Log4J Affected Apps/Vendors

Log4J Affected Apps/Vendors

Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE) for security responders.

We believe it is important to classify the vendors and products between:

  1. Internal risk - what you need to patch first to remove risk internally
  2. External risk - all third/fourth-party vendors that have custody of your data that might've been hacked that you will need to monitor and tackle once you're done patching

Here are the lists:

External Risk - Affected Apps

i.e. all vendors you should worry about if you have data in their environment or if they access to your environment

VendorAppsource
BroadcomCA Advanced Authenticationhttps://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793
BroadcomCA Risk Authenticationhttps://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793
BroadcomCA Strong Authenticationhttps://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793
BroadcomSymantec Endpoint Protection Manager (SEPM)https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793
VMwareVMware Horizonhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware vCenter Serverhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware HCXhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware NSX-T Data Centerhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Unified Access Gatewayhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware WorkspaceOne Accesshttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Identity Managerhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware vRealize Operationshttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware vRealize Operations Cloud Proxyhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware vRealize Log Insighthttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware vRealize Automationhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware vRealize Lifecycle Managerhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Telco Cloud Automationhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Site Recovery Managerhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Carbon Black Cloud Workload Appliancehttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Carbon Black EDR Serverhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Tanzu GemFirehttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Tanzu Greenplumhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Tanzu Operations Managerhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Tanzu Application Service for VMshttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Tanzu Kubernetes Grid Integrated Editionhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Tanzu Observability by Wavefront Nozzlehttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Healthwatch for Tanzu Application Servicehttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareSpring Cloud Services for VMware Tanzuhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareSpring Cloud Gateway for VMware Tanzuhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareSpring Cloud Gateway for Kuberneteshttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareAPI Portal for VMware Tanzuhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareSingle Sign-On for VMware Tanzu Application Servicehttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware App Metricshttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware vCenter Cloud Gatewayhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Tanzu SQL with MySQL for VMshttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware vRealize Orchestratorhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Cloud Foundationhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Workspace ONE Access Connectorhttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
VMwareVMware Horizon DaaShttps://www.vmware.com/security/advisories/VMSA-2021-0028.html
CiscoCisco Webex Meetings Serverhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Evolved Programmable Network Managerhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Integrated Management Controller (IMC) Supervisorhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Intersight Virtual Appliancehttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco UCS Directorhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Unified Contact Center Enterprise - Live Data serverhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Video Surveillance Operations Managerhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Unified Communications Manager Cloudhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Webex Cloud-Connected UC (CCUC)https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
F-SecureF-Secure Policy Managerhttps://status.f-secure.com/incidents/sk8vmr0h34pd
F-SecureF-Secure Policy Manager for Linuxhttps://status.f-secure.com/incidents/sk8vmr0h34pd
F-SecureF-Secure Policy Manager Proxyhttps://status.f-secure.com/incidents/sk8vmr0h34pd
F-SecureF-Secure Policy Manager Proxy for Linuxhttps://status.f-secure.com/incidents/sk8vmr0h34pd
F-SecureF-Secure Endpoint Proxyhttps://status.f-secure.com/incidents/sk8vmr0h34pd
ApereoApereo CAShttps://apereo.github.io/2021/12/11/log4j-vuln/
CheckpointCheckpoint Quantum Security Managementhttps://community.checkpoint.com/t5/General-Topics/CVE-2021-44228-Log4j-vulnerability-Log4Shell/m-p/136006
Connect2idConnect2id serverhttps://connect2id.com/blog/connect2id-server-12-5-1
Contrast SecurityContrast Security self hostedhttps://support.contrastsecurity.com/hc/en-us/articles/4412612486548
Contrast SecurityContrast Security cloudhttps://support.contrastsecurity.com/hc/en-us/articles/4412612486548
DynatraceDynatrace Synthetic Chromiumhttps://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177292
ForcepointForcepoint Security managerhttps://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-NGFW-Security-Management-Center
ForcepointForcepoint DLP Managerhttps://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-NGFW-Security-Management-Center
GoAnywhereGoAnywherehttps://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps
JAMFJAMF Prohttps://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740
n-ableN-able Risk Intelligencehttps://www.n-able.com/security-and-privacy/apache-log4j-vulnerability
n-ableN-able RMMhttps://www.n-able.com/security-and-privacy/apache-log4j-vulnerability
OktaOkta RADIUS Server Agenthttps://sec.okta.com/articles/2021/12/log4shell
OktaOkta On-Prem MFA Agenthttps://sec.okta.com/articles/2021/12/log4shell
opennmsopennmshttps://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/
pagerdutypagerduty rundeckhttps://docs.rundeck.com/docs/history/CVEs/
puppetPuppet Enterprisehttps://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/
PuresoragePuresorage Portworxhttps://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)
RSARSA SecureID Authentication Managerhttps://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501
SophosSophos Cloud Optixhttps://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce
SplunkSplunkhttps://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html
WowzaWowza Streaming enginehttps://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve
PegaPega Platformhttps://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability
OpenMrsOpenMRS Platformhttps://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341
TricentisTosca licensing serverhttps://support-hub.tricentis.com/open?number=NEW0001148&id=post
RWSSDL WorldServerhttps://gateway.sdl.com/apex/communityknowledge?articleName=000017707
EsriArcGishttps://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/
BackblazeBackblazehttps://twitter.com/backblaze/status/1469477224277368838
GenesysGenesyshttps://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability
PhenixidPhenixidhttps://support.phenixid.se/uncategorized/log4j-fix/
sysaidsysaidhttps://www.sysaid.com/lp/important-update-regarding-apache-log4j
wallarmwallarmhttps://lab.wallarm.com/cve-2021-44228-mitigation-update/
Witfoowitfoo precincthttps://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/
Sumo logicsumo logic collecterhttps://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12
LeanixLeanix Value Stream Management (VSM)https://www.leanix.net/en/blog/log4j-vulnerability-log4shell
LogicMonitorlogicmonitorhttps://communities.logicmonitor.com/topic/7472-logicmonitor-collectors-running-vulnerable-version-of-log4j-are-affected-by-log4shell-cve-2021-44228-vulnerability/
IBMCuram SPMhttps://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-cram-social-program-management-cve-2019-17571/
Aptibleaptiblehttps://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4
SailPointSailPoint IdentityIQhttps://community.sailpoint.com/t5/Community-Announcements/Log4j-Vulnerability/ba-p/206702
SailPointSailPoint IdentityNowhttps://community.sailpoint.com/t5/Community-Announcements/Log4j-Vulnerability/ba-p/206702
SailPointSailPoint IdentityAIhttps://community.sailpoint.com/t5/Community-Announcements/Log4j-Vulnerability/ba-p/206702
BroadcomSiteMinder (CA Single Sign-On)https://knowledge.broadcom.com/external/article?articleId=230270
Carbon BlackCloud Workload Appliancehttps://community.carbonblack.com/t5/Documentation-Downloads/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134
Carbon BlackEDR Servershttps://community.carbonblack.com/t5/Documentation-Downloads/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134
CiscoCisco Nexus Dashboardhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Webex Meetings Serverhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Evolved Programmable Network Managerhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Integrated Management Controller (IMC) Supervisorhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Intersight Virtual Appliancehttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco UCS Directorhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Unified Contact Center Enterprise - Live Data serverhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Video Surveillance Operations Managerhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Unified Communications Manager Cloudhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Webex Cloud-Connected UC (CCUC)https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoDuohttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CiscoCisco Unified Communications Managerhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CommvaultCloud Apps & Oracle & MS-SQLhttps://documentation.commvault.com/11.24/essential/146231_security_vulnerability_and_reporting.html
ForcepointDLP Managerhttps://support.forcepoint.com/
ForgeRockAutonomous Identityhttps://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa
FortinetFortiCASBhttps://www.fortiguard.com/psirt/FG-IR-21-245
FortinetFortiConvertorhttps://www.fortiguard.com/psirt/FG-IR-21-245
FortinetFortiEDR Cloudhttps://www.fortiguard.com/psirt/FG-IR-21-245
FortinetFortiNAChttps://www.fortiguard.com/psirt/FG-IR-21-246
FortinetFortiPolicyhttps://www.fortiguard.com/psirt/FG-IR-21-247
FortinetFortiPortalhttps://www.fortiguard.com/psirt/FG-IR-21-248
FortinetFortiSIEMhttps://www.fortiguard.com/psirt/FG-IR-21-249
FortinetFortiSOARhttps://www.fortiguard.com/psirt/FG-IR-21-250
FortinetShieldXhttps://www.fortiguard.com/psirt/FG-IR-21-251
GFI SoftwareKerio Connecthttps://forums.gfi.com/index.php?t=msg&th=39096&start=0&
GoAnywhereMFThttps://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps
GoAnywhereGatewayhttps://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps
GoAnywhereAgentshttps://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps
GraylogGrayloghttps://www.graylog.org/post/graylog-update-for-log4j
GuardedBoxGuardedBoxhttps://twitter.com/GuardedBox/status/1469739834117799939
HCL SoftwareBigFix Compliancehttps://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486
HCL SoftwareBigFix Inventoryhttps://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486
IBMSterling Fulfillment Optimizerhttps://www.ibm.com/support/pages/node/6525706/
IBMSterling Inventory Visibilityhttps://www.ibm.com/support/pages/node/6525706/
IBMWebspherehttps://www.ibm.com/support/pages/node/6525706/
InformaticaAxonhttps://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products
InformaticaData Privacy Managementhttps://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products
InformaticaInformation Deployment Managerhttps://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products
InformaticaMetadata Managerhttps://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products
InformaticaPowerCenterhttps://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products
InformaticaPowerExchange for CDC (Publisher) and Mainframehttps://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products
InformaticaProduct 360https://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products
InformaticaSecure Agents (Cloud hosted)https://knowledge.informatica.com/s/article/Apache-Zero-Day-log4j-RCE-Vulnerability-Updates-for-Informatica-On-premises-Products
NutanixAOShttps://download.nutanix.com/alerts/Security_Advisory_0023.pdf
NutanixPrism Centralhttps://download.nutanix.com/alerts/Security_Advisory_0023.pdf
NutanixVolumeshttps://download.nutanix.com/alerts/Security_Advisory_0023.pdf
NutanixKarbonhttps://download.nutanix.com/alerts/Security_Advisory_0023.pdf
NutanixLeaphttps://download.nutanix.com/alerts/Security_Advisory_0023.pdf
NutanixCalmhttps://download.nutanix.com/alerts/Security_Advisory_0023.pdf
NutanixBeamhttps://download.nutanix.com/alerts/Security_Advisory_0023.pdf
NutanixSizerhttps://download.nutanix.com/alerts/Security_Advisory_0023.pdf
NutanixInsightshttps://download.nutanix.com/alerts/Security_Advisory_0023.pdf
NewRelicNewRelic monitoringhttps://discuss.newrelic.com/t/log4j-zero-day-vulnerability-and-the-new-relic-java-agent/170322/4
Micro FocusArcSight ESMhttps://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228
Micro FocusArcSight Loggerhttps://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228
Micro FocusArcSight Reconhttps://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228
Micro FocusArcSight Intelligencehttps://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44229
Micro FocusArcSight Connectorshttps://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44230
Micro FocusArcSight Transformation Hubhttps://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44231
PhilipsIntelliBridge Enterprisehttps://www.philips.com/a-w/security/security-advisories.html
PhilipsIntelliSite Pathology Solution 5.1https://www.philips.com/a-w/security/security-advisories.html
PhilipsIntelliSpace PACShttps://www.philips.com/a-w/security/security-advisories.html
PhilipsIntelliSpace Precision Medicinehttps://www.philips.com/a-w/security/security-advisories.html
PhilipsPathology De-identifier 1.0https://www.philips.com/a-w/security/security-advisories.html
PhilipsPerformance Bridgehttps://www.philips.com/a-w/security/security-advisories.html
PhilipsPinnaclehttps://www.philips.com/a-w/security/security-advisories.html
PhilipsProtocol Applicationshttps://www.philips.com/a-w/security/security-advisories.html
PhilipsRIS Clinichttps://www.philips.com/a-w/security/security-advisories.html
PhilipsScanner Protocol Managerhttps://www.philips.com/a-w/security/security-advisories.html
PhilipsTasy EMRhttps://www.philips.com/a-w/security/security-advisories.html
PhilipsUniversal Data Manager (UDM)https://www.philips.com/a-w/security/security-advisories.html
PhilipsVuePACShttps://www.philips.com/a-w/security/security-advisories.html
RuckusFlexMasterhttps://support.ruckuswireless.com/security_bulletins/313
RuckusSmartZone 100 (SZ-100)https://support.ruckuswireless.com/security_bulletins/314
RuckusSmartZone 144 (SZ-144)https://support.ruckuswireless.com/security_bulletins/315
RuckusSmartZone 300 (SZ-300)https://support.ruckuswireless.com/security_bulletins/316
RuckusUnleashedhttps://support.ruckuswireless.com/security_bulletins/317
RuckusVirtual SmartZone (vSZ)https://support.ruckuswireless.com/security_bulletins/318
UnifyFirst Response OpenScape Policy Storehttps://networks.unify.com/security/advisories/OBSO-2112-01.pdf
UnifyHipath DS-Winhttps://networks.unify.com/security/advisories/OBSO-2112-01.pdf
UnifyOpenScape Contact Centerhttps://networks.unify.com/security/advisories/OBSO-2112-01.pdf
UnifyOpenScape Contact Media Servicehttps://networks.unify.com/security/advisories/OBSO-2112-01.pdf
UnifyOpenScape UChttps://networks.unify.com/security/advisories/OBSO-2112-01.pdf
UnifyOpenScape Voicehttps://networks.unify.com/security/advisories/OBSO-2112-01.pdf
WSO2WSO2 API Managerhttps://docs.wso2.com/pages/viewpage.action?pageId=180948677
WSO2WSO2 API Manager Analyticshttps://docs.wso2.com/pages/viewpage.action?pageId=180948677
WSO2WSO2 Enterprise Integratorhttps://docs.wso2.com/pages/viewpage.action?pageId=180948678
WSO2WSO2 Enterprise Integrator Analyticshttps://docs.wso2.com/pages/viewpage.action?pageId=180948679
WSO2WSO2 Identity Serverhttps://docs.wso2.com/pages/viewpage.action?pageId=180948680
WSO2WSO2 Identity Server Analyticshttps://docs.wso2.com/pages/viewpage.action?pageId=180948681
WSO2WSO2 Identity Server as Key Managerhttps://docs.wso2.com/pages/viewpage.action?pageId=180948682
WSO2WSO2 Micro Gatewayhttps://docs.wso2.com/pages/viewpage.action?pageId=180948683
WSO2WSO2 Micro Integratorhttps://docs.wso2.com/pages/viewpage.action?pageId=180948684
WSO2WSO2 Micro Integrator Dashboardhttps://docs.wso2.com/pages/viewpage.action?pageId=180948685
WSO2WSO2 Micro Integrator Monitoring Dashboardhttps://docs.wso2.com/pages/viewpage.action?pageId=180948686
WSO2WSO2 Stream Processorhttps://docs.wso2.com/pages/viewpage.action?pageId=180948687
WSO2WSO2 Stream Integratorhttps://docs.wso2.com/pages/viewpage.action?pageId=180948688
WSO2WSO2 Stream Integrator Toolinghttps://docs.wso2.com/pages/viewpage.action?pageId=180948689
WSO2WSO2 Open Banking AMhttps://docs.wso2.com/pages/viewpage.action?pageId=180948690
WSO2WSO2 Open Banking BIhttps://docs.wso2.com/pages/viewpage.action?pageId=180948691
WSO2WSO2 Open Banking KMhttps://docs.wso2.com/pages/viewpage.action?pageId=180948692
SalesforceSalesforce Data Loaderhttps://www.salesforceben.com/salesforce-products-hit-by-log4j2-security-flaw/

Internal Risk - Affected Components

i.e. software components you might have used in building your products that you should worry if they cause you to be vulnerable

###Affected components


VendorAppsource
ApacheApache Dubbohttps://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/
Ververicaververicahttps://flink.apache.org/2021/12/10/log4j-cve.html
ApacheApache Flinkhttps://flink.apache.org/2021/12/10/log4j-cve.html
ApacheApache Flumehttps://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/
ApacheApache Hadoophttps://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/
ApacheApache Kafkahttps://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/
ApacheApache Solrhttps://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/
ApacheApache Sparkhttps://msandbu.org/log4shell-log4j-cve-2021-44228-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=log4shell-log4j-cve-2021-44228-vulnerability
ApacheApache Strutshttps://msandbu.org/log4shell-log4j-cve-2021-44228-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=log4shell-log4j-cve-2021-44228-vulnerability
ApacheApache Tapestryhttps://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/
ApacheTomcathttps://msandbu.org/log4shell-log4j-cve-2021-44228-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=log4shell-log4j-cve-2021-44228-vulnerability
ApacheApache Wickethttps://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/
DatabricksDatabrickshttps://msandbu.org/log4shell-log4j-cve-2021-44228-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=log4shell-log4j-cve-2021-44228-vulnerability
ElasticElastic Searchhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
ElasticElastic Logstashhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
ElasticAPM Java Agenthttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
CouchbaseElastic connectorhttps://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402
CpanelSolr pluginhttps://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/
GrailsGrailshttps://github.com/grails/grails-core/releases
GraylogGrayloghttps://www.graylog.org/post/graylog-update-for-log4j
Evil labsJGAAPhttps://github.com/evllabs/JGAAP/releases/tag/v8.0.2
Jitsivideo-bridgehttps://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md
MicrosoftKafka Connect CosmosDBhttps://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md
MetabaseMetabasehttps://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37
getnelsonnelsonhttps://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala
Neo4jNeo4jhttps://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856
New relicJava agenthttps://github.com/newrelic/newrelic-java-agent/issues/605
openhabopenhabhttps://github.com/openhab/openhab-distro/pull/1343
opensearchopensearchhttps://opensearch.org/blog/releases/2021/12/update-to-1-2-1/
redhatSeveral affected packageshttps://access.redhat.com/security/cve/cve-2021-44228
Security OnionSecurity Onionhttps://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html
Spring BootSpring Boothttps://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot
swingsetswingsethttps://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10
Talendcomponent kithttps://jira.talendforge.org/browse/TCOMP-2054
UnifiUniFi Network Applicationhttps://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1
zaproxyzaproxyhttps://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/
ApacheApache iceberghttps://github.com/apache/iceberg/issues/3710
ChefChef serverhttps://github.com/chef/chef-server/issues/2998
Mailcowmailcowhttps://github.com/mailcow/mailcow-dockerized/issues/4375
portexportexhttps://github.com/katjahahn/PortEx/releases
oxygenxmloxygen xml editorhttps://www.oxygenxml.com/security/advisory/CVE-2019-17571.html
Lucent SkyLucent Sky AVM On-Demandhttps://twitter.com/LucentSky/status/1469358706311974914
Lucent SkyLucent Sky managed instanceshttps://twitter.com/LucentSky/status/1469358706311974914
Logstashlogstashhttps://github.com/elastic/logstash/pull/13494
AmazonAWS Lambdahttps://aws.amazon.com/security/security-bulletins/AWS-2021-005/
AmazonAWS CloudHSMhttps://aws.amazon.com/security/security-bulletins/AWS-2021-005/
MicrosoftAzure Data lake store javahttps://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310

    • Related Articles

    • Log4j Overview: Related Software

      This page contains an overview of any related software regarding the Log4j vulnerability. On this page NCSC-NL and partners will maintain a list of all known vulnerable and not vulnerable software. Furthermore, references to software will contain ...
    • Apache Log4j Vulnerability Guidance

      Immediate Actions to Protect Against Log4j Exploitation • Discover all internet facing assets that allow data inputs and use Log4j Java library anywhere in the stack. • Discover all assets that use the Log4j library. • Update or isolate affected ...
    • Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

      Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 MSRC / By MSRC Team / December 11, 2021 ​ SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j (a logging tool used in many Java-based ...
    • Log4j Advisories, notices, patches, or updates

      Given the severity of the vulnerability and how easy it is to exploit it, CISA today released guidance for companies to set up defenses against Log4Shell attacks. The agency's recommendation is to "apply available patches immediately" and to ...
    • Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation

      Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation Microsoft 365 Defender Threat Intelligence Team Microsoft Threat Intelligence Center (MSTIC) Updates: [12/16/2021] New Microsoft Sentinel solution and additional ...