This page contains an overview of any related software regarding the Log4j vulnerability. On this page NCSC-NL will maintain a list of all known vulnerable and not vulnerable software. Futhermore any reference to the software will contain specific information regarding which version contains the security fixes, and which software still requires mitigation. Please note that this vulnerability may also occur in custom software developed within your oganisation. These occurrences are not registered in this overview.
NCSC-NL will use the following status:
| Status | Description |
|---|---|
| Vulnerable | Software is vulnerable for CVE-2021-44228. |
| Fix | Software contains a fix for CVE-2021-44228 |
| Workaround | Software is vulnerable but mitigation steps are available |
| Not vuln | Software is NOT vulnerable for CVE-2021-44228. |
| Investigation | Software is under investigation whether it is vulnerable or not |
NCSC-NL has published a HIGH/HIGH advisory for the Log4j vulnerability. Normally we would update the HIGH/HIGH advisory for vulnerable software packages, however due to the extensive amounts of expected updates we have created a list of known vulnerable software in the software directory.
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| AIL | AIL | all | Not vuln | source | |
| Apache | Cassandra | all | Not vuln | source | |
| Apache | Druid | 0.22.1 | Fix | source | |
| Apache | Flink | 1.15.0, 1.14.1, 1.13.4 | Fix | source | |
| Apache | Log4j | 2.15.0 | Fix | source | |
| Apache | Kafka | Unknown | Workaround/Vulnerable | Only vulnerable in certain configuration | source |
| Apache | SOLR | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fix | Versions before 7.4 also vulnerable when using several configurations | source |
| Apache | Tika | 2.0.0 and up | Vulnerable | source | |
| Apache | Tomcat | Not vuln | source | ||
| Apache | Zookeeper | Not vuln | Zookeeper uses Log4j 1.2 version | source | |
| Apereo | CAS | 6.3.x & 6.4.x | Fix | Other versions still in active maintainance might need manual inspection | source |
| Apereo | Opencast | < 9.10, < 10.6 | Fix | source | |
| Apigee | Edge and OPDK products | All version | Not vuln | source | |
| Aptible | Aptible | ElasticSearch 5.x | Fix | source | |
| Atlassian | Jira Server & Data Center | On prem | Vulnerable | Only vulnerable when using non-default config, cloud version still under investigation | source |
| Atlassian | Confluence Server & Data Center | On prem | Vulnerable | Only vulnerable when using non-default config, cloud version still under investigation | source |
| Atlassian | Bamboo Server & Data Center | On prem | Vulnerable | Only vulnerable when using non-default config, cloud version still under investigation | source |
| Atlassian | Crowd Server & Data Center | On prem | Vulnerable | Only vulnerable when using non-default config, cloud version still under investigation | source |
| Atlassian | Fisheye | On prem | Vulnerable | Only vulnerable when using non-default config, cloud version still under investigation | source |
| Atlassian | Crucible | On prem | Vulnerable | Only vulnerable when using non-default config, cloud version still under investigation | source |
| Amazon | EC2 | Amazon Linux 1 & 2 | Vulnerable | Default packages not vulnerable | source |
| Amazon | OpenSearch | Unknown | Fix | source | |
| Amazon | AWS Lambda | Unknown | Fix | Vulnerable when using aws-lambda-java-log4j2 | source |
| Amazon | AWS CloudHSM | < 3.4.1. | Fix | source | |
| Azure | Data lake store java | < 2.3.10 | Fix | source | |
| APC | PowerChute Business Edition | Unknow to 10.0.2.301 | Vulnerable | ||
| APC | PowerChute Network Shutdown | Unknow to 4.2.0 | Vulnerable | ||
| Akamai | Siem Splunk Connector | Unknown to latest | Vulnerable | source | |
| Avaya | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Backblaze | Cloud | N/A (SaaS) | Fix | Cloud service patched | source |
| BigBlueButton | BigBlueButton | Unknown | Not vuln | source | |
| Bitdefender | GravityZone On-Premises | Unknown | Not vuln | source | |
| Bitnami | Unknown | Unknown | Fix | source | |
| Brian Pangburn | SwingSet | < 4.0.6 | Fix | source | |
| Broadcom | CA Advanced Protection | 9.1 & 9.1.01 | Workaround | source | |
| Broadcom | Symantec Endpoint Protection Manager (SEPM) | 14.3 | Workaround | source | |
| Broadcom | Advanced Secure Gateway (ASG) | Unknown | Investigation | source | |
| Broadcom | BCAAA | Unknown | Investigation | source | |
| Broadcom | Content Analysis (CA)(SEPM) | Unknown | Investigation | source | |
| Broadcom | Cloud Workload Protection (CWP) | Unknown | Investigation | source | |
| Broadcom | Cloud Workload Protection for Storage (CWP:S) | Unknown | Investigation | source | |
| Broadcom | Critical System Protection (CSP) | Unknown | Investigation | source | |
| Broadcom | Email Security Service (ESS) | Unknown | Investigation | source | |
| Broadcom | HSM Agent | Unknown | Investigation | source | |
| Broadcom | Industrial Control System Protection (ICSP) | Unknown | Investigation | source | |
| Broadcom | Integrated Cyber Defense Manager (ICDm) | Unknown | Investigation | source | |
| Broadcom | Integrated Secure Gateway (ISG) | Unknown | Investigation | source | |
| Broadcom | Layer7 API Developer Portal | Unknown | Investigation | source | |
| Broadcom | Management Center (MC) | Unknown | Investigation | source | |
| Broadcom | PacketShaper (PS) S-Series | Unknown | Investigation | source | |
| Broadcom | PolicyCenter (PC) S-Series | Unknown | Investigation | source | |
| Broadcom | Privileged Access Manager | Unknown | Investigation | source | |
| Broadcom | Privileged Access Manager Server Control | Unknown | Investigation | source | |
| Broadcom | Privileged Identity Manager | Unknown | Investigation | source | |
| Broadcom | Reporter | Unknown | Investigation | source | |
| Broadcom | Secure Access Cloud (SAC) | Unknown | Investigation | source | |
| Broadcom | SiteMinder (CA Single Sign-On) | Unknown | Investigation | source | |
| Broadcom | SSL Visibility (SSLV) | Unknown | Investigation | source | |
| Broadcom | Symantec Endpoint Detection and Response (EDR) | Unknown | Investigation | source | |
| Broadcom | Symantec Endpoint Encryption (SEE) | Unknown | Investigation | source | |
| Broadcom | Symantec Endpoint Protection (SEP) | Unknown | Investigation | source | |
| Broadcom | Symantec Endpoint Protection (SEP) for Mobile | Unknown | Investigation | source | |
| Broadcom | Symantec Mail Security for Microsoft Exchange (SMSMSE) | Unknown | Investigation | source | |
| Broadcom | Symantec Messaging Gateway (SMG) | Unknown | Investigation | source | |
| Broadcom | Symantec Protection Engine (SPE) | Unknown | Investigation | source | |
| Broadcom | Symantec Protection for SharePoint Servers (SPSS) | Unknown | Investigation | source | |
| Broadcom | VIP Authentication Hub | Unknown | Investigation | source | |
| Broadcom | Web Isolation (WI) | Unknown | Investigation | source | |
| Broadcom | Web Security Service (WSS)) | Unknown | Investigation | source | |
| Broadcom | WebPulse | Unknown | Investigation | source | |
| Broadcom | CloudSOC Cloud Access Security Broker (CASB) | Unknown | Not vuln | source | |
| Broadcom | Symantec Control Compliance Suite (CCS) | Unknown | Not vuln | source | |
| Broadcom | Data Center Security (DCS) | Unknown | Not vuln | source | |
| Broadcom | Data Loss Prevention (DLP) | Unknown | Not vuln | source | |
| Broadcom | Ghost Solution Suite (GSS) | Unknown | Not vuln | source | |
| Broadcom | IT Management Suite | Unknown | Not vuln | source | |
| Broadcom | Layer7 API Gateway | Unknown | Not vuln | source | |
| Broadcom | Layer7 Mobile API Gateway | Unknown | Not vuln | source | |
| Broadcom | ProxySG | Unknown | Not vuln | source | |
| Broadcom | Security Analytics (SA) | Unknown | Not vuln | source | |
| Broadcom | Symantec Directory | Unknown | Not vuln | source | |
| Broadcom | Symantec Identity Governance and Administration (IGA) | Unknown | Not vuln | source | |
| Broadcom | Symantec PGP Solutions | Unknown | Not vuln | source | |
| Broadcom | VIP | Unknown | Not vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Carbon Black | Cloud Workload Appliance | Unknown | Mitigation | More information on pages linked bottom of blogpost (behind login) | source |
| Carbon Black | EDR Servers | Unknown | Mitigation | More information on pages linked bottom of blogpost (behind login) | source |
| Cerberus | FTP | Unknown | Not vuln | source | |
| Cerebrate | Cerebrate | All | Not vuln | source | |
| Checkpoint | Quantum Security Gateway | Unknown | Not vuln | source | |
| Checkpoint | Quantum Security Management | Unknown | Not vuln | source | |
| Checkpoint | CloudGuard | Unknown | Not vuln | source | |
| Checkpoint | Infinity Portal | Unknown | Not vuln | source | |
| Checkpoint | Harmony Endpoint & Harmony Mobile | Unknown | Not vuln | source | |
| Checkpoint | SMB | Unknown | Not vuln | source | |
| Checkpoint | ThreatCloud | Unknown | Not vuln | source | |
| Chef | Infra Server | All | Not vuln | source | |
| Chef | Automate | All | Not vuln | source | |
| Chef | Backend | All | Not vuln | source | |
| Cisco | General Cisco Disclaimer | Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly | |||
| Cisco | AnyConnect Secure Mobility Client | All versions | Not vuln | source | |
| Cisco | Cisco SocialMiner | All versions | Not vuln | source | |
| Cisco | Cisco Extensible Network Controller (XNC) | Unknown | Investigation | source | |
| Cisco | Cisco Nexus Data Broker | Unknown | Investigation | source | |
| Cisco | Cisco Nexus Insights | Unknown | Investigation | source | |
| Cisco | Cisco Wide Area Application Services (WAAS) | All versions | Not vuln | source | |
| Cisco | Cisco AMP Virtual Private Cloud Appliance | Unknown | Investigation | source | |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | Unknown | Investigation | source | |
| Cisco | Cisco Advanced Web Security Reporting Application | Unknown | Investigation | source | |
| Cisco | Cisco Content Security Management Appliance (SMA) | Unknown | Not vuln | source | |
| Cisco | Cisco Email Security Appliance (ESA) | Unknown | Not vuln | source | |
| Cisco | Cisco Firepower 4100 Series | Unknown | Investigation | source | |
| Cisco | Cisco Firepower 9300 Security Appliances | Unknown | Investigation | source | |
| Cisco | Cisco Firepower Management Center | Unknown | Investigation | source | |
| Cisco | Cisco Firepower Threat Defense (FTD) | Unknown | Investigation | source | |
| Cisco | Cisco Identity Services Engine (ISE) | Unknown | Vulnerable | source | |
| Cisco | Cisco Web Security Appliance (WSA) | Unknown | Not vuln | source | |
| Cisco | Cisco ACI Multi-Site Orchestrator | Unknown | Investigation | source | |
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) | Unknown | Investigation | source | |
| Cisco | Cisco CloudCenter Suite Admin | Unknown | Investigation | source | |
| Cisco | Cisco CloudCenter Workload Manager | Unknown | Investigation | source | |
| Cisco | Cisco Connected Grid Device Manager | Unknown | Investigation | source | |
| Cisco | Cisco Connected Mobile Experiences | Unknown | Not vuln | source | |
| Cisco | Cisco Crosswork Change Automation | Unknown | Investigation | source | |
| Cisco | Cisco DNA Assurance | Unknown | Investigation | source | |
| Cisco | Cisco Data Center Network Manager (DCNM) | Unknown | Investigation | source | |
| Cisco | Cisco Elastic Services Controller (ESC) | Unknown | Not vuln | source | |
| Cisco | Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) | Unknown | Investigation | source | |
| Cisco | Cisco Modeling Labs | Unknown | Investigation | source | |
| Cisco | Cisco Network Planner | Unknown | Investigation | source | |
| Cisco | Cisco Network Services Orchestrator (NSO) | Unknown | Investigation | source | |
| Cisco | Cisco Nexus Dashboard (formerly Cisco Application Services Engine) | <2.1.2 | Vulnerable | Patch expected 7-jan-2022 | source |
| Cisco | Cisco Optical Network Planner | Unknown | Investigation | source | |
| Cisco | Cisco Policy Suite | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Central for Service Providers | Unknown | Investigation | source | |
| Cisco | Cisco Prime Collaboration Assurance | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Collaboration Manager | Unknown | Investigation | source | |
| Cisco | Cisco Prime Collaboration Provisioning | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Infrastructure | Unknown | Investigation | source | |
| Cisco | Cisco Prime License Manager | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Network Registrar | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Optical for Service Providers | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Provisioning | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Service Catalog | Unknown | Investigation | source | |
| Cisco | Cisco UCS Performance Manager | Unknown | Investigation | source | |
| Cisco | Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM | Unknown | Investigation | source | |
| Cisco | Cisco WAN Automation Engine (WAE) | Unknown | Investigation | source | |
| Cisco | Cisco ACI Virtual Edge | Unknown | Investigation | source | |
| Cisco | Cisco ASR 5000 Series Routers | Unknown | Not vuln | source | |
| Cisco | Cisco DNA Center | Unknown | Investigation | source | |
| Cisco | Cisco Enterprise NFV Infrastructure Software (NFVIS) | Unknown | Investigation | source | |
| Cisco | Cisco GGSN Gateway GPRS Support Node | Unknown | Not vuln | source | |
| Cisco | Cisco IOS and IOS XE Software | Unknown | Investigation | source | |
| Cisco | Cisco IOx Fog Director | Unknown | Investigation | source | |
| Cisco | Cisco IP Services Gateway (IPSG) | Unknown | Not vuln | source | |
| Cisco | Cisco MDS 9000 Series Multilayer Switches | Unknown | Investigation | source | |
| Cisco | Cisco MME Mobility Management Entity | Unknown | Not vuln | source | |
| Cisco | Cisco Mobility Unified Reporting and Analytics System | Unknown | Not vuln | source | |
| Cisco | Cisco Network Assurance Engine | Unknown | Investigation | source | |
| Cisco | Cisco Network Convergence System 2000 Series | Unknown | Investigation | source | |
| Cisco | Cisco Nexus 5500 Platform Switches | Unknown | Investigation | source | |
| Cisco | Cisco Nexus 5600 Platform Switches | Unknown | Investigation | source | |
| Cisco | Cisco Nexus 6000 Series Switches | Unknown | Investigation | source | |
| Cisco | Cisco Nexus 7000 Series Switches | Unknown | Investigation | source | |
| Cisco | Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode | Unknown | Investigation | source | |
| Cisco | Cisco PDSN/HA Packet Data Serving Node and Home Agent | Unknown | Not vuln | source | |
| Cisco | Cisco PGW Packet Data Network Gateway | Unknown | Not vuln | source | |
| Cisco | Cisco SD-WAN vEdge 1000 Series Routers | Unknown | Not vuln | source | |
| Cisco | Cisco SD-WAN vEdge 2000 Series Routers | Unknown | Not vuln | source | |
| Cisco | Cisco SD-WAN vEdge 5000 Series Routers | Unknown | Not vuln | source | |
| Cisco | Cisco SD-WAN vEdge Cloud Router Platform | Unknown | Not vuln | source | |
| Cisco | Cisco SD-WAN vManage | Unknown | Investigation | source | |
| Cisco | Cisco Secure Network Analytics (SNA), formerly Stealthwatch | Unknown | Investigation | source | |
| Cisco | Cisco System Architecture Evolution Gateway (SAEGW) | Unknown | Not vuln | source | |
| Cisco | Cisco HyperFlex System | Unknown | Investigation | source | |
| Cisco | Cisco UCS Manager | Unknown | Not vuln | source | |
| Cisco | Cisco BroadWorks | Unknown | Investigation | source | |
| Cisco | Cisco Broadcloud Calling | Unknown | Investigation | source | |
| Cisco | Cisco Computer Telephony Integration Object Server (CTIOS) | Unknown | Investigation | source | |
| Cisco | Cisco Contact Center Domain Manager (CCDM) | Unknown | Investigation | source | |
| Cisco | Cisco Contact Center Management Portal (CCMP) | Unknown | Investigation | source | |
| Cisco | Cisco Emergency Responder | Unknown | Not vuln | source | |
| Cisco | Cisco Enterprise Chat and Email | Unknown | Investigation | source | |
| Cisco | Cisco Finesse | Unknown | Investigation | source | |
| Cisco | Cisco Packaged Contact Center Enterprise | Unknown | Investigation | source | |
| Cisco | Cisco Paging Server (InformaCast) | Unknown | Investigation | source | |
| Cisco | Cisco Paging Server | Unknown | Investigation | source | |
| Cisco | Cisco Unified Attendant Console Advanced | Unknown | Investigation | source | |
| Cisco | Cisco Unified Attendant Console Business Edition | Unknown | Investigation | source | |
| Cisco | Cisco Unified Attendant Console Department Edition | Unknown | Investigation | source | |
| Cisco | Cisco Unified Attendant Console Enterprise Edition | Unknown | Investigation | source | |
| Cisco | Cisco Unified Attendant Console Premium Edition | Unknown | Investigation | source | |
| Cisco | Cisco Unified Contact Center Enterprise | Unknown | Investigation | source | |
| Cisco | Cisco Unified Contact Center Express | Unknown | Investigation | source | |
| Cisco | Cisco Unified Customer Voice Portal | Unknown | Not vuln | source | |
| Cisco | Cisco Unified Intelligent Contact Management Enterprise | Unknown | Investigation | source | |
| Cisco | Cisco Unified SIP Proxy Software | Unknown | Investigation | source | |
| Cisco | Cisco Virtualized Voice Browser | Unknown | Investigation | source | |
| Cisco | Exony Virtualized Interaction Manager (VIM) | Unknown | Investigation | source | |
| Cisco | Cisco Expressway Series | Unknown | Not vuln | source | |
| Cisco | Cisco Meeting Server | Unknown | Investigation | source | |
| Cisco | Cisco TelePresence Management Suite | Unknown | Investigation | source | |
| Cisco | Cisco TelePresence Video Communication Server (VCS) | Unknown | Not vuln | source | |
| Cisco | Cisco Vision Dynamic Signage Director | Unknown | Investigation | source | |
| Cisco | Cisco Mobility Services Engine | Unknown | Investigation | source | |
| Cisco | Cisco CX Cloud Agent Software | Unknown | Investigation | source | |
| Cisco | Cisco Cloud Email Security | Unknown | Investigation | source | |
| Cisco | Cisco Cognitive Intelligence | Unknown | Investigation | source | |
| Cisco | Cisco Common Services Platform Collector | Unknown | Investigation | source | |
| Cisco | Cisco Connectivity | Unknown | Investigation | source | |
| Cisco | Cisco DNA Spaces | Unknown | Investigation | source | |
| Cisco | Cisco Defense Orchestrator | Unknown | Investigation | source | |
| Cisco | Cisco Intersight | Unknown | Investigation | source | |
| Cisco | Cisco IoT Operations Dashboard | Unknown | Investigation | source | |
| Cisco | Cisco Kinetic for Cities | Unknown | Investigation | source | |
| Cisco | Cisco Network Assessment (CNA) Tool | Unknown | Investigation | source | |
| Cisco | Cisco Umbrella | Unknown | Investigation | source | |
| Cisco | Managed Services Accelerator (MSX) Network Access Control Service | Unknown | Investigation | source | |
| Cisco | AppDynamics | <21.12.0 | Fix | source | |
| Cisco | Cisco Webex Meetings Server | Unknown | Vulnerable | source | |
| Cisco | Cisco Evolved Programmable Network Manager | Unknown | Vulnerable | source | |
| Cisco | Cisco Integrated Management Controller (IMC) Supervisor | Unknown | Vulnerable | source | |
| Cisco | Cisco Intersight Virtual Appliance | Unknown | Vulnerable | source | |
| Cisco | Cisco UCS Director | Unknown | Vulnerable | source | |
| Cisco | Cisco Unified Contact Center Enterprise - Live Data server | Unknown | Vulnerable | source | |
| Cisco | Cisco Video Surveillance Operations Manager | Unknown | Vulnerable | source | |
| Cisco | Cisco Unified Communications Manager Cloud | Unknown | Vulnerable | source | |
| Cisco | Cisco Webex Cloud-Connected UC (CCUC) | Unknown | Vulnerable | source | |
| Cisco | Duo | Unknown | Fix | source | |
| Cisco | Cisco Jabber Guest | All versions | Not vuln | source | |
| Cisco | Cisco Cloud Services Platform 2100 | All versions | Not vuln | source | |
| Cisco | Cisco Cloud Services Platform 5000 Series | All versions | Not vuln | source | |
| Cisco | Cisco Tetration Analytics | All versions | Not vuln | source | |
| Cisco | Cisco Adaptive Security Device Manager | Unknown | Not vuln | source | |
| Cisco | Cisco Registered Envelope Service | Unknown | Not vuln | source | |
| Cisco | Cisco Business Process Automation | Unknown | Not vuln | source | |
| Cisco | Cisco CloudCenter Action Orchestrator | Unknown | Not vuln | source | |
| Cisco | Cisco Container Platform | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Access Registrar | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Cable Provisioning | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Collaboration Deployment | Unknown | Not vuln | source | |
| Cisco | Cisco Prime IP Express | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Network Registrar | Unknown | Not vuln | source | |
| Cisco | Cisco Prime Performance Manager | Unknown | Not vuln | source | |
| Cisco | Cisco Security Manager | Unknown | Not vuln | source | |
| Cisco | Cisco UCS Central Software | Unknown | Not vuln | source | |
| Cisco | Cisco IOS XR Software | Unknown | Not vuln | source | |
| Cisco | Cisco Nexus 3000 Series Switches | Unknown | Not vuln | source | |
| Cisco | Cisco Nexus 9000 Series Switches in standalone NX-OS mode | Unknown | Not vuln | source | |
| Cisco | Cisco UCS C-Series Rack Servers - Integrated Management Controller | Unknown | Not vuln | source | |
| Cisco | Cisco Hosted Collaboration Mediation Fulfillment | Unknown | Not vuln | source | |
| Cisco | Cisco Unified Communications Domain Manager | Unknown | Not vuln | source | |
| Cisco | Cisco Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition | Unknown | Not vuln | source | |
| Cisco | Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) | Unknown | Not vuln | source | |
| Cisco | Cisco Unified Intelligence Center | Unknown | Not vuln | source | |
| Cisco | Cisco Unity Connection | Unknown | Not vuln | source | |
| Cisco | Cisco Unity Express | Unknown | Not vuln | source | |
| Cisco | Cisco Ultra Packet Core | Unknown | Not vuln | source | |
| Cisco | Cisco Smart Software Manager On-Prem | Unknown | Not vuln | source | |
| CIS-CAT | CIS-CAT Pro Assessor | 4.12.0 and below | Vulnerable | Found by manual scanning | [proof] (https://ibb.co/98kyxqK) |
| Citrix | NetScaler ADC | Unknown | Investigation | Implementation not using WlonNS feature, is not impacted | source |
| Citrix | NetScaler Gateway | Unknown | Investigation | source | |
| Citrix | Analytics | Unknown | Investigation | source | |
| Citrix | Application Delivery Management (NetScaler MAS) | Unknown | Not vuln | source | |
| Citrix | Hypervisor (XenServer) | Unknown | Not Vuln | source | |
| Citrix | SD-WAN | Unknown | Investigation | source | |
| Citrix | Virtual Apps and Desktops (XenApp & XenDesktop) | Unknown | Investigation | source | |
| Citrix | Workspace | Unknown | Investigation | source | |
| Citrix | Workspace App | Unknown | Not vuln | source | |
| Citrix | Sharefile | Unknown | Investigation | source | |
| cPanel | cPanel | Unknown | Mitigation | source | |
| Commvault | All products | All versions | Not vulnerable | source | |
| Commvault | Cloud Apps & Oracle & MS-SQL | All supported versions | vulnerable | source | |
| Connect2id | Connect2id server | < 12.5.1 | Fix | source | |
| Connectwise | Perch | Unknown | Fix | source | |
| Connectwise | Manage on-premise's Global Search | Unknown | Mitigation | source | |
| Connectwise | Marketplace | Unknown | Mitigation | source | |
| Connectwise | Global search capability of Manage Cloud | Unknown | Mitigation | source | |
| Connectwise | StratoZen | Unknown | Mitigation | Urgent action for self-hosted versions | source |
| Contrast | Hosted SaaS Enviroments | All | Fix | source | |
| Contrast | On-premises (EOP) Environments | All | Fix/Mitigation | source | |
| Contrast | Java Agent | All | Not vuln | source | |
| Contrast | Scan | All | Fix | source | |
| ControlUp | All products | All versions | Fix | source | |
| Coralogix | Coralogix | Unknown | Fix | source | |
| Couchbase | Couchbase ElasticSearch connector | < 4.3.3 & 4.2.13 | Fix | source | |
| Cryptshare | Cryptshare Server | All | Not vuln | source | |
| Cryptshare | Cryptshare for Outlook | All | Not vuln | source | |
| Cryptshare | Cryptshare for Notes | All | Not vuln | source | |
| Cryptshare | Cryptshare for NTA 7516 | All | Not vuln | source | |
| Cryptshare | Cryptshare .NET API | All | Not vuln | source | |
| Cryptshare | Cryptshare Java API | All | Not vuln | source | |
| Cryptshare | Cryptshare Robot | All | Not vuln | source | |
| Cyberark | PAS Self Hosted | Not Vuln | source | ||
| Cybereason | All Cybereason products | Unknown | Not vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| DatadogHQ | Datadog Agent | 6 < 6.32.2, 7 < 7.32.2 | Fix/workaround | JMX monitoring component leverages an impacted version of log4j | source |
| Datto | All Datto products | Unknown | Not vuln | source | |
| Debian | Apache-log4j.1.2 | stretch, buster, bullseye | Fix | source | |
| Debian | Apache-log4j2 | stretch, buster, bullseye | Fix | source | |
| Dell | BSAFE Crypto-C Micro Edition | Unknown | Not vuln | source | |
| Dell | BSAFE Crypto-J | Unknown | Not vuln | source | |
| Dell | BSAFE Micro Edition Suite | Unknown | Not vuln | source | |
| Dell | Centera | Unknown | Not vuln | source | |
| Dell | Chassis Management Controller (CMC) | Unknown | Not vuln | source | |
| Dell | Cloudlink | Unknown | Not vuln | source | |
| Dell | Cloud Mobility for Dell EMC Storage | Unknown | Not vuln | source | |
| Dell | Data Domain OS | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | Disk Library for Mainframe | Unknown | Not vuln | source | |
| Dell | Embedded NAS | Unknown | Not vuln | source | |
| Dell | EMC Cloud Disaster Recovery | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | EMC DataIQ | Unknown | Not vuln | source | |
| Dell | EMC ECS | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | EMC Integrated System for Microsoft Azure Stack Hub | Unknown | Not vuln | source | |
| Dell | EMC License Manager | Unknown | Not vuln | source | |
| Dell | EMC NetWorker | Unknown | Investigation | source | |
| Dell | EMC Networking Onie | Unknown | Not vuln | source | |
| Dell | EMC ObjectScale | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | EMC PowerFlex Appliance | Unknown | Not vuln | source | |
| Dell | EMC PowerFlex Manager | Unknown | Investigation | source | |
| Dell | EMC PowerFlex Rack | Unknown | Not vuln | source | |
| Dell | EMC PowerMax | Unknown | Not vuln | source | |
| Dell | EMC PowerPath Management Appliance | Unknown | Investigation | source | |
| Dell | EMC PowerPath | Unknown | Investigation | source | |
| Dell | EMC PowerProtect Cyber Recovery | Unknown | Investigation | source | |
| Dell | EMC PowerProtect Data Manager | Unknown | Investigation | source | |
| Dell | EMC PowerProtect DP Series Appliance (iDPA) | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | EMC PowerScale OneFS | Unknown | Not vuln | source | |
| Dell | EMC PowerShell for PowerMax | Unknown | Investigation | source | |
| Dell | EMC PowerShell for Powerstore | Unknown | Investigation | source | |
| Dell | EMC PowerShell for Unity | Unknown | Investigation | source | |
| Dell | EMC PowerStore | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | EMC PowerSwitch Z9264F-ON BMC, Dell EMC PowerSwitch Z9432F-ON BMC | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | EMC RecoverPoint | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | EMC Repository Manager (DRM) | Unknown | Investigation | source | |
| Dell | EMC SourceOne | Unknown | Investigation | source | |
| Dell | EMC SRM vApp | Unknown | Investigation | source | |
| Dell | EMC Streaming Data Platform | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | EMC Systems Update (DSU) | Unknown | Investigation | source | |
| Dell | EMC Unity | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | EMC Virtual Storage Integrator | Unknown | Investigation | source | |
| Dell | EMC VPLEX | Unknown | Investigation | source | |
| Dell | EMC VxRail | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | EMC XtremIO | Unknown | Investigation | source | |
| Dell | Enterprise Hybrid Cloud | Unknown | Investigation | source | |
| Dell | GeoDrive | Unknown | Investigation | source | |
| Dell | Hybrid Client (DHC) | Unknown | Not vuln | source | |
| Dell | ImageAssist | Unknown | Not vuln | source | |
| Dell | Insight IQ | Unknown | Not vuln | source | |
| Dell | Integrated Dell Remote Access Controller (iDRAC) | Unknown | Not vuln | source | |
| Dell | IsilonSD Management Server | Unknown | Investigation | source | |
| Dell | Mainframe Enablers | Unknown | Investigation | source | |
| Dell | MyDell Mobile | Unknown | Not vuln | source | |
| Dell | NetWorker Management Console | Unknown | Investigation | source | |
| Dell | NetWorker MM for Hyper-V | Unknown | Investigation | source | |
| Dell | Networking N-Series | Unknown | Investigation | source | |
| Dell | Networking OS9 | Unknown | Not vuln | source | |
| Dell | Networking OS | Unknown | Not vuln | source | |
| Dell | Networking SD-WAN Edge | Unknown | Investigation | source | |
| Dell | Networking W-Series | Unknown | Investigation | source | |
| Dell | Networking X-Series | Unknown | Investigation | source | |
| Dell | OMIMSSC (OpenManage Integration for Microsoft System Center) | Unknown | Investigation | source | |
| Dell | OpenManage Change Management | Unknown | Investigation | source | |
| Dell | OpenManage Enterprise | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | OpenManage Integration for Microsoft System Center for System Center Operations Manager | Unknown | Not vuln | source | |
| Dell | OpenManage Integration with Microsoft Windows Admin Center | Unknown | Investigation | source | |
| Dell | Open Management Enterprise - Modular | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | Open Manage Mobile | Unknown | Not vuln | source | |
| Dell | OpenManage Network Integration | Unknown | Not vuln | source | |
| Dell | Open Manage Server Administrator | Unknown | Investigation | source | |
| Dell | PowerEdge BIOS | Unknown | Not vuln | source | |
| Dell | Remotely Anywhere | Unknown | Not vuln | source | |
| Dell | Secure Connect Gateway (SCG) 5.0 Appliance | Unknown | Not vuln | source | |
| Dell | Smart Fabric Storage Software | Unknown | Not vuln | source | |
| Dell | Solutions Enabler | Unknown | Not vuln | source | |
| Dell | Sonic | Unknown | Not vuln | source | |
| Dell | SRS Policy Manager | Unknown | Investigation | source | |
| Dell | SRS VE | Unknown | Not vuln | source | |
| Dell | SupportAssist Client Commercial | Unknown | Not vuln | source | |
| Dell | SupportAssist Client Consumer | Unknown | Not vuln | source | |
| Dell | SupportAssist Enterprise | Unknown | Investigation | source | |
| Dell | Unisphere Central | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | Unisphere for PowerMax | Unknown | Not vuln | source | |
| Dell | Vblock | Unknown | Investigation | source | |
| Dell | ViPR Controller | Unknown | Investigation | source | |
| Dell | VNX2 | Unknown | Not vuln | source | |
| Dell | VNX Control Station | Unknown | Not vuln | source | |
| Dell | Vsan Ready Nodes | Unknown | Investigation | source | |
| Dell | VxBlock | Unknown | Investigation | source | |
| Dell | VxFlex Ready Nodes | Unknown | Investigation | source | |
| Dell | Wyse Management Suite Import Tool | Unknown | Not vuln | source | |
| Dell | Wyse Management Suite | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Dell | Wyse Proprietary OS (ThinOS) | Unknown | Not vuln | source | |
| Dell | Wyse Windows Embedded | Unknown | Vulnerable | Fix Release Timeline TBD | source |
| Docker | Docker infrastructure | Unknown | Not vuln | Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. | source |
| Dropwizard | Dropwizard | Unknown | Not vuln | Only vulnerable if you manually added Log4j | source |
| Dynatrace | Dynatrace Cloud Services | Unknown | Fix | source | |
| Dynatrace | ActiveGates | 1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926 | Fix | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| EAL | ATS Classic | All Versions | Not Vuln | See vendor-statements | |
| Elastic | APM Java Agent | 1.17.0-1.28.0 | Workaround | Only vulnerable with specific configuration | source |
| Elastic | APM Server | Not Vuln | source | ||
| Elastic | Beats | Not Vuln | source | ||
| Elastic | Cmd | Not Vuln | source | ||
| Elastic | Elastic Agent | Not Vuln | source | ||
| Elastic | Elastic Cloud | Not Vuln | source | ||
| Elastic | Elastic Cloud Enterprise | Not Vuln | source | ||
| Elastic | Elastic Cloud on Kubernetes | Not Vuln | source | ||
| Elastic | Elastic Endgame | Not Vuln | source | ||
| Elastic | Elastic Maps Service | Not Vuln | source | ||
| Elastic | Elasticsearch | < 6.8.21, < 7.16.1 | Workaround | Information leakage vulnerability | source |
| Elastic | Endpoint Security | Not Vuln | source | ||
| Elastic | Enterprise Search | Not Vuln | source | ||
| Elastic | Fleet Server | Not Vuln | source | ||
| Elastic | Kibana | Not Vuln | source | ||
| Elastic | Logstash | < 6.8.21, < 7.16.1 | Workaround | source | |
| Elastic | Machine Learning | Not Vuln | source | ||
| Elastic | Swiftype | Investigation | source | ||
| ELO | Digital Office | Not Vuln | source | ||
| ESET | All products | Unknown | Not vuln | source | |
| Esri | ArcGIS Enterprise and related products | < 10.8.0 | Vulnerable | source | |
| EVL Labs | JGAAP | <8.0.2 | Fix | source | |
| eXtreme Hosting | All products | Unknown | Not vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| F5 | All products | Not Vuln | F5 products themselves are not vulnerable, but F5 published guidance on mitigating through BIG-IP ASM/Advanced WAF and NGINX App Protect | source | |
| FileCap | All products | <5.1.0 | Vulnerable | Fix: 5.1.1 | source |
| Fiix | CMMS core | V5 | Fix | source | |
| Forcepoint | DLP Manager | Workaround | source | ||
| Forcepoint | Forcepoint Cloud Security Gateway (CSG) | Not vuln | source | ||
| Forcepoint | Next Generation Firewall (NGFW) | Not vuln | source | ||
| Forcepoint | Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder | Not vuln | source | ||
| Forcepoint | One Endpoint | Not vuln | source | ||
| Forcepoint | Security Manager (Web, Email and DLP) | Workaround | source | ||
| ForgeRock | Autonomous Identity | Workaround | all other ForgeRock products not vuln | source | |
| Fortinet | FortiAIOps | Vulnerable | source | ||
| Fortinet | FortiAnalyzer Cloud | Not Vuln | source | ||
| Fortinet | FortiAnalyzer | Not Vuln | source | ||
| Fortinet | FortiAP | Not Vuln | source | ||
| Fortinet | FortiAuthenticator | Not Vuln | source | ||
| Fortinet | FortiCASB | Vulnerable | source | ||
| Fortinet | FortiConvertor | Vulnerable | source | ||
| Fortinet | FortiDeceptor | Not Vuln | source | ||
| Fortinet | FortiEDR Agent | Not Vuln | source | ||
| Fortinet | FortiEDR Cloud | Vulnerable | source | ||
| Fortinet | FortiGate Cloud | Not Vuln | source | ||
| Fortinet | FortiGSLB Cloud | Not Vuln | source | ||
| Fortinet | FortiMail | Not Vuln | source | ||
| Fortinet | FortiManager Cloud | Not Vuln | source | ||
| Fortinet | FortiManager | Not Vuln | source | ||
| Fortinet | FortiNAC | Vulnerable | source | ||
| Fortinet | FortiNAC | Vulnerable | source | ||
| Fortinet | FortiOS (includes FortiGate & FortiWiFi) | Not Vuln | source | ||
| Fortinet | FortiPhish Cloud | Not Vuln | source | ||
| Fortinet | FortiPolicy | Vulnerable | source | ||
| Fortinet | FortiPortal | Vulnerable | source | ||
| Fortinet | FortiRecorder | Not Vuln | source | ||
| Fortinet | FortiSIEM | Vulnerable | source | ||
| Fortinet | FortiSOAR | Vulnerable | source | ||
| Fortinet | FortiSwitch Cloud in FortiLANCloud | Not Vuln | source | ||
| Fortinet | FortiSwitch & FortiSwitchManager | Not Vuln | source | ||
| Fortinet | FortiToken Cloud | Not Vuln | source | ||
| Fortinet | FortiVoice | Not Vuln | source | ||
| Fortinet | FortiWeb Cloud | Not Vuln | source | ||
| Fortinet | ShieldX | Vulnerable | source | ||
| F-Secure | Endpoint Proxy | 13-15 | Fix | source | |
| F-Secure | Policy Manager | 13-15 | Fix | source | |
| F-Secure | Policy Manager Proxy | 13-15 | Fix | source | |
| FusionAuth | FusionAuth | 1.32 | Not Vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Genesys | All products | Investigation | source | ||
| GFI Software | Kerio Connect | Vulnerable | source | ||
| GoAnywhere | MFT | Unknown | Workaround | source | |
| GoAnywhere | Gateway | Unknown | Workaround | source | |
| GoAnywhere | Agents | Unknown | Workaround | source | |
| Graylog | Graylog | < 3.3.15,<4.0.14,<4.1.9,<4.2.3 | Fix | source | |
| GuardedBox | GuardedBox | <3.1.2 | Fix | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| HackerOne | Unknown | Unknown | Fix | source | |
| Hashicorp | All products | Not Vuln | source | ||
| HCL Software | BigFix Compliance | Unknown | Workaround | source | |
| HCL Software | BigFix Inventory | Unknown | Workaround | source | |
| HCL Software | BigFix Compliance | Unknown | Investigation | source | |
| HCL Software | BigFix Compliance | Unknown | Investigation | source | |
| Hexagon | M.App Enterprise | Unknown | Investigation | Might be vulnerable only when used with Geoprocessing Server | source |
| Hexagon | ERDAS APOLLO Advantage & Professional | Unknown | Investigation | source | |
| Hexagon | GeoMedia | Unknown | Not vuln | source | |
| Hexagon | IMAGINE | Unknown | Not vuln | source | |
| Hexagon | ImageStation | Unknown | Not vuln | source | |
| Hexagon | GeoMedia WebMap | Unknown | Not vuln | source | |
| Hexagon | Geospatial Portal | Unknown | Not vuln | source | |
| Hexagon | Geospatial SDI | Unknown | Not vuln | source | |
| Hexagon | GeoMedia SmartClient | Unknown | Not vuln | source | |
| Hexagon | ERDAS APOLLO Essentials | Unknown | Not vuln | source | |
| Hexagon | M.App Enterprise standalone or with Luciad Fusion | Unknown | Not vuln | source | |
| Hexagon | Luciad Fusion | Unknown | Not vuln | The only risk is if Log4J was implemented outside of the default product install | source |
| Hexagon | Luciad Lightspeed | Unknown | Not vuln | The only risk is if Log4J was implemented outside of the default product install | source |
| Hitachi Vantara | Pentaho | v8.3.x, v9.2.x | Not vuln | source | |
| HostiFi | Unifi hosting | Unknown | Fix | Hosted Unifi solution | source |
| Huawei | All products | Investigation | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| IBM | All products | Investigation | source | ||
| IBM | Curam SPM | 8.0.0, 7.0.11 | Vulnerable | source | |
| IBM | Sterling Order Management | Unknown | Not vuln | source | |
| IBM | Sterling Fulfillment Optimizer | Unknown | Vulnerable | source | |
| IBM | Sterling Inventory Visibility | Unknown | Vulnerable | source | |
| IBM | Websphere | 8.5 | Vulnerable | fix: PH42728 | source |
| IBM | Websphere | 9.0 | Vulnerable | fix: PH42728 | source |
| Inductive Automation | Ignition | All versions | Not Vuln | source | |
| Informatica | Axon | 7.2.x | Workaround | source | |
| Informatica | Data Privacy Management | 10.5, 10.5.1 | Workaround | source | |
| Informatica | Information Deployment Manager | Fix | source | ||
| Informatica | Metadata Manager | 10.4, 10.4.1, 10.5, 10.5.1 | Workaround | source | |
| Informatica | PowerCenter | 10.5.1 | Workaround | source | |
| Informatica | PowerExchange for CDC (Publisher) and Mainframe | 10.5.1 | Workaround | source | |
| Informatica | Product 360 | All versions | Workaround | source | |
| Informatica | Secure Agents (Cloud hosted) | Unknown | Fix | Fixed agents may need to be restarted | source |
| IronNet | All products | All verisons | Investigation | source | |
| Ivanti | All products | All versions | Not Vuln | No products are deemed affected at this moment | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| JFrog | all products | Not Vuln | source | ||
| Jamf Nation | Jamf Cloud | Unknown | Fix | source | |
| Jamf Nation | Jamf Pro (hosted on-prem) | < 10.34.1 | See notes | <10.14 vulnerable, 10.14-10.34 patch, >= 10.34.1 fix | source |
| Jamf Nation | Health Care Listener | Unknown | Not Vuln | source | |
| Jamf Nation | Jamf Connect | Unknown | Not Vuln | source | |
| Jamf Nation | Jamf Data Policy | Unknown | Not Vuln | source | |
| Jamf Nation | Jamf Infrastructure Manager | Unknown | Not Vuln | source | |
| Jamf Nation | Jamf Now | Unknown | Not Vuln | source | |
| Jamf Nation | Jamf Private Access | Unknown | Not Vuln | source | |
| Jamf Nation | Jamf Protect | Unknown | Not Vuln | source | |
| Jamf Nation | Jamf School | Unknown | Not Vuln | source | |
| Jamf Nation | Jamf Threat Defense | Unknown | Not Vuln | source | |
| Jazz/IBM | JazzSM DASH | Unknown | See notes | DASH on WebSphere Application Server requires mitigations | source |
| Jenkins | Jenkins CI | Unknown | Not Vuln | Invidivual plugins not developed as part of Jenkins core may be vulnerable. | source |
| JetBrains | YouTrack Standalone | >= 2019.2 <= 2021.4.34389 | Vuln | email, mitigation | |
| Jetbrains | TeamCity | Unknown | Investigation | source | |
| Jitsi | jitsi-videobridge | v2.1-595-g3637fda42 | Fix | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Kaseya | AuthAnvil | Unknown | Not Vuln | source | |
| Kaseya | BMS | Unknown | Not Vuln | source | |
| Kaseya | ID Agent DarkWeb ID and BullPhish ID | Unknown | Not Vuln | source | |
| Kaseya | IT Glue | Unknown | Not Vuln | source | |
| Kaseya | MyGlue | Unknown | Not Vuln | source | |
| Kaseya | Network Glue | Unknown | Not Vuln | source | |
| Kaseya | Passly | Unknown | Not Vuln | source | |
| Kaseya | RocketCyber | Unknown | Not Vuln | source | |
| Kaseya | Spannign Salesforce Backup | Unknown | Not Vuln | source | |
| Kaseya | Spanning O365 Backup | Unknown | Not Vuln | source | |
| Kaseya | Unitrends | Unknown | Not Vuln | source | |
| Kaseya | VSA SaaS and VSA On-Premises | Unknown | Not Vuln | source | |
| Kaseya | Vorex | Unknown | Not Vuln | source | |
| Kaseya | products not listed above | Unknown | Investigation | source | |
| Keycloak | Keycloak | all version | Not Vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| LeanIX | All products | All versions | Fix | source | |
| Lightbend | Akka | Unknown | Not Vuln | source | |
| Lightbend | Akka Serverless | Unknown | Not Vuln | source | |
| Lightbend | Lagom Framework | Unknown | Not Vuln by default | Users that switched from logback to log4j are affected | source |
| Lightbend | Play Framework | Unknown | Not Vuln by default | Users that switched from logback to log4j are affected | source |
| LogicMonitor | LogicMonitor SaaS Platform | Unknown | Fix | Automatic update before 13th December source | |
| The Linux Foundation | XCP-ng | All versions | Not vuln | source | |
| LiquidFiles | LiquidFiles | All versions | Not vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Mailcow | Mailcow Solr Docker | < 1.8 | Fix | source | |
| ManageEngine | ADAudit Plus | Unknown | Investigation | Third party components bundle log4j | |
| ManageEngine | ADManager Plus | Unknown | Investigation | Mitigation: set -Dlog4j2.formatMsgNoLookups=true in jvm.options. |
source |
| ManageEngine | Desktop Central | Unknown | Not Vuln | source | |
| McAfee | Data Exchange Layer (DXL) | Unknown | Investigation | source | |
| McAfee | Enterprise Security Manager (ESM) | Unknown | Investigation | source | |
| McAfee | McAfee Active Response (MAR) | Unknown | Investigation | source | |
| McAfee | Network Security Manager (NSM) | Unknown | Investigation | source | |
| McAfee | Network Security Platform (NSP) | Unknown | Investigation | source | |
| McAfee | Threat Intelligence Exchange (TIE) | Unknown | Investigation | source | |
| McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | Unknown | Not Vuln | source | |
| McAfee | ePolicy Orchestrator Application Server (ePO) | <= 5.10 CU10 | Not Vuln | source | |
| McAfee | ePolicy Orchestrator Application Server (ePO) | 5.10 CU11 | Investigation | source | |
| Memurai | All products | Not Vuln | source | ||
| Metabase | Metabase | <0.41.4 | Fix | Mitigations available for earlier versions | source |
| Microsoft | Microsoft provided additional guidance for preventing, detecting and hunting for exploitation | source, IOCs | |||
| Microsoft | Azure AD | Unknown | Not Vuln | ADFS itself is not vulnerable, federation providers may be | source |
| Microsoft | Azure App Service | Unknown | Not Vuln | This product itself is not vulnerable, Microsoft provides guidance on remediation for hosted applications | source |
| Microsoft | Azure Application Gateway | Unknown | Not Vuln | source | |
| Microsoft | Azure Front Door | Unknown | Not Vuln | source | |
| Microsoft | Azure WAF | Unknown | Not Vuln | source | |
| Microsoft | Kafka Connect for Azure Cosmo DB | < 1.2.1 | Fix | source | |
| Minecraft | Java edition | <1.18.1 | Fix | Mitigations available for earlier versions | source |
| MISP | MISP | All | Not vuln | source | |
| MONARC | MONARC | All | Not vuln | source | |
| MongoDB | Atlas Search | Unknown | Fix | Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered. | source |
| MongoDB | Atlas | Unknown | Not vuln | Including Atlas Database, Data Lake, Charts | source |
| MongoDB | Enterprise Advanced | Unknown | Not vuln | Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators. | source |
| MongoDB | Community Edition | Unknown | Not vuln | Including Community Server, Cloud Manager, Community Kubernetes Operators. | source |
| MongoDB | Drivers | Unknown | Not vuln | source | |
| MongoDB | Tools | Unknown | Not vuln | Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors | source |
| MongoDB | Realm | Unknown | Not vuln | including Realm Database, Sync, Functions, APIs | source |
| Moodle | Moodle | All | Not vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| N-able | Backup | Unknown | Not Vuln | source | |
| N-able | MSP Manager | Unknown | Not Vuln | source | |
| N-able | Mail Assure | Unknown | Not Vuln | source | |
| N-able | N-central | Unknown | Not Vuln | source | |
| N-able | Passportal | Unknown | Not Vuln | source | |
| N-able | RMM | Unknown | Fix | source | |
| N-able | Risk Intelligence | Unknown | Vulnerable | source | |
| N-able | Take Control | Unknown | Not Vuln | source | |
| Neo4j | Neo4j | > 4.2 | Vulnerable | Workaround is available, but not released yet. | source |
| Nelson | Nelson | 0.16.185 | Vulnerable | Workaround is available, but not released yet. | source |
| NetApp | Brocade SAN Naviator | Unknown | Investigation | source | |
| NetApp | Cloud Manager | Unknown | Vulnerable | source | |
| NetApp | Element Plug-in for vCenter Server | Unknown | Investigation | source | |
| NetApp | Management Services for Element Software and NetApp HCI | Unknown | Investigation | source | |
| NetApp | NetApp HCI Compute Node | Unknown | Investigation | source | |
| NetApp | NetApp SolidFire & HCI Management Node | Unknown | Investigation | source | |
| NetApp | NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO) | Unknown | Investigation | source | |
| NetApp | NetApp SolidFire, Enterprise SDS & HCI Storage | Unknown | Investigation | source | |
| NetApp | NetApp SolidFireStorage Replication Adapter | Unknown | Investigation | source | |
| Netflix | atlas | 1.6.6 | Workaround | source | |
| Netflix | dgs-framework | < 4.9.11 | Fix | fix | |
| Netflix | spectator | < 1.0.9 | Fix | fix | |
| Netflix | zuul | Unknown | Workaround | source | |
| NetIQ | Access Manager | > 4.5.x & > 5.0.x | Workaround | workaround | |
| Netwrix | Netwrix Auditor | Not vuln | source | ||
| New Relic | Java Agent | 6.5.1 & 7.4.1 | Fix | source | |
| NextGen Healthcare | Mirth | Unknown | Not Vuln | source | |
| NSA | Ghidra | < 10.1 | Fix | source, fix | |
| Nutanix | AOS | All versions | Vulnerable | Patch pending | source |
| Nutanix | AHV | All versions | Unknown | Investigating | source |
| Nutanix | Prism Central | All versions | Vulnerable | Patch pending | source |
| Nutanix | Flow Security Central | All versions | Unknown | source | |
| Nutanix | Files | All versions | Unknown | Investigating | source |
| Nutanix | Objects | All versions | Unknown | Investigating | source |
| Nutanix | Volumes | All versions | Vulnerable | Patch pending | source |
| Nutanix | Mine | All versions | Unknown | Investigating | source |
| Nutanix | Era | All versions | Unknown | Investigating | source |
| Nutanix | X-Ray | All versions | Unknown | Investigating | source |
| Nutanix | LCM | All versions | Unknown | Investigating | source |
| Nutanix | Move | All versions | Unknown | Investigating | source |
| Nutanix | NCC | All versions | Unknown | Investigating | source |
| Nutanix | Foundation | All versions | Unknown | Investigating | source |
| Nutanix | Karbon | All versions | Vulnerable | Patch pending | source |
| Nutanix | Leap | All versions | Vulnerable | Patch pending | source |
| Nutanix | Calm | All versions | Vulnerable | Patch pending | source |
| Nutanix | Beam | All versions | Vulnerable | Patch pending | source |
| Nutanix | Frame | All versions | Not Vuln | source | |
| Nutanix | Sizer | Unknown | Fix | See advisory | source |
| Nutanix | Insights | All versions | Vulnerable | Patch pending | source |
| NXLog | NXLog Manager | 5.x | Not Vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Obsidian Dynamics | kafdrop | all | Investigation | source | |
| Okta | AD Agent | Unknown | Not Vuln | source | |
| Okta | Access Gateway | Unknown | Not Vuln | source | |
| Okta | Advanced Server Access | Unknown | Not Vuln | source | |
| Okta | Browser Plugin | Unknown | Not Vuln | source | |
| Okta | IWA Web Agent | Unknown | Not Vuln | source | |
| Okta | LDAP Agent | Unknown | Not Vuln | source | |
| Okta | Mobile | Unknown | Not Vuln | source | |
| Okta | On-Prem MFA Agent | <1.4.6 | Fix | source, fix | |
| Okta | Radius Server Agent | 2.17.0 | Fix | source/fix | |
| Okta | Verify | Unknown | Not Vuln | source | |
| Okta | Workflow | Unknown | Not Vuln | source | |
| Okta | RADIUS Server Agent | <2.17.0 | Fix | source, fix | |
| OpenMRS | Talk | 2.4.0-2.4.1 | Vulnerable | Mitigations are available, pending a new release | source |
| OpenNMS | Horizon (including derived Sentinels) | < 29.0.3 | Fix | Workarounds are available too for earlier versions | source |
| OpenNMS | Meridian (including derived Minions and Sentinels) | < 2021.1.8, 2020.1.15, 2019.1.27 | Fix | Workarounds are available too for earlier versions | source |
| OpenNMS | Minion appliance | Unknown | Fix | source | |
| OpenNMS | PoweredBy OpenNMS | Unknown | Workaround | source | |
| OpenSearch | OpenSearch | < 1.2.1 | Fix | source | |
| Oracle | Database | Unknown | Not Vuln | source, Support note 2827611.1 | |
| Oracle | Fusion Middleware | Unknown | Fix | source, Support note 209768.1, Support note 2827611.1 | |
| Oracle | Oracle Enterprise Manager | Unknown | Not Vuln | source, Support note 209768.1, Support note 2827611.1 | |
| Oracle | Oracle WebLogic Server | Unknown | Not Vuln | source, Support note 209768.1, Support note 2827611.1 | |
| Oracle | Oracle HTTP Server | Unknown | Not Vuln | source, Support note 209768.1, Support note 2827611.1 | |
| Oracle | Oracle Internet Directory | Unknown | Not Vuln | source, Support note 209768.1, Support note 2827611.1 | |
| Oracle | Oracle SOA Suite | Unknown | Vulnerable | source, Support note 2827611.1 | |
| Oracle | Oracle Fusion Middleware Infrastructure | Unknown | Vulnerable | source, Support note 2827611.1 | |
| Oracle | Oracle Access Manager | Unknown | Vulnerable | source, Support note 2827611.1 | |
| Oracle | Oracle eBusiness Suite | Unknown | Vulnerable | source, Support note 2827611.1 | |
| Oracle | Oracle Policy Automation (OPA) | Unknown | Vulnerable | source, Support note 2827611.1 | |
| Oracle | NoSQL Database | Unknown | Vulnerable | source, Support note 2827611.1 | |
| Oracle | Oracle WebCenter Portal | Unknown | Vulnerable | source, Support note 2827611.1 | |
| Oracle | Oracle Data Integrator (ODI) | Unknown | Fix | [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) | source, Support note 2827611.1, Support Note 2827793.1 |
| Oracle | Oracle WebCenter Sites | Unknown | Fix | [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) | source, Support note 2827611.1, Support Note 2827793.1 |
| Oracle | Oracle Enterprise Repository | Unknown | Fix | [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) | source, Support note 2827611.1, Support Note 2827793.1 |
| Oracle | Oracle JDeveloper | Unknown | Fix | [Patch Available, Support Note 2827793.1] (https://support.oracle.com/rs?type=doc&id=2827793.1) | source, Support note 2827611.1, Support Note 2827793.1 |
| openHAB | openHAB | 3.0.4, 3.1.1 | Fix | source | |
| OTRS | All products | Not Vuln | source | ||
| OWASP | ZAP | < 2.11.1 | Fix | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| PagerDuty | Rundeck | 3.3+ | Fix | No statement from PagerDuty yet. | source |
| Palo Alto | WildFire Appliance | Not Vuln | source | ||
| Palo Alto | Prisma Cloud Compute | Not Vuln | source | ||
| Palo Alto | Prisma Cloud | Not Vuln | source | ||
| Palo Alto | PAN-OS | Not Vuln | source | ||
| Palo Alto | GlobalProtect App | Not Vuln | source | ||
| Palo Alto | Cortex XSOAR | Not Vuln | source | ||
| Palo Alto | Cortex XDR Agent | Not Vuln | source | ||
| Palo Alto | CloudGenix | Not Vuln | source | ||
| Palo Alto | Bridgecrew | Not Vuln | source | ||
| PaperCut | PaperCut MF | >= 21.0 | Workaround | source | |
| PaperCut | PaperCut NG | >= 21.0 | Workaround | source | |
| PaperCut | PaperCut Hive | Not vuln | source | ||
| PaperCut | PaperCut Pocket | Not vuln | source | ||
| PaperCut | PaperCut Views | Not vuln | source | ||
| PaperCut | PaperCut Print Logger | Not vuln | source | ||
| PaperCut | PaperCut MobilityPrint | Not vuln | source | ||
| PaperCut | PaperCut MultiVerse | Not vuln | source | ||
| PaperCut | PaperCut Online Services | Not vuln | source | ||
| Parallels | Remote Application Server | All versions | Not Vuln | source | |
| Pega | Pega Platform | On Prem | Fix | source | |
| Planon Software | Planon Universe | all | Not vuln | source | |
| Plex | Industrial IoT | Not vuln | Mitigation already applied, patch will be issued today | source | |
| Postgres | PostgreSQL JDBC | Not vuln | source | ||
| Progress | OpenEdge | Workaround | source, mitigations | ||
| Progress | DataDirect Hybrid Data Pipeline | Workaround | source, mitigations | ||
| Portex | Portex | <3.0.2 | Fix | source | |
| Pulse Secure | Pulse Secure Virtual Traffic Manager | Not Vuln | source | ||
| Pulse Secure | Pulse Secure Services Director | Not Vuln | source | ||
| Pulse Secure | Pulse Secure Web Application Firewall | Not Vuln | source | ||
| Pulse Secure | Pulse Connect Secure | Not Vuln | source | ||
| Pulse Secure | Ivanti Connect Secure (ICS) | Not Vuln | source | ||
| Pulse Secure | Pulse Policy Secure | Not Vuln | source | ||
| Pulse Secure | Pulse Desktop Client | Not Vuln | source | ||
| Pulse Secure | Pulse Mobile Client | Not Vuln | source | ||
| Pulse Secure | Pulse One | Not Vuln | source | ||
| Pulse Secure | Pulse ZTA | Not Vuln | source | ||
| Pulse Secure | Ivanti Neurons for ZTA | Not Vuln | source | ||
| Pulse Secure | Ivanti Neurons for secure Access | Not Vuln | source | ||
| Puppet | Continuous Delivery for Puppet Enterprise | 3.x, < 4.10.2 | Fix | Update available for version 4.x, mitigations for 3.x which is EOL | source, workaround,mitigations |
| Puppet | Puppet agents | Not Vuln | source | ||
| Puppet | Puppet Enterprise | Not Vuln | source | ||
| PTV xServer internet 1 / PTV xServer internet 2 | PTV xServer internet 1 / PTV xServer internet 2 | Unknown | Fix | source | |
| PTV TLN planner internet | PTV TLN planner internet | Unknown | Fix | source | |
| PTV Route Optimizer SaaS / Demonstrator | PTV Route Optimizer SaaS / Demonstrator | Unknown | Fix | source | |
| PTV Developer | PTV Developer | Unknown | Fix | source | |
| PTV Visum Publisher | PTV Visum Publisher | Unknown | Fix | source | |
| PTV xServer 2.x (on prem) | PTV xServer 2.x (on prem) | Unknown | Vulnerable | source | |
| PTV xServer 1.34 (on prem) | PTV xServer 1.34 (on prem) | Unknown | Vulnerable | source | |
| PTV MaaS Modeller | PTV MaaS Modeller | Unknown | Vulnerable | source | |
| PTV Route Optimiser CL | PTV Route Optimiser CL | Unknown | Investigation | source | |
| PTV Route Optimiser ST | PTV Route Optimiser ST | Unknown | Investigation | source | |
| PTV Map&Market | PTV Map&Market | Unknown | Investigation | source | |
| PTV Arrival Board / Trip Creator / EM Portal | PTV Arrival Board / Trip Creator / EM Portal | Unknown | Investigation | source | |
| PTV Drive&Arrive | PTV Drive&Arrive | Unknown | Investigation | source | |
| PTV xServer < 1.34 (on prem) | PTV xServer < 1.34 (on prem) | Unknown | Not vuln | source | |
| PTV Road Editor | PTV Road Editor | Unknown | Not vuln | source | |
| PTV Map&Guide internet | PTV Map&Guide internet | Unknown | Not vuln | source | |
| PTV Map&Guide intranet | PTV Map&Guide intranet | Unknown | Not vuln | source | |
| PTV Navigator Licence Manager | PTV Navigator Licence Manager | Unknown | Not vuln | source | |
| PTV Navigator App | PTV Navigator App | Unknown | Not vuln | source | |
| PTV Drive&Arrive App | PTV Drive&Arrive App | Unknown | Not vuln | source | |
| PTV Visum | PTV Visum | Unknown | Not vuln | source | |
| PTV Vissim | PTV Vissim | Unknown | Not vuln | source | |
| PTV Vistro | PTV Vistro | Unknown | Not vuln | source | |
| PTV Viswalk | PTV Viswalk | Unknown | Not vuln | source | |
| PTV Balance and PTV Epics | PTV Balance and PTV Epics | Unknown | Not vuln | source | |
| PTV Hyperpath | PTV Hyperpath | Unknown | Not vuln | source | |
| PTV TRE and PTV Tre-Addin | PTV TRE and PTV Tre-Addin | Unknown | Not vuln | source | |
| PTV Optima | PTV Optima | Unknown | Not vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| QlikTech International | Compose | Investigation | source | ||
| QlikTech International | Nprinting | Not Vuln | source | ||
| QlikTech International | QEM products | Investigation | source | ||
| QlikTech International | Qlik Replicate | Investigation | source | ||
| QlikTech International | Qlik Sense Enterprise | Not Vuln | source | ||
| QlikTech International | QlikView | Not Vuln | source | ||
| QOS.ch | SLF4J Simple Logging Facade for Java | SLF4J API doesn't protect against the vulnerability when using a vulnerable version of log4j | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto | Vulnerable | source | ||
| Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive | Vulnerable | source | ||
| Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6 | Vulnerable | source | ||
| Red Hat | Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5 | Vulnerable | source | ||
| Red Hat | Red Hat OpenStack Platform 13 (Queens) opendaylight | Vulnerable | source | ||
| Red Hat | Red Hat OpenShift Logging logging-elasticsearch6-container | Vulnerable | source | ||
| Red Hat | Red Hat build of Quarkus | Vulnerable | source | ||
| Red Hat | Red Hat Descision Manager 7 | Vulnerable | source | ||
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | Vulnerable | source | ||
| Red Hat | Red Hat Process Automation 7 | Vulnerable | source | ||
| Red Hat | A-MQ Clients 2 | Not Vuln | source | ||
| Red Hat | Red Hat CodeReady Studio 12 | Vulnerable | source | ||
| Red Hat | Red Hat Data Grid 8 | Vulnerable | source | ||
| Red Hat | Red Hat Integration Camel K | Vulnerable | source | ||
| Red Hat | Red Hat Integration Camel Quarkus | Vulnerable | source | ||
| Red Hat | Red Hat JBoss A-MQ Streaming | Vulnerable | source | ||
| Red Hat | Red Hat JBoss Fuse 7 | Vulnerable | source | ||
| Red Hat | Red Hat OpenShift Application Runtimes | Vulnerable | source | ||
| Red Hat | Red Hat Single Sign-On 7 | Not Vuln | source | ||
| Red Hat | Red Hat JBoss Enterprise Application Platform 6 | Not Vuln | source | ||
| Redis | Redis Enterprise & Open Source | all | Not Vuln | Redis Enterprise and Open Source Redis (self-managed software product) does not use Java and is therefore not impacted by this vulnerability | source |
| RSA | SecurID Authentication Manager | Not Vuln | Version 8.6 Patch 1 contains a version of log4j that is vulnerable, but this vulnerability is not exploitable. | source | |
| RSA | SecurID Authentication Manager Prime | Not Vuln | source | ||
| RSA | SecurID Authentication Manager WebTier | Not Vuln | source | ||
| RSA | SecurID Identity Router (On-Prem component of Cloud Authentication Service) | Not Vuln | source | ||
| RSA | SecurID Governance and Lifecycle (SecurID G&L) | Not Vuln | source | ||
| RSA | SecurID Governance and Lifecycle Cloud (SecurID G&L Cloud) | Not Vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Safe | FME Server | Investigation | source | ||
| Salesforce | All products | Investigation | source | ||
| SAS Institute | JMP | Not vuln | source | ||
| SAS Institute | SAS Profile | Fix | source | ||
| SAS Institute | SAS Cloud Solutions | Workaround | source | ||
| Security Onion Solutions | Security Onion | 2.3.90 20211210 | Fix | source | |
| Shibboleth | Shibboleth IdP/SP | Not Vuln | source | ||
| SolarWinds | Database Performance Analyzer | 2021.1.x, 2021.3.x, 2022.1.x | Workaround | source, workaround | |
| SolarWinds | Server & Application Monitor | >= 2020.2.6 | Workaround | source, workaround | |
| SolarWinds | Orion Platform core | Not vuln | source | ||
| SonarSource | SonarQube | Workaround | source | ||
| SonarSource | SonarCloud | Fix | source | ||
| SonicWall | Gen5 Firewalls (EOS) | Not Vuln | source | ||
| SonicWall | Gen6 Firewalls | Not Vuln | source | ||
| SonicWall | Gen7 Firewalls | Not Vuln | source | ||
| SonicWall | SonicWall Switch | Not Vuln | source | ||
| SonicWall | SMA 100 | Not Vuln | source | ||
| SonicWall | SMA 1000 | 12.1.0, 12.4.1 | Not Vuln | source | |
| SonicWall | Email Security | 10.x | Vulnerable | source | |
| SonicWall | MSW | Not Vuln | source | ||
| SonicWall | NSM | Not Vuln | source | ||
| SonicWall | Analyzer | Investigation | source | ||
| SonicWall | Analytics | Investigation | source | ||
| SonicWall | GMS | Investigation | source | ||
| SonicWall | Capture Client & Capture Client Portal | Not Vuln | source | ||
| SonicWall | CAS | Investigation | source | ||
| SonicWall | WAF | Investigation | source | ||
| SonicWall | Access Points | Not Vuln | source | ||
| SonicWall | WNM | Not Vuln | source | ||
| SonicWall | Capture Security Appliance | Not Vuln | source | ||
| SonicWall | WXA | Not Vuln | source | ||
| SonicWall | SonicCore | Not Vuln | source | ||
| Sophos | Sophos Central | Not Vuln | source | ||
| Sophos | Sophos Firewall | All | Not Vuln | source | |
| Sophos | SG UTM | All | Not Vuln | source | |
| Sophos | SG UTM Manager (SUM) | All | Not Vuln | source | |
| Sophos | Sophos ZTNA | Not Vuln | source | ||
| Sophos | Cloud Optix | Fix | source | ||
| Sophos | Sophos Home | Not Vuln | source | ||
| Sophos | Sophos Mobile | Not Vuln | source | ||
| Sophos | Sophos Mobile EAS Proxy | 9.7.2 | Fix | source | |
| Sophos | Reflexion | Not Vuln | source | ||
| Splunk | Add-On: Java Management Extensions | 3.0.0, 2.1.0 | Vulnerable | source | |
| Splunk | Add-On: JBoss | 3.0.0, 2.1.0 | Vulnerable | source | |
| Splunk | Add-On: Tomcat | 3.0.0, 2.1.0 | Vulnerable | source | |
| Splunk | Data Stream Processor | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | Vulnerable | source | |
| Splunk | IT Service Intelligence (ITSI) | 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x | Vulnerable | source | |
| Splunk | Splunk Connect for Kafka | <2.0.4 | Fix | source | |
| Splunk | Splunk Enterprise | All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used. | Workaround | source | |
| Splunk | Splunk Enterprise Amazon Machine Image (AMI) | see Splunk Enterprise | Workaround | source | |
| Splunk | Splunk Enterprise Docker Container | see Splunk Enterprise | Workaround | source | |
| Splunk | Splunk Logging Library for Java | <1.11.1 | Fix | source | |
| Splunk | Stream Processor Service | Current | Vulnerable | source | |
| Splunk | Admin Config Service | all | Not vuln | source | |
| Splunk | Analytics Workspace | all | Not vuln | source | |
| Splunk | Behavior Analytics | all | Not vuln | source | |
| Splunk | Dashboard Studio | all | Not vuln | source | |
| Splunk | Developer Tools: AppInspect | all | Not vuln | source | |
| Splunk | Enterprise Security | all | Not vuln | source | |
| Splunk | Intelligence Management (TruSTAR) | all | Not vuln | source | |
| Splunk | KV Service | all | Not vuln | source | |
| Splunk | Mission Control | all | Not vuln | source | |
| Splunk | MLTK | all | Not vuln | source | |
| Splunk | Operator for Kubernetes | all | Not vuln | source | |
| Splunk | Security Analytics for AWS | all | Not vuln | source | |
| Splunk | SignalFx Smart Agent | all | Not vuln | source | |
| Splunk | SOAR Cloud (Phantom) | all | Not vuln | source | |
| Splunk | SOAR (On-Premises) | all | Not vuln | source | |
| Splunk | Splunk Application Performance Monitoring | all | Not vuln | source | |
| Splunk | Splunk Augmented Reality | all | Not vuln | source | |
| Splunk | Splunk Cloud Data Manager (SCDM) | all | Not vuln | source | |
| Splunk | Splunk Connect for Kubernetes | all | Not vuln | source | |
| Splunk | Splunk Connect for SNMP | all | Not vuln | source | |
| Splunk | Splunk Connect for Syslog | all | Not vuln | source | |
| Splunk | Splunk DB Connect | all | Not vuln | source | |
| Splunk | Splunk Enterprise Cloud | all | Not vuln | source | |
| Splunk | Splunk Heavyweight Forwarder (HWF) | all | Not vuln | source | |
| Splunk | Splunk Infrastructure Monitoring | all | Not vuln | source | |
| Splunk | Splunk Log Observer | all | Not vuln | source | |
| Splunk | Splunk Mint | all | Not vuln | source | |
| Splunk | Splunk Mobile | all | Not vuln | source | |
| Splunk | Splunk Network Performance Monitoring | all | Not vuln | source | |
| Splunk | Splunk On-Call/Victor Ops | all | Not vuln | source | |
| Splunk | Splunk Open Telemetry Distributions | all | Not vuln | source | |
| Splunk | Splunk Profiling | all | Not vuln | source | |
| Splunk | Splunk Real User Monitoring | all | Not vuln | source | |
| Splunk | Splunk Secure Gateway (Spacebridge) | all | Not vuln | source | |
| Splunk | Splunk Synthetics | all | Not vuln | source | |
| Splunk | Splunk TV | all | Not vuln | source | |
| Splunk | Splunk Universal Forwarder (UF) | all | Not vuln | source | |
| Splunk | Splunk User Behavior Analytics (UBA) | all | Not vuln | source | |
| Stardog | Stardog | <7.8.1 | Fix | source | |
| Synacor | Zimbra | 8.8.15 and 9.x | Not vuln | Zimbra stated (in their private support portal) they're not vulnerable. Currently supported Zimbra versions ship 1.2.6 | source |
| Synology | DSM | Not vuln | The base DSM is not affected. Software installed via the package manager may be vulnerable. | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Talend | Talend Component Kit | Fix | source | ||
| Tealium | All products | Fix | source | ||
| TheHive | Cortex | all | Not vuln | source | |
| TheHive | TheHive | all | Not vuln | source | |
| Topicus Security | Topicus KeyHub | all | Not vuln | source | |
| TrendMicro | ActiveUpdate | Not vuln | source | ||
| TrendMicro | Apex Central (including as a Service) | Not vuln | source | ||
| TrendMicro | Apex One (all versions including Mac and Saas) | Not vuln | source | ||
| TrendMicro | Cloud App Security | Investigation | source | ||
| TrendMicro | Cloud Edge | Not vuln | source | ||
| TrendMicro | Cloud One - Application Security | Not vuln | source | ||
| TrendMicro | Cloud One - Common Services | Not vuln | source | ||
| TrendMicro | Cloud One - Conformity | Not vuln | source | ||
| TrendMicro | Cloud One - Container Security | Not vuln | source | ||
| TrendMicro | Cloud One - File Storage Security | Not vuln | source | ||
| TrendMicro | Cloud One - Network Security | Not vuln | source | ||
| TrendMicro | Cloud One - Workload Secuity | Investigation | source | ||
| TrendMicro | Cloud Sandbox | Not vuln | source | ||
| TrendMicro | Deep Discovery Advisor | Investigation | source | ||
| TrendMicro | Deep Discovery Analyzer | Not vuln | source | ||
| TrendMicro | Deep Discovery Director | Investigation | source | ||
| TrendMicro | Deep Discovery Email Inspector | Investigation | source | ||
| TrendMicro | Deep Discovery Inspector | Investigation | source | ||
| TrendMicro | Deep Discovery Web Inspector | Investigation | source | ||
| TrendMicro | Deep Security | Not vuln | source | ||
| TrendMicro | Endpoint Application Control | Investigation | source | ||
| TrendMicro | Fraudbuster | Not vuln | source | ||
| TrendMicro | Home Network Security | Not vuln | source | ||
| TrendMicro | Housecall | Not vuln | source | ||
| TrendMicro | Instant Messaging Security | Not vuln | source | ||
| TrendMicro | Internet Security for Mac (Consumer) | Not vuln | source | ||
| TrendMicro | Interscan Messaging Security | Investigation | source | ||
| TrendMicro | Interscan Messaging Security Virtual Appliance (IMSVA) | Investigation | source | ||
| TrendMicro | Interscan Web Security Suite | Investigation | source | ||
| TrendMicro | Interscan Web Security Virtual Appliance (IWSVA) | Investigation | source | ||
| TrendMicro | Mobile Secuirty for Enterprise | Not vuln | source | ||
| TrendMicro | MyAccount (Consumer Sign-on) | Not vuln | source | ||
| TrendMicro | Network Viruswall | Not vuln | source | ||
| TrendMicro | OfficeScan | Not vuln | source | ||
| TrendMicro | Password Manager | Not vuln | source | ||
| TrendMicro | Phish Insight | Not vuln | source | ||
| TrendMicro | Policy Manager | Not vuln | source | ||
| TrendMicro | Portable Security | Not vuln | source | ||
| TrendMicro | PortalProtect | Not vuln | source | ||
| TrendMicro | Remote Manager | Investigation | source | ||
| TrendMicro | Rescue Disk | Not vuln | source | ||
| TrendMicro | Rootkit Buster | Not vuln | source | ||
| TrendMicro | Safe Lock | Investigation | source | ||
| TrendMicro | Safe Lock 2.0 | Not vuln | source | ||
| TrendMicro | Sandbox as a Service | Investigation | source | ||
| TrendMicro | ScanMail for Domino | Investigation | source | ||
| TrendMicro | ScanMail for Exchange | Not vuln | source | ||
| TrendMicro | Secuirty for Mac | Investigation | source | ||
| TrendMicro | Security for NAS | Not vuln | source | ||
| TrendMicro | ServerProtect (all versions) | Investigation | source | ||
| TrendMicro | Smart Home Network | Investigation | source | ||
| TrendMicro | Smart Protection Complete | Investigation | source | ||
| TrendMicro | Smart Protection for Endpoints | Investigation | source | ||
| TrendMicro | Smart Protection Server (SPS) | Not vuln | source | ||
| TrendMicro | TippingPoint (all variations) | Investigation | source | ||
| TrendMicro | TMUSB | Not vuln | source | ||
| TrendMicro | Trend Micro Email Security & HES | Fix | source | ||
| TrendMicro | Trend Micro ID Security | Not vuln | source | ||
| TrendMicro | Trend Micro Remote Manager | Not vuln | source | ||
| TrendMicro | Trend Micro Web Security | Not vuln | source | ||
| TrendMicro | Vision One | Fix | source | ||
| TrendMicro | Vulnerability Protection | Investigation | source | ||
| TrendMicro | Worry-Free Business Security (on-prem) | Investigation | source | ||
| TrendMicro | Worry-Free Business Security Services | Not vuln | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Ubiquiti | UniFi Network Application | 6.5.54 | Fix | source | |
| US Signal | Remote Management and Monitoring platform | Workaround | source | ||
| USoft | USoft | 9.1.1F | Vulnerable | Found by manual scanning | proof |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Veeam | All products | Investigation | Veeam is still investigating, but it looks like the Veeam products don't use log4j | source | |
| VMware | API Portal for VMware Tanzu | 1.x | Vulnerable | source | |
| VMware | AppDefense Appliance | 2.x | Workaround | source, workaround | |
| VMware | App Metrics | 2.1.1 | Fix | source, fix | |
| VMware | Carbon Black Cloud Workload Appliance | 1.x | Workaround | source, workaround | |
| VMware | Carbon Black EDR Server | 7.x, 6.x | Fix | Fixed in 7.6.0 | source, workaround, fix |
| VMware | Cloud Foundation | 4.x, 3.x | Workaround | source, workaround | |
| VMware | Cloud Gateway for VMware Tanzu | 1.x | Vulnerable | source | |
| VMware | Cloud Services for VMware Tanzu | 3.x | Vulnerable | source | |
| VMware | HCX | 4.x, 3.x | Vulnerable | source | |
| VMware | Healthwatch for Tanzu Application Service | 2.1.7, 1.8.6 | Fix | source, fix | |
| VMware | Horizon | 8.x, 7.x | Workaround | source, workaround | |
| VMware | Horizon Cloud Connector | 1.x, 2.x | Fix | source, fix | |
| VMware | Horizon DaaS | 9.1.x, 9.0.x | Workaround | source, workaround | |
| VMware | Identity Manager | 3.3.x | Workaround | source, workaround | |
| VMware | NSX Data Center for vSphere | 6.x | Workaround | source, workaround | |
| VMware | NSX-T Data Center | 3.x, 2.x | Workaround | source, workaround | |
| VMware | Single Sign-On for VMware Tanzu Application Service | 1.x | Vulnerable | source | |
| VMware | Site Recovery Manager | 8.x | Vuln | source, workaround | |
| VMware | Spring Boot | < 2.5.8, < 2.6.2 | Workaround | source | |
| VMware | Spring Cloud Gateway for Kubernetes | 1.x | Vulnerable | source | |
| VMware | Tanzu Application Service for VMs | 2.x | Fix | source, workaround, fix | |
| VMware | Tanzu GemFire | 8.x | Workaround | source, workaround | |
| VMware | Tanzu Greenplum | 6.x | Workaround | source, workaround | |
| VMware | Tanzu Kubernetes Grid Integrated Edition | 2.x | Workaround | source, workaround | |
| VMware | Tanzu Observability by Wavefront Nozzle | 3.0.3 | Fix | source, fix | |
| VMware | Tanzu Operations Manager | 2.x | Fix | source, workaround, fix | |
| VMware | Tanzu SQL with MySQL for VMs | 2.x, 1.x | Vulnerable | source | |
| VMware | Telco Cloud Automation | 2.x, 1.x | Vulnerable | source | |
| VMware | Unified Access Gateway | 21.x, 20.x, 3.x | Workaround | source, workaround | |
| VMware | vCenter Cloud Gateway | 1.x | Workaround | source, workaround | |
| VMware | vCenter Server | 6.x | Workaround | Running on: Windows | source, workaround |
| VMware | vCenter Server | 7.x, 6.x | Workaround | Running on: Virtual Appliance | source, workaround |
| VMware | vCloud Director | all | Not vuln | source | |
| VMware | vCloud Workstation | all | Not vuln | source | |
| VMware | vRealize Automation | 8.x, 7.x | Vulnerable | source | |
| VMware | vRealize Lifecycle Manager | 8.x | Workaround | source, workaround | |
| VMware | vRealize Log Insight | 8.x | Workaround | source, workaround | |
| VMware | vRealize Operations | 8.x | Workaround | source, workaround | |
| VMware | vRealize Operations Cloud Proxy | Any | Workaround | source, workaround | |
| VMware | vRealize Orchestrator | 8.x, 7.x | Vulnerable | source | |
| VMware | vSphere ESXi | Unknown | Not Vuln | source | |
| VMware | Workspace ONE Access | 21.x, 20.x | Workaround | source, workaround | |
| VMware | Workspace ONE Access Connector (VMware Identity Manager Connector) | 19.03.0.1, 20.x, 21.x | Workaround | source, workaround |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Watcher | Watcher | all | Not vuln | source | |
| Wind River | Wind River Linux | <= 8 | Not vuln | "contain package log4j, but their version is 1.2.x, too old to be affected" | source |
| Wind River | Wind River Linux | > 8 | Not vuln | no support for log4j | source |
| WitFoo | WitFoo Precinct | 6.x | Fix | WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable | source |
| Wowza | Wowza Streaming Engine | 4.7.8, 4.8.x | Workaround | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Yahoo | Vespa | Not vuln | Your Vespa application may still be affected if log4j is included in your application package | source |
| Supplier | Product | Version | Status | Notes | Links |
|---|---|---|---|---|---|
| Zabbix | Zabbix | Not vuln | Zabbix is aware of this vulnerability, has completed verification, and can conclude that the only product where we use Java is Zabbix Java Gateway, which does not utilize the log4j library, thereby is not impacted by this vulnerability. | source | |
| Zammad | Zammad | Workaround | Most of Zammad instances make use of Elasticsearch which might be vulnerable. | source | |
| Zerto | Virtual Replication Appliance | Not vuln | source | ||
| Zerto | Zerto Cloud Appliance | Not vuln | source | ||
| Zerto | Zerto Cloud Manager | Not vuln | source | ||
| Zerto | Zerto Virtual Manager | Not vuln | source | ||
| Zesty | Zesty.io | Not vuln | source |