affected No VMSA-2021-0028.1 (vmware.com)
12/12/2021
VMware VMware Horizon Cloud Connector 1.x, 2.x Affected Yes VMSA-2021-0028.1 (vmware.com)
12/12/2021
Zendesk All Products All Versions Affected No 2021-12-13 Security Advisory - Apache Log4j (CVE-2021-44228) Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems.
12/13/2021
Zscaler Multiple Products
Not Affected No CVE-2021-44228 log4j Vulnerability
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK