Log4j Overview: Related Software
This page contains an overview of any related software regarding the Log4j vulnerability. On this page NCSC-NL and partners will maintain a list of all known vulnerable and not vulnerable software. Furthermore, references to software will contain specific information regarding which version contains the security fixes and which software still requires fixes. Please note that this vulnerability may also occur in custom software developed within your organisation. These occurrences are not registered in this overview.
NCSC Advisories
NCSC-NL has published a HIGH/HIGH advisory for the Log4j vulnerability. Normally we would update the HIGH/HIGH advisory for vulnerable software packages, however due to the extensive amounts of expected updates we have created a list of known vulnerable software in the software directory.
Daily CSV/JSON releases
Daily releases of this software list are listed, including CSV and JSON files, in the releases overview. Please check the software list parser tool to generate a CSV or JSON on your own.
Disclaimer: _We aim to provide as the information as accurately as possible with the resources available to us. However, we do not have the capacity to monitor all software for updates/fixes. You are advised to review the links provided for available updates. If you find updates or mistakes, please contribute by creating a Pull Request. Learn how.
Software overview
NCSC-NL will use the following status labels:
Status | Description |
---|
Unknown | Status unknown. Default choice. |
Affected | Reported to be affected by CVE-2021-44228. |
Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
Fixed | Patch and/or mitigations available (see provided links). |
Under Investigation | Vendor investigating status. |
Software List
This list was initially populated using information from the following sources:
- Kevin Beaumont
- SwitHak