├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── product-submission-form.yml │ └── product-update-form.yml ├── SECURITY.md ├── dependabot.yml ├── labels.yml ├── lineage.yml └── workflows │ ├── build.yml │ ├── sync-labels.yml │ └── update_software_lists.yml ├── .gitignore ├── .mdl_config.yaml ├── .pre-commit-config.yaml ├── .prettierignore ├── .yamllint ├── CONTRIBUTING.md ├── LICENSE ├── PULL-EXAMPLE.md ├── README.md ├── config ├── SOFTWARE-LIST.tpl.md ├── requirements.txt └── update_software_lists.sh ├── data ├── cisagov.yml ├── cisagov_A.yml ├── cisagov_B.yml ├── cisagov_C.yml ├── cisagov_D.yml ├── cisagov_E.yml ├── cisagov_F.yml ├── cisagov_G.yml ├── cisagov_H.yml ├── cisagov_I.yml ├── cisagov_J.yml ├── cisagov_K.yml ├── cisagov_L.yml ├── cisagov_M.yml ├── cisagov_N.yml ├── cisagov_Non-Alphabet.yml ├── cisagov_O.yml ├── cisagov_P.yml ├── cisagov_Q.yml ├── cisagov_R.yml ├── cisagov_S.yml ├── cisagov_T.yml ├── cisagov_U.yml ├── cisagov_V.yml ├── cisagov_W.yml ├── cisagov_X.yml ├── cisagov_Y.yml └── cisagov_Z.yml └── software_lists ├── README.md ├── software_list_A.md ├── software_list_B.md ├── software_list_C.md ├── software_list_D.md ├── software_list_E.md ├── software_list_F.md ├── software_list_G.md ├── software_list_H.md ├── software_list_I.md ├── software_list_J.md ├── software_list_K.md ├── software_list_L.md ├── software_list_M.md ├── software_list_N.md ├── software_list_Non-Alphabet.md ├── software_list_O.md ├── software_list_P.md ├── software_list_Q.md ├── software_list_R.md ├── software_list_S.md ├── software_list_T.md ├── software_list_U.md ├── software_list_V.md ├── software_list_W.md ├── software_list_X.md ├── software_list_Y.md └── software_list_Z.md /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Each line is a file pattern followed by one or more owners. 2 | 3 | # These owners will be the default owners for everything in the 4 | # repo. Unless a later match takes precedence, these owners will be 5 | # requested for review when someone opens a pull request. 6 | * @iainDe @justmurphy @Lcerkov 7 | 8 | # These folks own the automated list update configuration. 9 | /config/ @mcdonnnj 10 | 11 | # These folks own any dot-files in the repository. 12 | .* @dav3r @felddy @jsf9k @mcdonnnj 13 | 14 | # These folks own any files in the .github directory at the root of 15 | # the repository and any of its subdirectories. 16 | /.github/ @dav3r @felddy @jsf9k @mcdonnnj 17 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/product-submission-form.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Submit a Product 3 | description: Submit a product to the database 4 | title: "[Product Submission]: - " 5 | body: 6 | - type: input 7 | id: product-vendor 8 | attributes: 9 | label: Product vendor 10 | description: Who is the vendor for the product? 11 | placeholder: Cisco, Dell, IBM, etc. 12 | validations: 13 | required: true 14 | - type: input 15 | id: product-name 16 | attributes: 17 | label: Product name 18 | description: What is the name of the product? 19 | placeholder: AppDynamics, BigFix Inventory, Centera, etc. 20 | validations: 21 | required: true 22 | - type: input 23 | id: product-versions 24 | attributes: 25 | label: Product version(s) 26 | description: What version(s) of the product is (are) affected? 27 | placeholder: v2; 1.5; >3; >=4; >5, <6; etc. 28 | validations: 29 | required: true 30 | - type: dropdown 31 | id: product-updated 32 | attributes: 33 | label: Product update 34 | description: Is there an update available for the product? 35 | options: 36 | - Available 37 | - Not Available 38 | validations: 39 | required: true 40 | - type: input 41 | id: product-update-link 42 | attributes: 43 | label: Product update link 44 | description: Where can the update be found, if one is available? 45 | - type: input 46 | id: product-last-updated 47 | attributes: 48 | label: Last updated 49 | description: When was the product last updated? 50 | placeholder: "2021-12-06" 51 | - type: textarea 52 | id: product-notes 53 | attributes: 54 | label: Notes 55 | - type: textarea 56 | id: product-references 57 | attributes: 58 | label: References 59 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/product-update-form.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Update a Product 3 | description: Update information about a product in the database 4 | title: "[Product Update]: - " 5 | body: 6 | - type: input 7 | id: product-vendor 8 | attributes: 9 | label: Product vendor 10 | description: Who is the vendor for the product? 11 | placeholder: Cisco, Dell, IBM, etc. 12 | validations: 13 | required: true 14 | - type: input 15 | id: product-name 16 | attributes: 17 | label: Product name 18 | description: What is the name of the product? 19 | placeholder: AppDynamics, BigFix Inventory, Centera, etc. 20 | validations: 21 | required: true 22 | - type: textarea 23 | id: update-context 24 | attributes: 25 | label: Context 26 | description: Please provide context around the update. 27 | - type: input 28 | id: product-versions 29 | attributes: 30 | label: Product version(s) 31 | description: What version(s) of the product are affected? 32 | - type: dropdown 33 | id: product-updated 34 | attributes: 35 | label: Product update 36 | description: Is there an update available for the product? 37 | options: 38 | - Available 39 | - Not Available 40 | - type: input 41 | id: product-update-link 42 | attributes: 43 | label: Product update link 44 | description: Where can the update be found, if one is available? 45 | - type: input 46 | id: product-last-updated 47 | attributes: 48 | label: Last updated 49 | description: When was the product last updated? 50 | placeholder: "2021-12-06" 51 | - type: textarea 52 | id: product-notes 53 | attributes: 54 | label: Notes 55 | - type: textarea 56 | id: product-references 57 | attributes: 58 | label: References 59 | -------------------------------------------------------------------------------- /.github/SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisagov/log4j-affected-db/57059d570b7e1baceb31f7c95247a8b449a4cbb1/.github/SECURITY.md -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Any ignore directives should be uncommented in downstream projects to disable 4 | # Dependabot updates for the given dependency. Downstream projects will get 5 | # these updates when the pull request(s) in the appropriate skeleton are merged 6 | # and Lineage processes these changes. 7 | 8 | version: 2 9 | updates: 10 | - package-ecosystem: "github-actions" 11 | directory: "/" 12 | schedule: 13 | interval: "weekly" 14 | ignore: 15 | # Managed by cisagov/skeleton-generic 16 | - dependency-name: actions/cache 17 | - dependency-name: actions/checkout 18 | - dependency-name: actions/setup-go 19 | - dependency-name: actions/setup-python 20 | - dependency-name: hashicorp/setup-terraform 21 | - dependency-name: mxschmitt/action-tmate 22 | 23 | - package-ecosystem: "pip" 24 | directory: "/" 25 | schedule: 26 | interval: "weekly" 27 | 28 | - package-ecosystem: "terraform" 29 | directory: "/" 30 | schedule: 31 | interval: "weekly" 32 | -------------------------------------------------------------------------------- /.github/labels.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Rather than breaking up descriptions into multiline strings we disable that 3 | # specific rule in yamllint for this file. 4 | # yamllint disable rule:line-length 5 | - color: "eb6420" 6 | description: This issue or pull request is awaiting the outcome of another issue or pull request 7 | name: blocked 8 | - color: "000000" 9 | description: This issue or pull request involves changes to existing functionality 10 | name: breaking change 11 | - color: "d73a4a" 12 | description: This issue or pull request addresses broken functionality 13 | name: bug 14 | - color: "07648d" 15 | description: This issue will be advertised on code.gov's Open Tasks page (https://code.gov/open-tasks) 16 | name: code.gov 17 | - color: "0366d6" 18 | description: Pull requests that update a dependency file 19 | name: dependencies 20 | - color: "5319e7" 21 | description: This issue or pull request improves or adds to documentation 22 | name: documentation 23 | - color: "cfd3d7" 24 | description: This issue or pull request already exists or is covered in another issue or pull request 25 | name: duplicate 26 | - color: "b005bc" 27 | description: A high-level objective issue encompassing multiple issues instead of a specific unit of work 28 | name: epic 29 | - color: "000000" 30 | description: Pull requests that update GitHub Actions code 31 | name: github-actions 32 | - color: "0e8a16" 33 | description: This issue or pull request is well-defined and good for newcomers 34 | name: good first issue 35 | - color: "ff7518" 36 | description: Pull request that should count toward Hacktoberfest participation 37 | name: hacktoberfest-accepted 38 | - color: "a2eeef" 39 | description: This issue or pull request will add or improve functionality, maintainability, or ease of use 40 | name: improvement 41 | - color: "fef2c0" 42 | description: This issue or pull request is not applicable, incorrect, or obsolete 43 | name: invalid 44 | - color: "ce099a" 45 | description: This pull request is ready to merge during the next Lineage Kraken release 46 | name: kraken 🐙 47 | - color: "a4fc5d" 48 | description: This issue or pull request requires further information 49 | name: need info 50 | - color: "fcdb45" 51 | description: This pull request is awaiting an action or decision to move forward 52 | name: on hold 53 | - color: "ef476c" 54 | description: This issue is a request for information or needs discussion 55 | name: question 56 | - color: "00008b" 57 | description: This issue or pull request adds or otherwise modifies test code 58 | name: test 59 | - color: "1d76db" 60 | description: This issue or pull request pulls in upstream updates 61 | name: upstream update 62 | - color: "d4c5f9" 63 | description: This issue or pull request increments the version number 64 | name: version bump 65 | - color: "ffffff" 66 | description: This issue will not be incorporated 67 | name: wontfix 68 | -------------------------------------------------------------------------------- /.github/lineage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | lineage: 3 | skeleton: 4 | remote-url: https://github.com/cisagov/skeleton-generic.git 5 | version: '1' 6 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: build 3 | 4 | on: 5 | push: 6 | pull_request: 7 | repository_dispatch: 8 | types: [apb] 9 | 10 | env: 11 | PIP_CACHE_DIR: ~/.cache/pip 12 | PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit 13 | 14 | jobs: 15 | lint: 16 | runs-on: ubuntu-latest 17 | steps: 18 | - id: setup-env 19 | uses: cisagov/setup-env-github-action@develop 20 | - uses: actions/checkout@v3 21 | - id: setup-python 22 | uses: actions/setup-python@v4 23 | with: 24 | python-version: "3.10" 25 | # We need the Go version and Go cache location for the actions/cache step, 26 | # so the Go installation must happen before that. 27 | - id: setup-go 28 | uses: actions/setup-go@v3 29 | with: 30 | go-version: "1.19" 31 | - name: Lookup Go cache directory 32 | id: go-cache 33 | run: | 34 | echo "dir=$(go env GOCACHE)" >> $GITHUB_OUTPUT 35 | - uses: actions/cache@v3 36 | env: 37 | BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ 38 | py${{ steps.setup-python.outputs.python-version }}-\ 39 | go${{ steps.setup-go.outputs.go-version }}-" 40 | with: 41 | path: | 42 | ${{ env.PIP_CACHE_DIR }} 43 | ${{ env.PRE_COMMIT_CACHE_DIR }} 44 | ${{ steps.go-cache.outputs.dir }} 45 | key: "${{ env.BASE_CACHE_KEY }}\ 46 | ${{ hashFiles('**/.pre-commit-config.yaml') }}" 47 | restore-keys: | 48 | ${{ env.BASE_CACHE_KEY }} 49 | - name: Install shfmt 50 | env: 51 | PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt 52 | PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }} 53 | run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} 54 | - name: Install dependencies 55 | run: | 56 | python -m pip install --upgrade pip setuptools wheel 57 | pip install --upgrade pre-commit 58 | - name: Set up pre-commit hook environments 59 | run: pre-commit install-hooks 60 | - name: Run pre-commit on all files 61 | run: pre-commit run --all-files 62 | -------------------------------------------------------------------------------- /.github/workflows/sync-labels.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: sync-labels 3 | 4 | on: 5 | push: 6 | paths: 7 | - '.github/labels.yml' 8 | - '.github/workflows/sync-labels.yml' 9 | 10 | permissions: 11 | contents: read 12 | 13 | jobs: 14 | labeler: 15 | permissions: 16 | # actions/checkout needs this to fetch code 17 | contents: read 18 | # crazy-max/ghaction-github-labeler needs this to manage repository labels 19 | issues: write 20 | runs-on: ubuntu-latest 21 | steps: 22 | - uses: actions/checkout@v3 23 | - name: Sync repository labels 24 | if: success() 25 | uses: crazy-max/ghaction-github-labeler@v4 26 | with: 27 | # This is a hideous ternary equivalent so we only do a dry run unless 28 | # this workflow is triggered by the develop branch. 29 | dry-run: ${{ github.ref_name == 'develop' && 'false' || 'true' }} 30 | -------------------------------------------------------------------------------- /.github/workflows/update_software_lists.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Update the software lists 3 | 4 | on: 5 | push: 6 | branches: 7 | - develop 8 | 9 | env: 10 | PIP_CACHE_DIR: ~/.cache/pip 11 | TESTING_BRANCH_BASE: testing/update_software_lists 12 | 13 | jobs: 14 | setup: 15 | runs-on: ubuntu-latest 16 | outputs: 17 | # Commit author information for git 18 | git_author: ${{ steps.git-config.outputs.author }} 19 | git_email: ${{ steps.git-config.outputs.email }} 20 | git_user: ${{ steps.git-config.outputs.user }} 21 | # The name of the branch used for testing 22 | testing_branch: ${{ steps.testing-branch.outputs.name }} 23 | steps: 24 | - id: git-config 25 | run: | 26 | echo "::set-output name=author::$GIT_USER <$GIT_EMAIL>" 27 | echo "::set-output name=email::$GIT_EMAIL" 28 | echo "::set-output name=user::$GIT_USER" 29 | env: 30 | GIT_EMAIL: ${{ fromJson(secrets.GIT_AUTHOR_INFORMATION).user.email }} 31 | GIT_USER: ${{ fromJson(secrets.GIT_AUTHOR_INFORMATION).user.name }} 32 | - id: testing-branch 33 | run: echo "::set-output name=name::$BASE_BRANCH/$COMMIT_SHA" 34 | env: 35 | BASE_BRANCH: ${{ env.TESTING_BRANCH_BASE }} 36 | COMMIT_SHA: ${{ github.sha }} 37 | generate_updates: 38 | runs-on: ubuntu-latest 39 | needs: setup 40 | outputs: 41 | # If changes are detected then a commit will have been pushed 42 | has_updates: ${{ steps.commit-for-testing.outputs.changes_detected }} 43 | # Don't run if we're seeing an update push 44 | if: github.actor != needs.setup.outputs.git_user 45 | steps: 46 | - uses: actions/checkout@v3 47 | with: 48 | token: ${{ secrets.CISAGOVBOT_PAT }} 49 | - id: setup-python 50 | uses: actions/setup-python@v3 51 | with: 52 | python-version: "3.10" 53 | - uses: actions/cache@v3 54 | env: 55 | BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\ 56 | py${{ steps.setup-python.outputs.python-version }}-" 57 | with: 58 | path: | 59 | ${{ env.PIP_CACHE_DIR }} 60 | key: "${{ env.BASE_CACHE_KEY }}\ 61 | ${{ hashFiles('.github/workflows/update_software_lists.yml') }}-\ 62 | ${{ hashFiles('config/requirements.txt') }}" 63 | restore-keys: | 64 | ${{ env.BASE_CACHE_KEY }} 65 | - name: Update Python base packages 66 | run: python -m pip install --upgrade pip setuptools wheel 67 | - name: Install dependencies 68 | run: pip install --upgrade --requirement config/requirements.txt 69 | - name: Create the branch for test validation 70 | run: git switch --create ${{ needs.setup.outputs.testing_branch }} 71 | - name: Update the YAML and Markdown files as appropriate 72 | run: config/update_software_lists.sh 73 | - id: commit-for-testing 74 | uses: stefanzweifel/git-auto-commit-action@v4 75 | with: 76 | branch: ${{ needs.setup.outputs.testing_branch }} 77 | commit_message: Normalize YAML files and update the software lists 78 | commit_user_name: ${{ needs.setup.outputs.git_user }} 79 | commit_user_email: ${{ needs.setup.outputs.git_email }} 80 | commit_author: ${{ needs.setup.outputs.git_author }} 81 | file_pattern: data/cisagov*.yml software_lists/software_list_*.md 82 | merge_updates: 83 | runs-on: ubuntu-latest 84 | needs: 85 | - setup 86 | - generate_updates 87 | if: needs.generate_updates.outputs.has_updates == 'true' 88 | steps: 89 | - uses: actions/checkout@v3 90 | with: 91 | token: ${{ secrets.CISAGOVBOT_PAT }} 92 | - name: Configure git 93 | run: | 94 | git config user.name "${{ needs.setup.outputs.git_user }}" 95 | git config user.email "${{ needs.setup.outputs.git_email }}" 96 | - uses: lewagon/wait-on-check-action@v1.2.0 97 | with: 98 | check-name: lint 99 | ref: ${{ needs.setup.outputs.testing_branch }} 100 | repo-token: ${{ github.token }} 101 | - name: Merge the testing branch 102 | run: | 103 | git fetch 104 | git merge origin/${{ needs.setup.outputs.testing_branch }} 105 | git push 106 | - name: Cleanup testing branch 107 | run: git push --delete origin ${{ needs.setup.outputs.testing_branch }} 108 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # This file specifies intentionally untracked files that Git should ignore. 2 | # Files already tracked by Git are not affected. 3 | # See: https://git-scm.com/docs/gitignore 4 | 5 | ## Python ## 6 | __pycache__ 7 | .mypy_cache 8 | .python-version 9 | -------------------------------------------------------------------------------- /.mdl_config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Default state for all rules 4 | default: true 5 | 6 | # MD003/heading-style/header-style - Heading style 7 | MD003: 8 | # Enforce the ATX-closed style of header 9 | style: "atx_closed" 10 | 11 | # MD004/ul-style - Unordered list style 12 | MD004: 13 | # Enforce dashes for unordered lists 14 | style: "dash" 15 | 16 | # MD013/line-length - Line length 17 | MD013: 18 | # Do not enforce for code blocks 19 | code_blocks: false 20 | # Do not enforce for tables 21 | tables: false 22 | 23 | # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the 24 | # same content 25 | MD024: 26 | # Allow headers with the same content as long as they are not in the same 27 | # parent heading 28 | allow_different_nesting: true 29 | 30 | # MD029/ol-prefix - Ordered list item prefix 31 | MD029: 32 | # Enforce the `1.` style for ordered lists 33 | style: "one" 34 | 35 | # MD033/no-inline-html - Inline HTML 36 | MD033: 37 | # The h1 and img elements are allowed to permit header images 38 | allowed_elements: 39 | - h1 40 | - img 41 | 42 | # MD035/hr-style - Horizontal rule style 43 | MD035: 44 | # Enforce dashes for horizontal rules 45 | style: "---" 46 | 47 | # MD046/code-block-style - Code block style 48 | MD046: 49 | # Enforce the fenced style for code blocks 50 | style: "fenced" 51 | 52 | # MD049/emphasis-style - Emphasis style should be consistent 53 | MD049: 54 | # Enforce asterisks as the style to use for emphasis 55 | style: "asterisk" 56 | 57 | # MD050/strong-style - Strong style should be consistent 58 | MD050: 59 | # Enforce asterisks as the style to use for strong 60 | style: "asterisk" 61 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | default_language_version: 3 | # force all unspecified python hooks to run python3 4 | python: python3 5 | 6 | repos: 7 | - repo: https://github.com/pre-commit/pre-commit-hooks 8 | rev: v4.3.0 9 | hooks: 10 | - id: check-case-conflict 11 | - id: check-executables-have-shebangs 12 | - id: check-json 13 | - id: check-merge-conflict 14 | - id: check-toml 15 | - id: check-xml 16 | - id: debug-statements 17 | - id: detect-aws-credentials 18 | args: 19 | - --allow-missing-credentials 20 | - id: detect-private-key 21 | - id: end-of-file-fixer 22 | exclude: files/(issue|motd) 23 | - id: mixed-line-ending 24 | args: 25 | - --fix=lf 26 | - id: pretty-format-json 27 | args: 28 | - --autofix 29 | - id: requirements-txt-fixer 30 | - id: trailing-whitespace 31 | 32 | # Text file hooks 33 | - repo: https://github.com/igorshubovych/markdownlint-cli 34 | rev: v0.32.2 35 | hooks: 36 | - id: markdownlint 37 | args: 38 | - --config=.mdl_config.yaml 39 | - repo: https://github.com/pre-commit/mirrors-prettier 40 | rev: v3.0.0-alpha.4 41 | hooks: 42 | - id: prettier 43 | - repo: https://github.com/adrienverge/yamllint 44 | rev: v1.28.0 45 | hooks: 46 | - id: yamllint 47 | args: 48 | - --strict 49 | 50 | # GitHub Actions hooks 51 | - repo: https://github.com/python-jsonschema/check-jsonschema 52 | rev: 0.18.4 53 | hooks: 54 | - id: check-github-actions 55 | - id: check-github-workflows 56 | 57 | # Shell script hooks 58 | - repo: https://github.com/cisagov/pre-commit-shfmt 59 | rev: v0.0.2 60 | hooks: 61 | - id: shfmt 62 | args: 63 | # Indent by two spaces 64 | - -i 65 | - '2' 66 | # Binary operators may start a line 67 | - -bn 68 | # Switch cases are indented 69 | - -ci 70 | # Redirect operators are followed by a space 71 | - -sr 72 | - repo: https://github.com/detailyang/pre-commit-shell 73 | rev: 1.0.5 74 | hooks: 75 | - id: shell-lint 76 | -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | # Already being linted by pretty-format-json 2 | *.json 3 | # Already being linted by mdl 4 | *.md 5 | # Already being linted by yamllint 6 | *.yaml 7 | *.yml 8 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | # yamllint does not like it when you comment out different parts of 6 | # dictionaries in a list. You can see 7 | # https://github.com/adrienverge/yamllint/issues/384 for some examples of 8 | # this behavior. 9 | comments-indentation: disable 10 | 11 | # Enforcing this rule would be complicated for auto-generated data right now. 12 | line-length: disable 13 | 14 | # yamllint doesn't like when we use yes and no for true and false, 15 | # but that's pretty standard in Ansible. 16 | truthy: disable 17 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Welcome # 2 | 3 | We're so glad you're thinking about contributing to this open source 4 | project! If you're unsure or afraid of anything, just ask or submit 5 | the issue or pull request anyway. The worst that can happen is that 6 | you'll be politely asked to change something. We appreciate any sort 7 | of contribution, and don't want a wall of rules to get in the way of 8 | that. 9 | 10 | Before contributing, we encourage you to read our CONTRIBUTING policy 11 | (you are here), our [LICENSE](LICENSE), and our [README](README.md), 12 | all of which should be in this repository. 13 | 14 | ## Issues ## 15 | 16 | If you want to report a bug or request a new feature, the most direct 17 | method is to [create an 18 | issue](https://github.com/cisagov/log4j-affected-db/issues) in this 19 | repository. We recommend that you first search through existing 20 | issues (both open and closed) to check if your particular issue has 21 | already been reported. If it has then you might want to add a comment 22 | to the existing issue. If it hasn't then feel free to create a new 23 | one. 24 | 25 | ## Pull requests ## 26 | 27 | If you choose to [submit a pull 28 | request](https://github.com/cisagov/log4j-affected-db/pulls), you will 29 | notice that our continuous integration (CI) system runs a fairly 30 | extensive set of linters and syntax checkers. Your pull request may 31 | fail these checks, and that's OK. If you want you can stop there and 32 | wait for us to make the necessary corrections to ensure your code 33 | passes the CI checks. 34 | 35 | If you want to make the changes yourself, or if you want to become a 36 | regular contributor, then you will want to set up 37 | [pre-commit](https://pre-commit.com/) on your local machine. Once you 38 | do that, the CI checks will run locally before you even write your 39 | commit message. This speeds up your development cycle considerably. 40 | 41 | ### Creating a pull request ### 42 | 43 | Instructions for creating a pull request using the GitHub Web UI can be found 44 | in [`PULL-EXAMPLE.md`](PULL-EXAMPLE.md). 45 | 46 | ### Setting up pre-commit ### 47 | 48 | There are a few ways to do this, but we prefer to use 49 | [`pyenv`](https://github.com/pyenv/pyenv) and 50 | [`pyenv-virtualenv`](https://github.com/pyenv/pyenv-virtualenv) to 51 | create and manage a Python virtual environment specific to this 52 | project. 53 | 54 | #### Installing and using `pyenv` and `pyenv-virtualenv` #### 55 | 56 | On the Mac, we recommend installing [brew](https://brew.sh/). Then 57 | installation is as simple as `brew install pyenv pyenv-virtualenv` and 58 | adding this to your profile: 59 | 60 | ```bash 61 | export PYENV_ROOT="$HOME/.pyenv" 62 | export PATH="$PYENV_ROOT/bin:$PATH" 63 | eval "$(pyenv init --path)" 64 | eval "$(pyenv init -)" 65 | eval "$(pyenv virtualenv-init -)" 66 | ``` 67 | 68 | For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you 69 | don't want to use `brew`) you can use 70 | [pyenv/pyenv-installer](https://github.com/pyenv/pyenv-installer) to 71 | install the necessary tools. Before running this ensure that you have 72 | installed the prerequisites for your platform according to the 73 | [`pyenv` wiki 74 | page](https://github.com/pyenv/pyenv/wiki/common-build-problems). 75 | 76 | On WSL you should treat your platform as whatever Linux distribution 77 | you've chosen to install. 78 | 79 | Once you have installed `pyenv` you will need to add the following 80 | lines to your `.bash_profile` (or `.profile`): 81 | 82 | ```bash 83 | export PYENV_ROOT="$HOME/.pyenv" 84 | export PATH="$PYENV_ROOT/bin:$PATH" 85 | eval "$(pyenv init --path)" 86 | ``` 87 | 88 | and then add the following lines to your `.bashrc`: 89 | 90 | ```bash 91 | eval "$(pyenv init -)" 92 | eval "$(pyenv virtualenv-init -)" 93 | ``` 94 | 95 | If you want more information about setting up `pyenv` once installed, please run 96 | 97 | ```console 98 | pyenv init 99 | ``` 100 | 101 | and 102 | 103 | ```console 104 | pyenv virtualenv-init 105 | ``` 106 | 107 | for the current configuration instructions. 108 | 109 | If you are using a shell other than `bash` you should follow the 110 | instructions that the `pyenv-installer` script outputs. 111 | 112 | You will need to reload your shell for these changes to take effect so 113 | you can begin to use `pyenv`. 114 | 115 | For a list of Python versions that are already installed and ready to 116 | use with `pyenv`, use the command `pyenv versions`. To see a list of 117 | the Python versions available to be installed and used with `pyenv` 118 | use the command `pyenv install --list`. You can read more 119 | [here](https://github.com/pyenv/pyenv/blob/master/COMMANDS.md) about 120 | the many things that `pyenv` can do. See 121 | [here](https://github.com/pyenv/pyenv-virtualenv#usage) for the 122 | additional capabilities that pyenv-virtualenv adds to the `pyenv` 123 | command. 124 | 125 | #### Creating the Python virtual environment #### 126 | 127 | Once `pyenv` and `pyenv-virtualenv` are installed on your system, you 128 | can create and configure the Python virtual environment with these 129 | commands: 130 | 131 | ```console 132 | cd log4j-affected-db 133 | pyenv virtualenv log4j-affected-db 134 | pyenv local log4j-affected-db 135 | pip install --upgrade pip setuptools wheel pre-commit 136 | ``` 137 | 138 | #### Installing the pre-commit hook #### 139 | 140 | Now setting up pre-commit is as simple as: 141 | 142 | ```console 143 | pre-commit install 144 | ``` 145 | 146 | At this point the pre-commit checks will run against any files that 147 | you attempt to commit. If you want to run the checks against the 148 | entire repo, just execute `pre-commit run --all-files`. 149 | 150 | ## Public domain ## 151 | 152 | This project is in the public domain within the United States, and 153 | copyright and related rights in the work worldwide are waived through 154 | the [CC0 1.0 Universal public domain 155 | dedication](https://creativecommons.org/publicdomain/zero/1.0/). 156 | 157 | All contributions to this project will be released under the CC0 158 | dedication. By submitting a pull request, you are agreeing to comply 159 | with this waiver of copyright interest. 160 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | CC0 1.0 Universal 2 | 3 | Statement of Purpose 4 | 5 | The laws of most jurisdictions throughout the world automatically confer 6 | exclusive Copyright and Related Rights (defined below) upon the creator and 7 | subsequent owner(s) (each and all, an "owner") of an original work of 8 | authorship and/or a database (each, a "Work"). 9 | 10 | Certain owners wish to permanently relinquish those rights to a Work for the 11 | purpose of contributing to a commons of creative, cultural and scientific 12 | works ("Commons") that the public can reliably and without fear of later 13 | claims of infringement build upon, modify, incorporate in other works, reuse 14 | and redistribute as freely as possible in any form whatsoever and for any 15 | purposes, including without limitation commercial purposes. These owners may 16 | contribute to the Commons to promote the ideal of a free culture and the 17 | further production of creative, cultural and scientific works, or to gain 18 | reputation or greater distribution for their Work in part through the use and 19 | efforts of others. 20 | 21 | For these and/or other purposes and motivations, and without any expectation 22 | of additional consideration or compensation, the person associating CC0 with a 23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright 24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work 25 | and publicly distribute the Work under its terms, with knowledge of his or her 26 | Copyright and Related Rights in the Work and the meaning and intended legal 27 | effect of CC0 on those rights. 28 | 29 | 1. Copyright and Related Rights. A Work made available under CC0 may be 30 | protected by copyright and related or neighboring rights ("Copyright and 31 | Related Rights"). Copyright and Related Rights include, but are not limited 32 | to, the following: 33 | 34 | i. the right to reproduce, adapt, distribute, perform, display, communicate, 35 | and translate a Work; 36 | 37 | ii. moral rights retained by the original author(s) and/or performer(s); 38 | 39 | iii. publicity and privacy rights pertaining to a person's image or likeness 40 | depicted in a Work; 41 | 42 | iv. rights protecting against unfair competition in regards to a Work, 43 | subject to the limitations in paragraph 4(a), below; 44 | 45 | v. rights protecting the extraction, dissemination, use and reuse of data in 46 | a Work; 47 | 48 | vi. database rights (such as those arising under Directive 96/9/EC of the 49 | European Parliament and of the Council of 11 March 1996 on the legal 50 | protection of databases, and under any national implementation thereof, 51 | including any amended or successor version of such directive); and 52 | 53 | vii. other similar, equivalent or corresponding rights throughout the world 54 | based on applicable law or treaty, and any national implementations thereof. 55 | 56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of, 57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and 58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright 59 | and Related Rights and associated claims and causes of action, whether now 60 | known or unknown (including existing as well as future claims and causes of 61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum 62 | duration provided by applicable law or treaty (including future time 63 | extensions), (iii) in any current or future medium and for any number of 64 | copies, and (iv) for any purpose whatsoever, including without limitation 65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes 66 | the Waiver for the benefit of each member of the public at large and to the 67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver 68 | shall not be subject to revocation, rescission, cancellation, termination, or 69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work 70 | by the public as contemplated by Affirmer's express Statement of Purpose. 71 | 72 | 3. Public License Fallback. Should any part of the Waiver for any reason be 73 | judged legally invalid or ineffective under applicable law, then the Waiver 74 | shall be preserved to the maximum extent permitted taking into account 75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver 76 | is so judged Affirmer hereby grants to each affected person a royalty-free, 77 | non transferable, non sublicensable, non exclusive, irrevocable and 78 | unconditional license to exercise Affirmer's Copyright and Related Rights in 79 | the Work (i) in all territories worldwide, (ii) for the maximum duration 80 | provided by applicable law or treaty (including future time extensions), (iii) 81 | in any current or future medium and for any number of copies, and (iv) for any 82 | purpose whatsoever, including without limitation commercial, advertising or 83 | promotional purposes (the "License"). The License shall be deemed effective as 84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the 85 | License for any reason be judged legally invalid or ineffective under 86 | applicable law, such partial invalidity or ineffectiveness shall not 87 | invalidate the remainder of the License, and in such case Affirmer hereby 88 | affirms that he or she will not (i) exercise any of his or her remaining 89 | Copyright and Related Rights in the Work or (ii) assert any associated claims 90 | and causes of action with respect to the Work, in either case contrary to 91 | Affirmer's express Statement of Purpose. 92 | 93 | 4. Limitations and Disclaimers. 94 | 95 | a. No trademark or patent rights held by Affirmer are waived, abandoned, 96 | surrendered, licensed or otherwise affected by this document. 97 | 98 | b. Affirmer offers the Work as-is and makes no representations or warranties 99 | of any kind concerning the Work, express, implied, statutory or otherwise, 100 | including without limitation warranties of title, merchantability, fitness 101 | for a particular purpose, non infringement, or the absence of latent or 102 | other defects, accuracy, or the present or absence of errors, whether or not 103 | discoverable, all to the greatest extent permissible under applicable law. 104 | 105 | c. Affirmer disclaims responsibility for clearing rights of other persons 106 | that may apply to the Work or any use thereof, including without limitation 107 | any person's Copyright and Related Rights in the Work. Further, Affirmer 108 | disclaims responsibility for obtaining any necessary consents, permissions 109 | or other rights required for any use of the Work. 110 | 111 | d. Affirmer understands and acknowledges that Creative Commons is not a 112 | party to this document and has no duty or obligation with respect to this 113 | CC0 or use of the Work. 114 | 115 | For more information, please see 116 | 117 | -------------------------------------------------------------------------------- /PULL-EXAMPLE.md: -------------------------------------------------------------------------------- 1 | # Pull Request Example # 2 | 3 | Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please 4 | follow the steps listed below in order to add a product to the public 5 | repository. **Note:** To assure the accuracy of data please only include 6 | products that have official advisories or alerts that verify the product's 7 | vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), 8 | [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), 9 | [CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), 10 | and/or [CVE-2021-45105](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). 11 | 12 | **Step 1:** Go to the [cisagov data .yml files](https://github.com/cisagov/log4j-affected-db/tree/develop/data/) 13 | and choose the appropriate file to include your updates. 14 | The files are separated alphabetically based on the first letter of the 15 | vendor name. For example, 'CISA' would be located in 16 | [`cisagov_C.yml`](https://github.com/cisagov/log4j-affected-db/blob/develop/data/cisagov_C.yml). 17 | 18 | **Step 2:** Click the file edit button. 19 | 20 | **Step 3:** Add the blank template to the **.yml** file for new entries and fill 21 | it out with the correct data. 22 | 23 | Blank template: 24 | 25 | ```yml 26 | - vendor: '' 27 | product: '' 28 | cves: 29 | cve-2021-4104: 30 | investigated: '' 31 | affected_versions: [] 32 | fixed_versions: [] 33 | unaffected_versions: [] 34 | cve-2021-44228: 35 | investigated: '' 36 | affected_versions: [] 37 | fixed_versions: [] 38 | unaffected_versions: [] 39 | cve-2021-45046: 40 | investigated: '' 41 | affected_versions: [] 42 | fixed_versions: [] 43 | unaffected_versions: [] 44 | cve-2021-45105: 45 | investigated: '' 46 | affected_versions: [] 47 | fixed_versions: [] 48 | unaffected_versions: [] 49 | vendor_links: 50 | - '' 51 | notes: '' 52 | references: 53 | - '' 54 | last_updated: '' 55 | ``` 56 | 57 | **Step 4:** Verify the new entry was entered before and/or after the prior and 58 | next entries. 59 | 60 | - If you are adding it to the beginning of the file, ensure you are pasting 61 | it after `software:` and before the next entry starting with `- vendor:`. 62 | - If you are adding it to the end of the file, ensure the entry ends before 63 | the file is closed out with `...`. 64 | 65 | **Step 5:** When you add content to the file, remove the `''` or `[]` for fields 66 | which are replaced with values (strings `''` or lists `[]` should be replaced as 67 | shown in the example below, with list values on the following line(s) starting 68 | with hyphen(s) `-`). The symbols should only remain used when fields remain 69 | empty. For example, `fixed_versions: []` in our example below remains as is, 70 | given there are no patched versions available for this entry. 71 | 72 | **Note:** not all fields have to be updated. 73 | 74 | Entry example: 75 | 76 | ```yml 77 | - vendor: Example Vendor 78 | product: Example Product 79 | cves: 80 | cve-2021-4104: 81 | investigated: false 82 | affected_versions: [] 83 | fixed_versions: [] 84 | unaffected_versions: [] 85 | cve-2021-44228: 86 | investigated: true 87 | affected_versions: 88 | - <=8.4.6 89 | - <=8.5.3 90 | - <=8.6.4 91 | fixed_versions: [] 92 | unaffected_versions: [] 93 | cve-2021-45046: 94 | investigated: '' 95 | affected_versions: [] 96 | fixed_versions: [] 97 | unaffected_versions: [] 98 | cve-2021-45105: 99 | investigated: '' 100 | affected_versions: [] 101 | fixed_versions: [] 102 | unaffected_versions: [] 103 | vendor_links: 104 | - https://www.example.org/ 105 | notes: Contains vulnerable code but not likely to get 106 | unauthenticated user input to the log4j component. 107 | references: 108 | - '' 109 | last_updated: '2021-12-14T00:00:00' 110 | ``` 111 | 112 | **Step 6:** Validate that your data follows the appropriate format and proceed 113 | with submitting the pull request. 114 | 115 | For any additional questions feel free to [submit an Issue](https://github.com/cisagov/log4j-affected-db/issues). 116 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Vulnerability Guidance # 2 | 3 | This repository provides 4 | [CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) 5 | and an overview of related software regarding the Log4j vulnerability 6 | (CVE-2021-44228). CISA urges users and administrators to upgrade to Log4j 2.17.1 7 | (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6), and review and monitor the 8 | [Apache Log4j Security Vulnerabilities webpage](https://logging.apache.org/log4j/2.x/security.html) 9 | for updates and mitigation guidance. 10 | 11 | The information in this repository is provided "as is" for informational 12 | purposes only and is being assembled and updated by CISA through 13 | collaboration with the broader cybersecurity community. Inquire with the 14 | manufacturer or their respective online resources for the most up-to-date 15 | information regarding any specific product listed. CISA does not endorse 16 | any commercial product or service, including any subjects of analysis. 17 | Any reference to specific commercial products, processes, or services by 18 | service mark, trademark, manufacturer, or otherwise, does not constitute 19 | or imply their endorsement, recommendation, or favoring by CISA. 20 | 21 | ## Official CISA Guidance & Resources ## 22 | 23 | - [CISA Apache Log4j Vulnerability Guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) 24 | - [CISA ED 22-02: Apache Log4j Recommended Mitigation Measures](https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures) 25 | - [CISA ALERT (AA21-356A): Mitigating Log4Shell and Other Log4j-Related Vulnerabilities](https://www.cisa.gov/uscert/ncas/alerts/aa21-356a) 26 | - [Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability](https://www.cisa.gov/emergency-directive-22-02) 27 | - [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability). 28 | 29 | ## CISA Current Activity Alerts ## 30 | 31 | - [Mitigating Log4Shell and Other Log4j-Related Vulnerabilities](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities) 32 | - [CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache) 33 | - [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce) 34 | - [CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228) 35 | 36 | National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) 37 | 38 | ## CISA Mitigation Guidance ## 39 | 40 | When updates are available, agencies must update software 41 | using Log4j to the newest version, which is the most 42 | effective and manageable long-term option. Where 43 | updating is not possible, the following mitigating 44 | measures can be considered as a temporary solution 45 | and apply to the entire solution stack. 46 | 47 | - **Disable Log4j library.** Disabling software using the 48 | Log4j library is an effective measure, favoring 49 | controlled downtime over adversary-caused issues. 50 | This option could cause operational impacts and limit 51 | visibility into other issues. 52 | - **Disable JNDI lookups or disable remote codebases.** 53 | This option, while effective, may involve 54 | developer work and could impact functionality. 55 | - **Disconnect affected stacks.** Solution stacks not 56 | connected to agency networks pose a dramatically 57 | lower risk from attack. Consider temporarily 58 | disconnecting the stack from agency networks. 59 | - **Isolate the system.** Create a “vulnerable network” 60 | VLAN and segment the solution stack from the 61 | rest of the enterprise network. 62 | - **Deploy a properly configured Web Application 63 | Firewall (WAF) in front of the solution stack.** 64 | Deploying a WAF is an important, but incomplete, 65 | solution. While threat actors will be able to 66 | bypass this mitigation, the reduction in alerting 67 | will allow an agency SOC to focus on a smaller 68 | set of alerts. 69 | - **Apply micropatch.** There are several micropatches 70 | available. They are not a part of the official 71 | update but may limit agency risk. 72 | - Report incidents promptly to CISA and/or the FBI 73 | [here](https://www.cisa.gov/uscert/report). 74 | 75 | For more information regarding CISA recommended mitigation measures please visit 76 | [here](https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures). 77 | 78 | ## Contributing ## 79 | 80 | We welcome contributions! Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for 81 | details. 82 | 83 | ### Creating a pull request ### 84 | 85 | Instructions for creating a pull request using the GitHub Web UI can be found 86 | in [`PULL-EXAMPLE.md`](PULL-EXAMPLE.md). 87 | 88 | ## Software List ## 89 | 90 | To view the full list of vendors & software [click here](./software_lists/README.md). 91 | -------------------------------------------------------------------------------- /config/SOFTWARE-LIST.tpl.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | {{software_markdown_table}} 35 | -------------------------------------------------------------------------------- /config/requirements.txt: -------------------------------------------------------------------------------- 1 | https://github.com/cisagov/log4j-md-yml/archive/v1.1.1.tar.gz 2 | -------------------------------------------------------------------------------- /config/update_software_lists.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script is used to do the following: 4 | # - Normalize each of the data/cisagov_*.yml files. 5 | # - Update the comprehensive data/cisagov.yml file. 6 | # - Generate each software_lists/software_list_*.md file from its respective 7 | # data/cisagov_*.yml file. 8 | 9 | set -o nounset 10 | set -o errexit 11 | set -o pipefail 12 | 13 | OUTPUT_DIRECTORY=software_lists 14 | TEMPLATE_FILE=config/SOFTWARE-LIST.tpl.md 15 | 16 | echo Normalize individual cisagov YAML files 17 | for file in data/cisagov_*.yml; do 18 | echo " $file..." 19 | normalize-yml --cisagov-format "$file" > "$file".tmp 20 | mv --force "$file".tmp "$file" 21 | done 22 | 23 | echo Update the comprehensive cisagov YAML file 24 | normalize-yml --cisagov-format data/cisagov_*.yml > data/cisagov.yml 25 | 26 | echo Generate Markdown files from the individual cisagov YAML files 27 | for file in data/cisagov_*.yml; do 28 | echo " $file..." 29 | # Convert the file path data/cisagov_*.yml to software_list_*.md 30 | md_file=$(echo "$file" | sed 's/data\/cisagov_$.\+$yml/software_list_\1md/g') 31 | normalize-yml "$file" > "$file.tmp" 32 | yml2md "$file.tmp" > "$md_file.tmp" 33 | md-from-template $TEMPLATE_FILE "$md_file.tmp" > "$OUTPUT_DIRECTORY/$md_file" 34 | done 35 | -------------------------------------------------------------------------------- /data/cisagov_Non-Alphabet.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '1.0' 3 | owners: 4 | - name: cisagov 5 | url: https://github.com/cisagov/log4j-affected-db 6 | software: 7 | - vendor: 1Password 8 | product: All products 9 | cves: 10 | cve-2021-4104: 11 | investigated: true 12 | affected_versions: [] 13 | fixed_versions: [] 14 | unaffected_versions: 15 | - '>= 1.0.0' 16 | cve-2021-44228: 17 | investigated: true 18 | affected_versions: [] 19 | fixed_versions: [] 20 | unaffected_versions: 21 | - '>= 1.0.0' 22 | cve-2021-45046: 23 | investigated: true 24 | affected_versions: [] 25 | fixed_versions: [] 26 | unaffected_versions: 27 | - '>= 1.0.0' 28 | cve-2021-45105: 29 | investigated: true 30 | affected_versions: [] 31 | fixed_versions: [] 32 | unaffected_versions: 33 | - '>= 1.0.0' 34 | vendor_links: 35 | - https://support.1password.com/kb/202112/ 36 | notes: '' 37 | references: 38 | - '' 39 | last_updated: '2021-01-14T00:00:00' 40 | - vendor: 2n 41 | product: '' 42 | cves: 43 | cve-2021-4104: 44 | investigated: false 45 | affected_versions: [] 46 | fixed_versions: [] 47 | unaffected_versions: [] 48 | cve-2021-44228: 49 | investigated: false 50 | affected_versions: [] 51 | fixed_versions: [] 52 | unaffected_versions: [] 53 | cve-2021-45046: 54 | investigated: false 55 | affected_versions: [] 56 | fixed_versions: [] 57 | unaffected_versions: [] 58 | cve-2021-45105: 59 | investigated: false 60 | affected_versions: [] 61 | fixed_versions: [] 62 | unaffected_versions: [] 63 | vendor_links: 64 | - https://www.2n.com/cs_CZ/novinky/produkty-2n-neohrozuje-zranitelnost-cve-2021-44228-komponenty-log4j-2 65 | notes: '' 66 | references: 67 | - '' 68 | last_updated: '2022-01-12T07:18:50+00:00' 69 | - vendor: 3CX 70 | product: '' 71 | cves: 72 | cve-2021-4104: 73 | investigated: false 74 | affected_versions: [] 75 | fixed_versions: [] 76 | unaffected_versions: [] 77 | cve-2021-44228: 78 | investigated: false 79 | affected_versions: [] 80 | fixed_versions: [] 81 | unaffected_versions: [] 82 | cve-2021-45046: 83 | investigated: false 84 | affected_versions: [] 85 | fixed_versions: [] 86 | unaffected_versions: [] 87 | cve-2021-45105: 88 | investigated: false 89 | affected_versions: [] 90 | fixed_versions: [] 91 | unaffected_versions: [] 92 | vendor_links: 93 | - https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911 94 | notes: '' 95 | references: 96 | - '' 97 | last_updated: '2022-01-12T07:18:50+00:00' 98 | - vendor: 3M Health Information Systems 99 | product: CGS 100 | cves: 101 | cve-2021-4104: 102 | investigated: false 103 | affected_versions: [] 104 | fixed_versions: [] 105 | unaffected_versions: [] 106 | cve-2021-44228: 107 | investigated: false 108 | affected_versions: [] 109 | fixed_versions: [] 110 | unaffected_versions: [] 111 | cve-2021-45046: 112 | investigated: false 113 | affected_versions: [] 114 | fixed_versions: [] 115 | unaffected_versions: [] 116 | cve-2021-45105: 117 | investigated: false 118 | affected_versions: [] 119 | fixed_versions: [] 120 | unaffected_versions: [] 121 | vendor_links: 122 | - https://support.3mhis.com/app/account/updates/ri/5210 123 | notes: This advisory is available to customer only and has not been reviewed by 124 | CISA. 125 | references: 126 | - '' 127 | last_updated: '2021-12-15T00:00:00' 128 | - vendor: 7-Zip 129 | product: '' 130 | cves: 131 | cve-2021-4104: 132 | investigated: false 133 | affected_versions: [] 134 | fixed_versions: [] 135 | unaffected_versions: [] 136 | cve-2021-44228: 137 | investigated: false 138 | affected_versions: [] 139 | fixed_versions: [] 140 | unaffected_versions: [] 141 | cve-2021-45046: 142 | investigated: false 143 | affected_versions: [] 144 | fixed_versions: [] 145 | unaffected_versions: [] 146 | cve-2021-45105: 147 | investigated: false 148 | affected_versions: [] 149 | fixed_versions: [] 150 | unaffected_versions: [] 151 | vendor_links: 152 | - https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1 153 | notes: '' 154 | references: 155 | - '' 156 | last_updated: '2022-01-12T07:18:50+00:00' 157 | - vendor: 7Signal 158 | product: Sapphire 159 | cves: 160 | cve-2021-4104: 161 | investigated: true 162 | affected_versions: [] 163 | fixed_versions: [] 164 | unaffected_versions: 165 | - '' 166 | cve-2021-44228: 167 | investigated: true 168 | affected_versions: [] 169 | fixed_versions: 170 | - '' 171 | unaffected_versions: [] 172 | cve-2021-45046: 173 | investigated: false 174 | affected_versions: [] 175 | fixed_versions: [] 176 | unaffected_versions: [] 177 | cve-2021-45105: 178 | investigated: false 179 | affected_versions: [] 180 | fixed_versions: [] 181 | unaffected_versions: [] 182 | vendor_links: 183 | - https://www.7signal.com/info/se-release-notes 184 | notes: Fix released 2021-12-14 185 | references: 186 | - '' 187 | last_updated: '2021-12-14T00:00:00' 188 | ... 189 | -------------------------------------------------------------------------------- /data/cisagov_U.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '1.0' 3 | owners: 4 | - name: cisagov 5 | url: https://github.com/cisagov/log4j-affected-db 6 | software: 7 | - vendor: Ubiquiti 8 | product: UniFi Network Application 9 | cves: 10 | cve-2021-4104: 11 | investigated: false 12 | affected_versions: [] 13 | fixed_versions: [] 14 | unaffected_versions: [] 15 | cve-2021-44228: 16 | investigated: true 17 | affected_versions: 18 | - 6.5.53 & lower versions 19 | fixed_versions: [] 20 | unaffected_versions: [] 21 | cve-2021-45046: 22 | investigated: false 23 | affected_versions: [] 24 | fixed_versions: [] 25 | unaffected_versions: [] 26 | cve-2021-45105: 27 | investigated: false 28 | affected_versions: [] 29 | fixed_versions: [] 30 | unaffected_versions: [] 31 | vendor_links: 32 | - https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 33 | notes: '' 34 | references: 35 | - '' 36 | last_updated: '2022-01-12T07:18:50+00:00' 37 | - vendor: Ubiquiti 38 | product: UniFi Network Controller 39 | cves: 40 | cve-2021-4104: 41 | investigated: false 42 | affected_versions: [] 43 | fixed_versions: [] 44 | unaffected_versions: [] 45 | cve-2021-44228: 46 | investigated: true 47 | affected_versions: 48 | - 6.5.54 & lower versions 49 | fixed_versions: [] 50 | unaffected_versions: [] 51 | cve-2021-45046: 52 | investigated: false 53 | affected_versions: [] 54 | fixed_versions: [] 55 | unaffected_versions: [] 56 | cve-2021-45105: 57 | investigated: false 58 | affected_versions: [] 59 | fixed_versions: [] 60 | unaffected_versions: [] 61 | vendor_links: 62 | - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e 63 | notes: '' 64 | references: 65 | - 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation 66 | for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 67 | last_updated: '2021-12-15T00:00:00' 68 | - vendor: Ubuntu 69 | product: '' 70 | cves: 71 | cve-2021-4104: 72 | investigated: false 73 | affected_versions: [] 74 | fixed_versions: [] 75 | unaffected_versions: [] 76 | cve-2021-44228: 77 | investigated: false 78 | affected_versions: [] 79 | fixed_versions: [] 80 | unaffected_versions: [] 81 | cve-2021-45046: 82 | investigated: false 83 | affected_versions: [] 84 | fixed_versions: [] 85 | unaffected_versions: [] 86 | cve-2021-45105: 87 | investigated: false 88 | affected_versions: [] 89 | fixed_versions: [] 90 | unaffected_versions: [] 91 | vendor_links: 92 | - https://ubuntu.com/security/CVE-2021-44228 93 | notes: '' 94 | references: 95 | - '' 96 | last_updated: '2022-01-12T07:18:50+00:00' 97 | - vendor: UiPath 98 | product: InSights 99 | cves: 100 | cve-2021-4104: 101 | investigated: false 102 | affected_versions: [] 103 | fixed_versions: [] 104 | unaffected_versions: [] 105 | cve-2021-44228: 106 | investigated: true 107 | affected_versions: 108 | - '20.10' 109 | fixed_versions: [] 110 | unaffected_versions: [] 111 | cve-2021-45046: 112 | investigated: false 113 | affected_versions: [] 114 | fixed_versions: [] 115 | unaffected_versions: [] 116 | cve-2021-45105: 117 | investigated: false 118 | affected_versions: [] 119 | fixed_versions: [] 120 | unaffected_versions: [] 121 | vendor_links: 122 | - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 123 | notes: '' 124 | references: 125 | - '' 126 | last_updated: '2021-12-15T00:00:00' 127 | - vendor: Umbraco 128 | product: '' 129 | cves: 130 | cve-2021-4104: 131 | investigated: false 132 | affected_versions: [] 133 | fixed_versions: [] 134 | unaffected_versions: [] 135 | cve-2021-44228: 136 | investigated: false 137 | affected_versions: [] 138 | fixed_versions: [] 139 | unaffected_versions: [] 140 | cve-2021-45046: 141 | investigated: false 142 | affected_versions: [] 143 | fixed_versions: [] 144 | unaffected_versions: [] 145 | cve-2021-45105: 146 | investigated: false 147 | affected_versions: [] 148 | fixed_versions: [] 149 | unaffected_versions: [] 150 | vendor_links: 151 | - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ 152 | notes: '' 153 | references: 154 | - '' 155 | last_updated: '2022-01-12T07:18:50+00:00' 156 | - vendor: UniFlow 157 | product: '' 158 | cves: 159 | cve-2021-4104: 160 | investigated: false 161 | affected_versions: [] 162 | fixed_versions: [] 163 | unaffected_versions: [] 164 | cve-2021-44228: 165 | investigated: false 166 | affected_versions: [] 167 | fixed_versions: [] 168 | unaffected_versions: [] 169 | cve-2021-45046: 170 | investigated: false 171 | affected_versions: [] 172 | fixed_versions: [] 173 | unaffected_versions: [] 174 | cve-2021-45105: 175 | investigated: false 176 | affected_versions: [] 177 | fixed_versions: [] 178 | unaffected_versions: [] 179 | vendor_links: 180 | - https://www.uniflow.global/en/security/security-and-maintenance/ 181 | notes: '' 182 | references: 183 | - '' 184 | last_updated: '2022-01-12T07:18:50+00:00' 185 | - vendor: Unify ATOS 186 | product: '' 187 | cves: 188 | cve-2021-4104: 189 | investigated: false 190 | affected_versions: [] 191 | fixed_versions: [] 192 | unaffected_versions: [] 193 | cve-2021-44228: 194 | investigated: false 195 | affected_versions: [] 196 | fixed_versions: [] 197 | unaffected_versions: [] 198 | cve-2021-45046: 199 | investigated: false 200 | affected_versions: [] 201 | fixed_versions: [] 202 | unaffected_versions: [] 203 | cve-2021-45105: 204 | investigated: false 205 | affected_versions: [] 206 | fixed_versions: [] 207 | unaffected_versions: [] 208 | vendor_links: 209 | - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf 210 | notes: '' 211 | references: 212 | - '' 213 | last_updated: '2022-01-12T07:18:50+00:00' 214 | - vendor: Unimus 215 | product: '' 216 | cves: 217 | cve-2021-4104: 218 | investigated: false 219 | affected_versions: [] 220 | fixed_versions: [] 221 | unaffected_versions: [] 222 | cve-2021-44228: 223 | investigated: false 224 | affected_versions: [] 225 | fixed_versions: [] 226 | unaffected_versions: [] 227 | cve-2021-45046: 228 | investigated: false 229 | affected_versions: [] 230 | fixed_versions: [] 231 | unaffected_versions: [] 232 | cve-2021-45105: 233 | investigated: false 234 | affected_versions: [] 235 | fixed_versions: [] 236 | unaffected_versions: [] 237 | vendor_links: 238 | - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top 239 | notes: '' 240 | references: 241 | - '' 242 | last_updated: '2022-01-12T07:18:50+00:00' 243 | - vendor: USSIGNAL MSP 244 | product: '' 245 | cves: 246 | cve-2021-4104: 247 | investigated: false 248 | affected_versions: [] 249 | fixed_versions: [] 250 | unaffected_versions: [] 251 | cve-2021-44228: 252 | investigated: false 253 | affected_versions: [] 254 | fixed_versions: [] 255 | unaffected_versions: [] 256 | cve-2021-45046: 257 | investigated: false 258 | affected_versions: [] 259 | fixed_versions: [] 260 | unaffected_versions: [] 261 | cve-2021-45105: 262 | investigated: false 263 | affected_versions: [] 264 | fixed_versions: [] 265 | unaffected_versions: [] 266 | vendor_links: 267 | - https://ussignal.com/blog/apache-log4j-vulnerability 268 | notes: '' 269 | references: 270 | - '' 271 | last_updated: '2022-01-12T07:18:50+00:00' 272 | ... 273 | -------------------------------------------------------------------------------- /data/cisagov_Y.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: '1.0' 3 | owners: 4 | - name: cisagov 5 | url: https://github.com/cisagov/log4j-affected-db 6 | software: 7 | - vendor: Yahoo 8 | product: Vespa 9 | cves: 10 | cve-2021-4104: 11 | investigated: true 12 | affected_versions: [] 13 | fixed_versions: [] 14 | unaffected_versions: 15 | - '' 16 | cve-2021-44228: 17 | investigated: true 18 | affected_versions: [] 19 | fixed_versions: [] 20 | unaffected_versions: 21 | - '' 22 | cve-2021-45046: 23 | investigated: true 24 | affected_versions: [] 25 | fixed_versions: [] 26 | unaffected_versions: 27 | - '' 28 | cve-2021-45105: 29 | investigated: true 30 | affected_versions: [] 31 | fixed_versions: [] 32 | unaffected_versions: 33 | - '' 34 | vendor_links: 35 | - https://blog.vespa.ai/log4j-vulnerability/ 36 | notes: Your Vespa application may still be affected if log4j is included in your 37 | application package. 38 | references: 39 | - '' 40 | last_updated: '2022-01-12T07:18:50+00:00' 41 | - vendor: Yellowbrick 42 | product: '' 43 | cves: 44 | cve-2021-4104: 45 | investigated: false 46 | affected_versions: [] 47 | fixed_versions: [] 48 | unaffected_versions: [] 49 | cve-2021-44228: 50 | investigated: false 51 | affected_versions: [] 52 | fixed_versions: [] 53 | unaffected_versions: [] 54 | cve-2021-45046: 55 | investigated: false 56 | affected_versions: [] 57 | fixed_versions: [] 58 | unaffected_versions: [] 59 | cve-2021-45105: 60 | investigated: false 61 | affected_versions: [] 62 | fixed_versions: [] 63 | unaffected_versions: [] 64 | vendor_links: 65 | - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability 66 | notes: '' 67 | references: 68 | - '' 69 | last_updated: '2022-01-12T07:18:50+00:00' 70 | - vendor: YellowFin 71 | product: All 72 | cves: 73 | cve-2021-4104: 74 | investigated: false 75 | affected_versions: [] 76 | fixed_versions: [] 77 | unaffected_versions: [] 78 | cve-2021-44228: 79 | investigated: true 80 | affected_versions: [] 81 | fixed_versions: 82 | - 8.0.10.3, 9.7.0.2 83 | unaffected_versions: [] 84 | cve-2021-45046: 85 | investigated: false 86 | affected_versions: [] 87 | fixed_versions: [] 88 | unaffected_versions: [] 89 | cve-2021-45105: 90 | investigated: false 91 | affected_versions: [] 92 | fixed_versions: [] 93 | unaffected_versions: [] 94 | vendor_links: 95 | - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 96 | notes: v7 and v6 releases are not affected unless you have manually upgraded to 97 | Log4j2. 98 | references: 99 | - '' 100 | last_updated: '2022-01-12T07:18:50+00:00' 101 | - vendor: Yenlo 102 | product: Connext 103 | cves: 104 | cve-2021-4104: 105 | investigated: false 106 | affected_versions: [] 107 | fixed_versions: [] 108 | unaffected_versions: [] 109 | cve-2021-44228: 110 | investigated: true 111 | affected_versions: [] 112 | fixed_versions: [] 113 | unaffected_versions: 114 | - 2.x 115 | cve-2021-45046: 116 | investigated: false 117 | affected_versions: [] 118 | fixed_versions: [] 119 | unaffected_versions: [] 120 | cve-2021-45105: 121 | investigated: false 122 | affected_versions: [] 123 | fixed_versions: [] 124 | unaffected_versions: [] 125 | vendor_links: 126 | - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ 127 | notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components 128 | are not vulnerable. 129 | references: 130 | - '' 131 | last_updated: '2022-01-12T07:18:50+00:00' 132 | - vendor: YOKOGAWA 133 | product: CENTUM VP 134 | cves: 135 | cve-2021-4104: 136 | investigated: false 137 | affected_versions: [] 138 | fixed_versions: [] 139 | unaffected_versions: [] 140 | cve-2021-44228: 141 | investigated: false 142 | affected_versions: [] 143 | fixed_versions: [] 144 | unaffected_versions: [] 145 | cve-2021-45046: 146 | investigated: false 147 | affected_versions: [] 148 | fixed_versions: [] 149 | unaffected_versions: [] 150 | cve-2021-45105: 151 | investigated: false 152 | affected_versions: [] 153 | fixed_versions: [] 154 | unaffected_versions: [] 155 | vendor_links: 156 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 157 | notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. 158 | references: 159 | - '' 160 | last_updated: '2021-12-22T00:00:00' 161 | - vendor: YOKOGAWA 162 | product: CENTUM VP (other components) 163 | cves: 164 | cve-2021-4104: 165 | investigated: false 166 | affected_versions: [] 167 | fixed_versions: [] 168 | unaffected_versions: [] 169 | cve-2021-44228: 170 | investigated: true 171 | affected_versions: [] 172 | fixed_versions: [] 173 | unaffected_versions: 174 | - '' 175 | cve-2021-45046: 176 | investigated: false 177 | affected_versions: [] 178 | fixed_versions: [] 179 | unaffected_versions: [] 180 | cve-2021-45105: 181 | investigated: false 182 | affected_versions: [] 183 | fixed_versions: [] 184 | unaffected_versions: [] 185 | vendor_links: 186 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 187 | notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is 188 | still under investigation. 189 | references: 190 | - '' 191 | last_updated: '2021-12-22T00:00:00' 192 | - vendor: YOKOGAWA 193 | product: CI Server 194 | cves: 195 | cve-2021-4104: 196 | investigated: false 197 | affected_versions: [] 198 | fixed_versions: [] 199 | unaffected_versions: [] 200 | cve-2021-44228: 201 | investigated: true 202 | affected_versions: [] 203 | fixed_versions: [] 204 | unaffected_versions: 205 | - '' 206 | cve-2021-45046: 207 | investigated: false 208 | affected_versions: [] 209 | fixed_versions: [] 210 | unaffected_versions: [] 211 | cve-2021-45105: 212 | investigated: false 213 | affected_versions: [] 214 | fixed_versions: [] 215 | unaffected_versions: [] 216 | vendor_links: 217 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 218 | notes: '' 219 | references: 220 | - '' 221 | last_updated: '2021-12-22T00:00:00' 222 | - vendor: YOKOGAWA 223 | product: Exaopc 224 | cves: 225 | cve-2021-4104: 226 | investigated: false 227 | affected_versions: [] 228 | fixed_versions: [] 229 | unaffected_versions: [] 230 | cve-2021-44228: 231 | investigated: true 232 | affected_versions: [] 233 | fixed_versions: [] 234 | unaffected_versions: 235 | - '' 236 | cve-2021-45046: 237 | investigated: false 238 | affected_versions: [] 239 | fixed_versions: [] 240 | unaffected_versions: [] 241 | cve-2021-45105: 242 | investigated: false 243 | affected_versions: [] 244 | fixed_versions: [] 245 | unaffected_versions: [] 246 | vendor_links: 247 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 248 | notes: '' 249 | references: 250 | - '' 251 | last_updated: '2021-12-22T00:00:00' 252 | - vendor: YOKOGAWA 253 | product: Exaplog 254 | cves: 255 | cve-2021-4104: 256 | investigated: false 257 | affected_versions: [] 258 | fixed_versions: [] 259 | unaffected_versions: [] 260 | cve-2021-44228: 261 | investigated: true 262 | affected_versions: [] 263 | fixed_versions: [] 264 | unaffected_versions: 265 | - '' 266 | cve-2021-45046: 267 | investigated: false 268 | affected_versions: [] 269 | fixed_versions: [] 270 | unaffected_versions: [] 271 | cve-2021-45105: 272 | investigated: false 273 | affected_versions: [] 274 | fixed_versions: [] 275 | unaffected_versions: [] 276 | vendor_links: 277 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 278 | notes: '' 279 | references: 280 | - '' 281 | last_updated: '2021-12-22T00:00:00' 282 | - vendor: YOKOGAWA 283 | product: Exaquantum 284 | cves: 285 | cve-2021-4104: 286 | investigated: false 287 | affected_versions: [] 288 | fixed_versions: [] 289 | unaffected_versions: [] 290 | cve-2021-44228: 291 | investigated: true 292 | affected_versions: [] 293 | fixed_versions: [] 294 | unaffected_versions: 295 | - '' 296 | cve-2021-45046: 297 | investigated: false 298 | affected_versions: [] 299 | fixed_versions: [] 300 | unaffected_versions: [] 301 | cve-2021-45105: 302 | investigated: false 303 | affected_versions: [] 304 | fixed_versions: [] 305 | unaffected_versions: [] 306 | vendor_links: 307 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 308 | notes: '' 309 | references: 310 | - '' 311 | last_updated: '2021-12-22T00:00:00' 312 | - vendor: YOKOGAWA 313 | product: FAST/TOOLS 314 | cves: 315 | cve-2021-4104: 316 | investigated: false 317 | affected_versions: [] 318 | fixed_versions: [] 319 | unaffected_versions: [] 320 | cve-2021-44228: 321 | investigated: true 322 | affected_versions: [] 323 | fixed_versions: [] 324 | unaffected_versions: 325 | - '' 326 | cve-2021-45046: 327 | investigated: false 328 | affected_versions: [] 329 | fixed_versions: [] 330 | unaffected_versions: [] 331 | cve-2021-45105: 332 | investigated: false 333 | affected_versions: [] 334 | fixed_versions: [] 335 | unaffected_versions: [] 336 | vendor_links: 337 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 338 | notes: '' 339 | references: 340 | - '' 341 | last_updated: '2021-12-22T00:00:00' 342 | - vendor: YOKOGAWA 343 | product: PRM 344 | cves: 345 | cve-2021-4104: 346 | investigated: false 347 | affected_versions: [] 348 | fixed_versions: [] 349 | unaffected_versions: [] 350 | cve-2021-44228: 351 | investigated: true 352 | affected_versions: [] 353 | fixed_versions: [] 354 | unaffected_versions: 355 | - '' 356 | cve-2021-45046: 357 | investigated: false 358 | affected_versions: [] 359 | fixed_versions: [] 360 | unaffected_versions: [] 361 | cve-2021-45105: 362 | investigated: false 363 | affected_versions: [] 364 | fixed_versions: [] 365 | unaffected_versions: [] 366 | vendor_links: 367 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 368 | notes: '' 369 | references: 370 | - '' 371 | last_updated: '2021-12-22T00:00:00' 372 | - vendor: YOKOGAWA 373 | product: ProSafe-RS 374 | cves: 375 | cve-2021-4104: 376 | investigated: false 377 | affected_versions: [] 378 | fixed_versions: [] 379 | unaffected_versions: [] 380 | cve-2021-44228: 381 | investigated: true 382 | affected_versions: [] 383 | fixed_versions: [] 384 | unaffected_versions: 385 | - '' 386 | cve-2021-45046: 387 | investigated: false 388 | affected_versions: [] 389 | fixed_versions: [] 390 | unaffected_versions: [] 391 | cve-2021-45105: 392 | investigated: false 393 | affected_versions: [] 394 | fixed_versions: [] 395 | unaffected_versions: [] 396 | vendor_links: 397 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 398 | notes: '' 399 | references: 400 | - '' 401 | last_updated: '2021-12-22T00:00:00' 402 | - vendor: YOKOGAWA 403 | product: ProSafe-RS Lite 404 | cves: 405 | cve-2021-4104: 406 | investigated: false 407 | affected_versions: [] 408 | fixed_versions: [] 409 | unaffected_versions: [] 410 | cve-2021-44228: 411 | investigated: true 412 | affected_versions: [] 413 | fixed_versions: [] 414 | unaffected_versions: 415 | - '' 416 | cve-2021-45046: 417 | investigated: false 418 | affected_versions: [] 419 | fixed_versions: [] 420 | unaffected_versions: [] 421 | cve-2021-45105: 422 | investigated: false 423 | affected_versions: [] 424 | fixed_versions: [] 425 | unaffected_versions: [] 426 | vendor_links: 427 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 428 | notes: '' 429 | references: 430 | - '' 431 | last_updated: '2021-12-22T00:00:00' 432 | - vendor: YOKOGAWA 433 | product: STARDOM 434 | cves: 435 | cve-2021-4104: 436 | investigated: false 437 | affected_versions: [] 438 | fixed_versions: [] 439 | unaffected_versions: [] 440 | cve-2021-44228: 441 | investigated: true 442 | affected_versions: [] 443 | fixed_versions: [] 444 | unaffected_versions: 445 | - '' 446 | cve-2021-45046: 447 | investigated: false 448 | affected_versions: [] 449 | fixed_versions: [] 450 | unaffected_versions: [] 451 | cve-2021-45105: 452 | investigated: false 453 | affected_versions: [] 454 | fixed_versions: [] 455 | unaffected_versions: [] 456 | vendor_links: 457 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 458 | notes: '' 459 | references: 460 | - '' 461 | last_updated: '2021-12-22T00:00:00' 462 | - vendor: YOKOGAWA 463 | product: VTSPortal 464 | cves: 465 | cve-2021-4104: 466 | investigated: false 467 | affected_versions: [] 468 | fixed_versions: [] 469 | unaffected_versions: [] 470 | cve-2021-44228: 471 | investigated: true 472 | affected_versions: [] 473 | fixed_versions: [] 474 | unaffected_versions: 475 | - '' 476 | cve-2021-45046: 477 | investigated: false 478 | affected_versions: [] 479 | fixed_versions: [] 480 | unaffected_versions: [] 481 | cve-2021-45105: 482 | investigated: false 483 | affected_versions: [] 484 | fixed_versions: [] 485 | unaffected_versions: [] 486 | vendor_links: 487 | - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ 488 | notes: '' 489 | references: 490 | - '' 491 | last_updated: '2021-12-22T00:00:00' 492 | - vendor: YSoft 493 | product: SAFEQ 4 494 | cves: 495 | cve-2021-4104: 496 | investigated: false 497 | affected_versions: [] 498 | fixed_versions: [] 499 | unaffected_versions: [] 500 | cve-2021-44228: 501 | investigated: true 502 | affected_versions: [] 503 | fixed_versions: [] 504 | unaffected_versions: 505 | - '' 506 | cve-2021-45046: 507 | investigated: false 508 | affected_versions: [] 509 | fixed_versions: [] 510 | unaffected_versions: [] 511 | cve-2021-45105: 512 | investigated: false 513 | affected_versions: [] 514 | fixed_versions: [] 515 | unaffected_versions: [] 516 | vendor_links: 517 | - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf 518 | notes: '' 519 | references: 520 | - '' 521 | last_updated: '2022-02-01T07:18:50+00:00' 522 | - vendor: YSoft 523 | product: SAFEQ 5 524 | cves: 525 | cve-2021-4104: 526 | investigated: false 527 | affected_versions: [] 528 | fixed_versions: [] 529 | unaffected_versions: [] 530 | cve-2021-44228: 531 | investigated: true 532 | affected_versions: [] 533 | fixed_versions: [] 534 | unaffected_versions: 535 | - '' 536 | cve-2021-45046: 537 | investigated: false 538 | affected_versions: [] 539 | fixed_versions: [] 540 | unaffected_versions: [] 541 | cve-2021-45105: 542 | investigated: false 543 | affected_versions: [] 544 | fixed_versions: [] 545 | unaffected_versions: [] 546 | vendor_links: 547 | - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf 548 | notes: '' 549 | references: 550 | - '' 551 | last_updated: '2022-02-01T07:18:50+00:00' 552 | - vendor: YSoft 553 | product: SAFEQ 6 554 | cves: 555 | cve-2021-4104: 556 | investigated: false 557 | affected_versions: [] 558 | fixed_versions: [] 559 | unaffected_versions: [] 560 | cve-2021-44228: 561 | investigated: true 562 | affected_versions: [] 563 | fixed_versions: 564 | - <=6.0.63 565 | unaffected_versions: 566 | - '' 567 | cve-2021-45046: 568 | investigated: false 569 | affected_versions: [] 570 | fixed_versions: [] 571 | unaffected_versions: [] 572 | cve-2021-45105: 573 | investigated: false 574 | affected_versions: [] 575 | fixed_versions: [] 576 | unaffected_versions: [] 577 | vendor_links: 578 | - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf 579 | notes: '' 580 | references: 581 | - '' 582 | last_updated: '2022-02-01T07:18:50+00:00' 583 | ... 584 | -------------------------------------------------------------------------------- /software_lists/README.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software Lists # 2 | 3 | ## Contributing Guidelines ## 4 | 5 | We welcome contributions! Please see [`CONTRIBUTING.md`](../CONTRIBUTING.md) for 6 | details. 7 | 8 | ### Creating a pull request ### 9 | 10 | Instructions for creating a pull request using the GitHub Web UI can be found 11 | in [`PULL-EXAMPLE.md`](../PULL-EXAMPLE.md). 12 | 13 | ## Software Lists ## 14 | 15 | To view the full lists of vendors & software click below: 16 | 17 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 18 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 19 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 20 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 21 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 22 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 23 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 24 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 25 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 26 | -------------------------------------------------------------------------------- /software_lists/software_list_K.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | K15t | All | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 37 | | K6 | All | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 38 | | Kaltura | Blackboard Learn SaaS in the classic Learn experience | | v3900.28.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | 39 | | Kaltura | Blackboard Learn Self- and Managed-Hosting | | v3900.26.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | 40 | | Karakun | All | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 41 | | Kaseya | AuthAnvil | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 42 | | Kaseya | BMS | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 43 | | Kaseya | ID Agent DarkWeb ID and BullPhish ID | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 44 | | Kaseya | IT Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 45 | | Kaseya | MyGlue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 46 | | Kaseya | Network Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 47 | | Kaseya | Passly | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 48 | | Kaseya | RocketCyber | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 49 | | Kaseya | Spannign Salesforce Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 50 | | Kaseya | Spanning O365 Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 51 | | Kaseya | Unitrends | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 52 | | Kaseya | Vorex | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 53 | | Kaseya | VSA SaaS and VSA On-Premises | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 54 | | KeePass | All | | | Not Affected | [link](https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 55 | | Keeper | All | | | Fixed | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 56 | | Kemp | All | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | [Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 57 | | Keycloak | All | | | Not Affected | [link](https://github.com/keycloak/keycloak/discussions/9078) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 58 | | Kofax | Capture | | | Not Affected | [link](https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 59 | | Kofax | Communication Manager | | 5.3 - 5.5 | Fixed | [link](https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 60 | | Kofax | Robot File System (RFS) | | >=10.7 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 61 | | Kofax | Robotic Process Automation (RPA) | | 11.1, 11.2 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 62 | | Konica Minolta | All | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 63 | | Kronos UKG | All | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 64 | | Kyberna | All | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 65 | -------------------------------------------------------------------------------- /software_lists/software_list_M.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | MailStore | | | | Unknown | [link](https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 37 | | Maltego | | | | Unknown | [link](https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 38 | | ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 | 39 | | ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 40 | | ManageEngine Zoho | | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 41 | | ManageEngine Zoho | ADAudit Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 42 | | ManageEngine Zoho | ADManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 43 | | ManageEngine Zoho | Analytics Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 44 | | ManageEngine Zoho | Cloud Security Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 45 | | ManageEngine Zoho | DataSecurity Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 46 | | ManageEngine Zoho | EventLog Analyzer | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 47 | | ManageEngine Zoho | Exchange Reporter Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 48 | | ManageEngine Zoho | Log360 | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 49 | | ManageEngine Zoho | Log360 UEBA | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 50 | | ManageEngine Zoho | M365 Manager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 51 | | ManageEngine Zoho | M365 Security Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 52 | | ManageEngine Zoho | RecoveryManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 53 | | MariaDB | | | | Unknown | [link](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 54 | | MathWorks | All MathWorks general release desktop or server products | | | Not Affected | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | 55 | | MathWorks | MATLAB | | | Not Affected | [link](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | 56 | | Matillion | Matillion ETL | | 1.59.10+ | Fixed | [link](https://documentation.matillion.com/docs/security-advisory-14th-december-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-11-01 | 57 | | Matomo | | | | Unknown | [link](https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 58 | | Mattermost FocalBoard | | | | Unknown | [link](https://forum.mattermost.org/t/log4j-vulnerability-concern/12676) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 59 | | McAfee | Data Exchange Layer (DXL) Client | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 60 | | McAfee | Data Loss Prevention (DLP) Discover | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 61 | | McAfee | Data Loss Prevention (DLP) Endpoint for Mac | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 62 | | McAfee | Data Loss Prevention (DLP) Endpoint for Windows | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 63 | | McAfee | Data Loss Prevention (DLP) Monitor | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 64 | | McAfee | Data Loss Prevention (DLP) Prevent | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 65 | | McAfee | Endpoint Security (ENS) for Linux | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 66 | | McAfee | Endpoint Security (ENS) for Mac | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 67 | | McAfee | Endpoint Security (ENS) for Windows | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 68 | | McAfee | Enterprise Security Manager (ESM) | | 11.5.3 | Fixed | [link](https://kc.mcafee.com/agent/index?page=content&id=SB10377) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 69 | | McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 70 | | McAfee | ePolicy Orchestrator Application Server (ePO) | | 5.10 CU11 | Fixed | [link](https://kc.mcafee.com/agent/index?page=content&id=SB10377) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 71 | | McAfee | Host Intrusion Prevention (Host IPS) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 72 | | McAfee | Management of Native Encryption (MNE) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 73 | | McAfee | McAfee Active Response (MAR) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 74 | | McAfee | McAfee Agent (MA) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 75 | | McAfee | McAfee Application and Change Control (MACC) for Linux | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 76 | | McAfee | McAfee Application and Change Control (MACC) for Windows | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 77 | | McAfee | McAfee Client Proxy (MCP) for Mac | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 78 | | McAfee | McAfee Client Proxy (MCP) for Windows | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 79 | | McAfee | McAfee Drive Encryption (MDE) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 80 | | McAfee | McAfee Security for Microsoft Exchange (MSME) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 81 | | McAfee | McAfee Security for Microsoft Exchange (MSME) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 82 | | McAfee | McAfee Security for Microsoft SharePoint (MSMS) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 83 | | McAfee | Network Security Manager (NSM) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 84 | | McAfee | Network Security Platform (NSP) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 85 | | McAfee | Policy Auditor | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 86 | | McAfee | Threat Intelligence Exchange (TIE) | | | Unknown | [link](https://kc.mcafee.com/agent/index?page=content&id=SB10377) | Latest status in linked Security Bulletin | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 87 | | McAfee | Web Gateway (MWG) | | | Unknown | [link](https://kc.mcafee.com/agent/index?page=content&id=SB10377) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 88 | | Medtronic | | | | Unknown | [link](https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | 89 | | MEINBERG | | | | Unknown | [link](https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 90 | | MEINBERG | LANTIME and microSync | | | Unknown | [link](https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | 91 | | Meltano | Meltano | | | Unknown | [link](https://github.com/meltano/meltano) | Project is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 92 | | Memurai | | | | Unknown | [link](https://www.memurai.com/blog/apache-log4j2-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 93 | | Micro Focus | Data Protector | | 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.90, 10.91, 11.00 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003052) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | 94 | | Microsoft | Azure API Gateway | | | Unknown | [link](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 95 | | Microsoft | Azure Application Gateway | | | Unknown | [link](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 96 | | Microsoft | Azure Data lake store java | < 2.3.10 | | Affected | [link](https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 97 | | Microsoft | Azure Data lake store java | < 2.3.10 | | Affected | [link](https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 98 | | Microsoft | Azure DevOps | | | Unknown | [link](https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 99 | | Microsoft | Azure DevOps Server | 2019.0 - 2020.1 | | Affected | [link](https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 100 | | Microsoft | Azure Traffic Manager | | | Unknown | [link](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 101 | | Microsoft | Team Foundation Server | 2018.2+ | | Affected | [link](https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 102 | | Microstrategy | | | | Unknown | [link](https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 103 | | Midori Global | | | | Unknown | [link](https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 104 | | Mikrotik | | | | Unknown | [link](https://forum.mikrotik.com/viewtopic.php?p=897938) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 105 | | Milestone sys | | | | Unknown | [link](https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 106 | | Mimecast | | | | Unknown | [link](https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 107 | | Minecraft | | | | Unknown | [link](https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 108 | | Mirantis | | | | Unknown | [link](https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 109 | | Miro | | | | Unknown | [link](https://miro.com/trust/updates/log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 110 | | Mitel | | | | Unknown | [link](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 111 | | Mitsubishi Electric Corporation | CC-Link IE TSN | <=1.02C | | Affected | [link](https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-030_en.pdf) | Product number: SW1DNN-GN610SRC-M | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-03-31 | 112 | | Mitsubishi Electric Corporation | CC-Link IE TSN | | 1.12F | Fixed | [link](https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-030_en.pdf) | Product number: SW1DNN-GN610SRC-M | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-03-31 | 113 | | MMM Group | Control software of all MMM series | | | Unknown | [link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | 114 | | MMM Group | RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server | | | Unknown | [link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | 115 | | MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 116 | | MongoDB | MongoDB Atlas Search | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 117 | | MongoDB | MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 118 | | MongoDB | MongoDB Drivers | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 119 | | MongoDB | MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 120 | | MongoDB | MongoDB Realm (including Realm Database, Sync, Functions, APIs) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 121 | | MongoDB | MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 122 | | Moodle | | | | Unknown | [link](https://moodle.org/mod/forum/discuss.php?d=429966) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 123 | | MoogSoft | | | | Unknown | [link](https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 124 | | Motorola Avigilon | | | | Unknown | [link](https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 125 | | Moxa | | | | Not Affected | [link](https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability) | Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 | 126 | | Mulesoft | | | | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 127 | | Mulesoft | Anypoint Studio | 7.x | | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 128 | | Mulesoft | Cloudhub | | | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 129 | | Mulesoft | Mule Agent | 6.x | | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 130 | | Mulesoft | Mule Runtime | 3.x, 4.x | | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 131 | -------------------------------------------------------------------------------- /software_lists/software_list_N.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | N-able | | | | Unknown | [link](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 37 | | Nagios | | | | Unknown | [link](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 38 | | NAKIVO | | | | Unknown | [link](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 39 | | National Instruments | OptimalPlus | Vertica, Cloudera, Logstash | | Affected | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | 40 | | Neo4j | Neo4j Graph Database | >4.2, <4..2.12 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | 41 | | Netapp | Multiple NetApp products | | | Unknown | [link](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 42 | | Netcup | | | | Unknown | [link](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 43 | | NetGate PFSense | | | | Unknown | [link](https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 44 | | Netwrix | | | | Unknown | [link](https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 45 | | New Relic | Containerized Private Minion (CPM) | | 3.0.57 | Fixed | [link](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/) | New Relic is in the process of revising guidance/documentation, however the fix version remains sufficient. | [Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | 46 | | New Relic | New Relic Java Agent | <7.4.3 | | Affected | [link](https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/) | Initially fixed in 7.4.2, but additional vulnerability found | [New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), covers CVE-2021-44228, CVE-2021-45046 | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 47 | | NextCloud | | | | Unknown | [link](https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 48 | | Nextflow | Nextflow | | | Not Affected | [link](https://www.nextflow.io/docs/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | 49 | | Nexus Group | | | | Unknown | [link](https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 50 | | Nice Software (AWS) EnginFRAME | | | | Unknown | [link](https://download.enginframe.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 51 | | NinjaRMM | | | | Unknown | [link](https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j-) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 52 | | Nomachine | | | | Unknown | [link](https://forums.nomachine.com/topic/apache-log4j-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 53 | | NoviFlow | | | | Unknown | [link](https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 54 | | Nulab | Backlog | | N/A (SaaS) | Fixed | [link](https://nulab.com/blog/company-news/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 55 | | Nulab | Backlog Enterprise (On-premises) | | < 1.11.7 | Fixed | [link](https://nulab.com/blog/company-news/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 56 | | Nulab | Cacoo | | N/A (SaaS) | Fixed | [link](https://nulab.com/blog/company-news/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 57 | | Nulab | Cacoo Enterprise (On-premises) | | < 4.0.4 | Fixed | [link](https://nulab.com/blog/company-news/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 58 | | Nulab | Typetalk | | N/A (SaaS) | Fixed | [link](https://nulab.com/blog/company-news/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 59 | | Nutanix | AHV | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 60 | | Nutanix | AOS | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 61 | | Nutanix | AOS | | STS (including Prism Element) | Fixed | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patched in 6.0.2.4, available on the Portal for download. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 62 | | Nutanix | Beam | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 63 | | Nutanix | BeamGov | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 64 | | Nutanix | Calm | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 65 | | Nutanix | Calm Tunnel VM | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 66 | | Nutanix | Collector | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 67 | | Nutanix | Collector Portal | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 68 | | Nutanix | Data Lens | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 69 | | Nutanix | Era | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 70 | | Nutanix | File Analytics | 2.1.x, 2.2.x, 3.0+ | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigated in version 3.0.1 which is available on the Portal for download. Mitigation is available [here](https://portal.nutanix.com/kb/12499) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 71 | | Nutanix | Files | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 72 | | Nutanix | Flow | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 73 | | Nutanix | Flow Security Cental | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 74 | | Nutanix | Foundation | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 75 | | Nutanix | Frame | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 76 | | Nutanix | FrameGov | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 77 | | Nutanix | FSCVM | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 78 | | Nutanix | Insights | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 79 | | Nutanix | Karbon | All | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigation is available [here](https://portal.nutanix.com/kb/12483) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 80 | | Nutanix | Karbon Platform Service | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 81 | | Nutanix | LCM | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 82 | | Nutanix | Leap | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 83 | | Nutanix | Mine | All | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigation is available [here](https://portal.nutanix.com/kb/12484) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 84 | | Nutanix | Move | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 85 | | Nutanix | MSP | All | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigation is available [here](https://portal.nutanix.com/kb/12482) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 86 | | Nutanix | NCC | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 87 | | Nutanix | NGT | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 88 | | Nutanix | Objects | All | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigation is available [here](https://portal.nutanix.com/kb/12482) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 89 | | Nutanix | Prism Central | | All | Fixed | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patched in 2021-9.0.3, available on the Portal for download. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 90 | | Nutanix | Sizer | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 91 | | Nutanix | Volumes | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 92 | | Nutanix | Witness VM | All | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigation is available [here](https://portal.nutanix.com/kb/12491) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 93 | | Nutanix | X-Ray | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | 94 | | Nvidia | | | | Unknown | [link](https://nvidia.custhelp.com/app/answers/detail/a_id/5294) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 95 | | NXLog | | | | Unknown | [link](https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 96 | -------------------------------------------------------------------------------- /software_lists/software_list_Non-Alphabet.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | 1Password | All products | | | Not Affected | [link](https://support.1password.com/kb/202112/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-01-14 | 37 | | 2n | | | | Unknown | [link](https://www.2n.com/cs_CZ/novinky/produkty-2n-neohrozuje-zranitelnost-cve-2021-44228-komponenty-log4j-2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 38 | | 3CX | | | | Unknown | [link](https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 39 | | 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 40 | | 7-Zip | | | | Unknown | [link](https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 41 | | 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | Fix released 2021-12-14 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | 42 | -------------------------------------------------------------------------------- /software_lists/software_list_O.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | Objectif Lune | | | | Unknown | [link](https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 37 | | OCLC | | | | Unknown | [link](https://oclc.service-now.com/status) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 38 | | Octopus | | | | Unknown | [link](https://advisories.octopus.com/adv/December.2306508680.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 39 | | Okta | Advanced Server Access | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 40 | | Okta | Okta Access Gateway | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 41 | | Okta | Okta AD Agent | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 42 | | Okta | Okta Browser Plugin | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 43 | | Okta | Okta IWA Web Agent | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 44 | | Okta | Okta LDAP Agent | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 45 | | Okta | Okta Mobile | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 46 | | Okta | Okta On-Prem MFA Agent | < 1.4.6 | | Affected | [link](https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 47 | | Okta | Okta RADIUS Server Agent | < 2.17.0 | | Affected | [link](https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 48 | | Okta | Okta Verify | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 49 | | Okta | Okta Workflows | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 50 | | Onespan | | | | Unknown | [link](https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 51 | | Opengear | | | | Unknown | [link](https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 52 | | OpenMRS TALK | | | | Unknown | [link](https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 53 | | OpenNMS | | | | Unknown | [link](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 54 | | OpenSearch | | | | Unknown | [link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 55 | | OpenText | | | | Unknown | [link](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | 56 | | Opto 22 | GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | 57 | | Opto 22 | GROOV-AT1, GROOV-AT1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | 58 | | Opto 22 | GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | 59 | | Opto 22 | GRV-EPIC-PR1, GRV-EPIC-PR2 | < 3.3.2 | 3.3.2 | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | 60 | | Oracle | | | | Unknown | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | The support document is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 61 | | Oracle | Enterprise Manager | 13.5, 13.4 & 13.3.2 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 62 | | Oracle | Exadata | <21.3.4 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 63 | | Orgavision | | | | Unknown | [link](https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 64 | | Osirium | PAM | | | Unknown | [link](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 65 | | Osirium | PEM | | | Unknown | [link](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 66 | | Osirium | PPA | | | Unknown | [link](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 67 | | OTRS | | | | Unknown | [link](https://portal.otrs.com/external) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 68 | | OVHCloud | | | | Unknown | [link](https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 69 | | OwnCloud | | | | Unknown | [link](https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 70 | | OxygenXML | Author | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 71 | | OxygenXML | Developer | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 72 | | OxygenXML | Editor | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 73 | | OxygenXML | Oxygen Content Fusion | 2.0, 3.0, 4.1 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 74 | | OxygenXML | Oxygen Feedback Enterprise | 1.4.4 & older | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 75 | | OxygenXML | Oxygen License Server | v22.1 to v24.0 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 76 | | OxygenXML | Oxygen PDF Chemistry | v22.1, 23.0, 23.1, 24.0 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 77 | | OxygenXML | Oxygen SDK | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 78 | | OxygenXML | Plugins (see advisory link) | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 79 | | OxygenXML | Publishing Engine | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 80 | | OxygenXML | Web Author | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 81 | | OxygenXML | WebHelp | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 82 | -------------------------------------------------------------------------------- /software_lists/software_list_Q.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | Qconference | FaceTalk | | | Fixed | [link](https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 37 | | QF-Test | All | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 38 | | Qlik | AIS, including ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 39 | | Qlik | Attunity Visibility | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 40 | | Qlik | AutoML | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 41 | | Qlik | Blendr | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 42 | | Qlik | C4DL | | 6.6 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 43 | | Qlik | C4DW | | 6.6, 6.6.1, 7.0 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 44 | | Qlik | Catalog | | 4.10.0, 4.10.1, 4.10.2, 4.11.0, 4.11.1, 4.12.0, 4.12.1 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 45 | | Qlik | Compose | | 2021.2, 2021.5, 2021.8 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 46 | | Qlik | Compose for Data Lakes | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 47 | | Qlik | Compose for Data Wharehouses | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 48 | | Qlik | GeoAnalytics Plus | | 5.26.5, 5.27.5 - 5.28.2, 5.29.4 - 5.30.1, 5.31.1, 5.31.2 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 49 | | Qlik | GeoAnalytics Server | | 4.19.1 - 4.27.3, 4.23.4, 4.32.3 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 50 | | Qlik | Nodegraph | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 51 | | Qlik | Nprinting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 52 | | Qlik | ODBC Connector Package | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 53 | | Qlik | QEM | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 54 | | Qlik | Qlik Alerting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 55 | | Qlik | Qlik Catalog | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 56 | | Qlik | Qlik Data Transfer | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 57 | | Qlik | Qlik Enterprise Manager | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 58 | | Qlik | Qlik Forts | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 59 | | Qlik | Qlik RepliWeb and ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 60 | | Qlik | Qlik Sense Business | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 61 | | Qlik | Qlik Sense Enterprise | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 62 | | Qlik | Qlik Sense Enterprise SaaS | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 63 | | Qlik | Qlik View | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 64 | | Qlik | Qlik Web Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 65 | | Qlik | Replicate | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 66 | | Qlik | REST Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 67 | | Qlik | Salesforce and SAP Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | Connectos are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 68 | | QMATIC | Appointment Booking | | 2.4+ | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | 69 | | QMATIC | Appointment Booking | | Cloud/Managed Service | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | 70 | | QMATIC | Insights | | Cloud | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | 71 | | QMATIC | Orchestra Central | | | Not Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | 72 | | QNAP | QES Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 73 | | QNAP | Qsirch | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 74 | | QNAP | QTS Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 75 | | QNAP | QuTS Hero Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 76 | | QOPPA | All | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 77 | | QOS.ch | SLF4J Simple Logging Facade for Java | | | Unknown | [link](https://www.slf4j.org/log4shell.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 78 | | QSC Q-SYS | All | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 79 | | QT | All | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 80 | | Quest | Foglight | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 81 | | Quest | Foglight | | 6.0 | Fixed | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 82 | | Quest | Quest KACE SMA | | | Not Affected | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 83 | -------------------------------------------------------------------------------- /software_lists/software_list_U.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | Ubiquiti | UniFi Network Application | 6.5.53 & lower versions | | Affected | [link](https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 37 | | Ubiquiti | UniFi Network Controller | 6.5.54 & lower versions | | Affected | [link](https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e) | | 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 38 | | Ubuntu | | | | Unknown | [link](https://ubuntu.com/security/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 39 | | UiPath | InSights | 20.10 | | Affected | [link](https://www.uipath.com/legal/trust-and-security/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 40 | | Umbraco | | | | Unknown | [link](https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 41 | | UniFlow | | | | Unknown | [link](https://www.uniflow.global/en/security/security-and-maintenance/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 42 | | Unify ATOS | | | | Unknown | [link](https://networks.unify.com/security/advisories/OBSO-2112-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 43 | | Unimus | | | | Unknown | [link](https://forum.unimus.net/viewtopic.php?f=7&t=1390#top) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 44 | | USSIGNAL MSP | | | | Unknown | [link](https://ussignal.com/blog/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 45 | -------------------------------------------------------------------------------- /software_lists/software_list_V.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | Varian | Acuity | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 37 | | Varian | ARIA Connect (Cloverleaf) | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 38 | | Varian | ARIA eDOC | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 39 | | Varian | ARIA oncology information system for Medical Oncology | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 40 | | Varian | ARIA oncology information system for Radiation Oncology | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 41 | | Varian | ARIA Radiation Therapy Management System (RTM) | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 42 | | Varian | Bravos Console | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 43 | | Varian | Clinac | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 44 | | Varian | Cloud Planner | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 45 | | Varian | DITC | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 46 | | Varian | DoseLab | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 47 | | Varian | Eclipse treatment planning software | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 48 | | Varian | ePeerReview | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 49 | | Varian | Ethos | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 50 | | Varian | FullScale oncology IT solutions | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 51 | | Varian | Halcyon system | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 52 | | Varian | ICAP | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 53 | | Varian | Identify | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 54 | | Varian | Information Exchange Manager (IEM) | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 55 | | Varian | InSightive Analytics | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 56 | | Varian | Large Integrated Oncology Network (LION) | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 57 | | Varian | Mobius3D platform | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 58 | | Varian | PaaS | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 59 | | Varian | ProBeam | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 60 | | Varian | Qumulate | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 61 | | Varian | Real-time Position Management (RPM) | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 62 | | Varian | Respiratory Gating for Scanners (RGSC) | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 63 | | Varian | SmartConnect solution | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | See Knowledge Article: 000038850 on MyVarian | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 64 | | Varian | SmartConnect solution Policy Server | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | See Knowledge Articles: 000038831 and 000038832 on MyVarian | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 65 | | Varian | TrueBeam radiotherapy system | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 66 | | Varian | UNIQUE system | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 67 | | Varian | Varian Authentication and Identity Server (VAIS) | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 68 | | Varian | Varian Managed Services Cloud | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 69 | | Varian | Varian Mobile App | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 70 | | Varian | VariSeed | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 71 | | Varian | Velocity | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 72 | | Varian | VitalBeam radiotherapy system | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 73 | | Varian | Vitesse | | | Not Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 74 | | Varian | XMediusFax for ARIA oncology information system for Medical Oncology | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 75 | | Varian | XMediusFax for ARIA oncology information system for Radiation Oncology | All | | Affected | [link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 76 | | VArmour | | | | Unknown | [link](https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 77 | | Varnish Software | | | | Unknown | [link](https://docs.varnish-software.com/security/CVE-2021-44228-45046/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 78 | | Varonis | | | | Unknown | [link](https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 79 | | Veeam | | | | Unknown | [link](https://www.veeam.com/kb4254) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 80 | | Venafi | | | | Unknown | [link](https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 81 | | Veritas NetBackup | | | | Unknown | [link](https://www.veritas.com/content/support/en_US/article.100052070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 82 | | Vertica | | | | Unknown | [link](https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 83 | | Video Insight Inc. | Video Insight | | | Not Affected | [link](https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability) | Video Insight is a part of Panasonic I-Pro. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 | 84 | | Viso Trust | | | | Unknown | [link](https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 85 | | VMware | API Portal for VMware Tanzu | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 86 | | VMware | App Metrics | 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 87 | | VMware | Healthwatch for Tanzu Application Service | 2.x, 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 88 | | VMware | Single Sign-On for VMware Tanzu Application Service | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 89 | | VMware | Spring Cloud Gateway for Kubernetes | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 90 | | VMware | Spring Cloud Gateway for VMware Tanzu | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 91 | | VMware | Spring Cloud Services for VMware Tanzu | 3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 92 | | VMware | vCenter Server - OVA | 7.x, 6.7.x, 6.5.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | [Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 ) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 93 | | VMware | vCenter Server - Windows | 6.7.x, 6.5.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | [Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 ) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 94 | | VMware | VMware Carbon Black Cloud Workload Appliance | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 95 | | VMware | VMware Carbon Black EDR Server | 7.x, 6.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 96 | | VMware | VMware Cloud Foundation | 4.x, 3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 97 | | VMware | VMware HCX | 4.x, 3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 98 | | VMware | VMware Horizon | 8.x, 7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | [VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 99 | | VMware | VMware Horizon Cloud Connector | 1.x, 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 100 | | VMware | VMware Horizon DaaS | 9.1.x, 9.0.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 101 | | VMware | VMware Identity Manager | 3.3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 102 | | VMware | VMware NSX-T Data Centern | 3.x, 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 103 | | VMware | VMware Site Recovery Manager | 8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 104 | | VMware | VMware Tanzu Application Service for VMs | 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 105 | | VMware | VMware Tanzu GemFire | 9.x, 8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 106 | | VMware | VMware Tanzu Greenplum | 6.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 107 | | VMware | VMware Tanzu Kubernetes Grid Integrated Edition | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 108 | | VMware | VMware Tanzu Observability by Wavefront Nozzle | 3.x, 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 109 | | VMware | VMware Tanzu Operations Manager | 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 110 | | VMware | VMware Tanzu SQL with MySQL for VMs | 2.x, 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 111 | | VMware | VMware Telco Cloud Automation | 2.x, 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 112 | | VMware | VMware Unified Access Gateway | 21.x, 20.x, 3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 113 | | VMware | VMware vCenter Cloud Gateway | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 114 | | VMware | VMware vRealize Automation | 8.x, 7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 115 | | VMware | VMware vRealize Lifecycle Manager | 8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 116 | | VMware | VMware vRealize Log Insight | 8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 117 | | VMware | VMware vRealize Operations | 8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 118 | | VMware | VMware vRealize Operations Cloud Proxy | Any | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 119 | | VMware | VMware vRealize Orchestrator | 8.x, 7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 120 | | VMware | VMware Workspace ONE Access | 21.x, 20.10.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 121 | | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | 122 | | VTScada | All | | | Not Affected | [link](https://www.vtscada.com/vtscada-unaffected-by-log4j/) | Java is not utilized within VTScada software, and thus our users are unaffected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | 123 | | Vyaire | | | | Unknown | [link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 124 | -------------------------------------------------------------------------------- /software_lists/software_list_W.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | WAGO | WAGO Smart Script | | 4.2.x < 4.8.1.3 | Fixed | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 37 | | Wallarm | All | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 38 | | Wallix | Access Manager | | | Fixed | [link](https://www.wallix.com/fr/support/alerts/) | Customer Portal for patch found in advisory. This patch is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-03 | 39 | | Wasp Barcode technologies | All | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 40 | | Watcher | All | | | Not Affected | [link](https://twitter.com/felix_hrn/status/1470387338001977344) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 41 | | WatchGuard | AuthPoint | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 42 | | WatchGuard | Dimension | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 43 | | WatchGuard | EDPR and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 44 | | WatchGuard | Firebox | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 45 | | WatchGuard | System Manager, Dimension, and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 46 | | WatchGuard | Threat Detection and Response | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 47 | | WatchGuard | Wi-Fi Cloud | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 48 | | Western Digital | | | | Unknown | [link](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 49 | | WIBU Systems | CodeMeter Cloud Lite | | 2.2 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 50 | | WIBU Systems | CodeMeter Keyring for TIA Portal | | 1.30 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 51 | | WildFly | All | | | Not Affected | [link](https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | 52 | | Wind River | LTS17 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | 53 | | Wind River | LTS18 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | 54 | | Wind River | LTS19 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | 55 | | Wind River | LTS21 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 56 | | Wind River | WRL-6 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | 57 | | Wind River | WRL-7 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | 58 | | Wind River | WRL-8 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | 59 | | Wind River | WRL-9 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | 60 | | WireShark | All | | | Not Affected | [link](https://www.wireshark.org/news/20211215.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 61 | | Wistia | All | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 62 | | WitFoo | Precinct | | 6.x | Fixed | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 63 | | WordPress | All | | | Not Affected | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 64 | | Worksphere | All | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 65 | | Wowza | Streaming Engine | | 4.7.8, 4.8.x | Fixed | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 66 | | WSO2 | API Manager | | >= 3.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 67 | | WSO2 | API Manager Analytics | | >= 2.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 68 | | WSO2 | Enterprise Integrator | | >= 6.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 69 | | WSO2 | Enterprise Integrator Analytics | | >= 6.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 70 | | WSO2 | Identity Server | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 71 | | WSO2 | Identity Server Analytics | | >= 5.7.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 72 | | WSO2 | Identity Server as Key Manager | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 73 | | WSO2 | Micro Gateway | | >= 3.2.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 74 | | WSO2 | Micro Integrator | | >= 1.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 75 | | WSO2 | Micro Integrator Dashboard | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 76 | | WSO2 | Micro Integrator Monitoring Dashboard | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 77 | | WSO2 | Open Banking AM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 78 | | WSO2 | Open Banking BI | | >= 1.3.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 79 | | WSO2 | Open Banking KM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 80 | | WSO2 | Stream Integrator | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 81 | | WSO2 | Stream Integrator Tooling | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 82 | | WSO2 | Stream Processor | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | 83 | -------------------------------------------------------------------------------- /software_lists/software_list_Y.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | Yahoo | Vespa | | | Not Affected | [link](https://blog.vespa.ai/log4j-vulnerability/) | Your Vespa application may still be affected if log4j is included in your application package. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 37 | | Yellowbrick | | | | Unknown | [link](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 38 | | YellowFin | All | | 8.0.10.3, 9.7.0.2 | Fixed | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 39 | | Yenlo | Connext | | | Not Affected | [link](https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/) | Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 40 | | YOKOGAWA | CENTUM VP | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 41 | | YOKOGAWA | CENTUM VP (other components) | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is still under investigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 42 | | YOKOGAWA | CI Server | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 43 | | YOKOGAWA | Exaopc | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 44 | | YOKOGAWA | Exaplog | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 45 | | YOKOGAWA | Exaquantum | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 46 | | YOKOGAWA | FAST/TOOLS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 47 | | YOKOGAWA | PRM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 48 | | YOKOGAWA | ProSafe-RS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 49 | | YOKOGAWA | ProSafe-RS Lite | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 50 | | YOKOGAWA | STARDOM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 51 | | YOKOGAWA | VTSPortal | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | 52 | | YSoft | SAFEQ 4 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | 53 | | YSoft | SAFEQ 5 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | 54 | | YSoft | SAFEQ 6 | | <=6.0.63 | Fixed | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | 55 | -------------------------------------------------------------------------------- /software_lists/software_list_Z.md: -------------------------------------------------------------------------------- 1 | # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # 2 | 3 | [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) 4 | [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) 5 | [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) 6 | [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) 7 | [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) 8 | [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) 9 | [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) 10 | [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) 11 | [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) 12 | 13 | ## Status Descriptions ## 14 | 15 | | Status | Description | 16 | | ------ | ----------- | 17 | | Unknown | Status unknown. Default choice. | 18 | | Affected | Reported to be affected by CVE-2021-44228. | 19 | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | 20 | | Fixed | Patch and/or mitigations available (see provided links). | 21 | | Under Investigation | Vendor investigating status. | 22 | 23 | ## Software List ## 24 | 25 | This list has been populated using information from the following sources: 26 | 27 | - Kevin Beaumont 28 | - SwitHak 29 | - National Cyber Security Centre - Netherlands (NCSC-NL) 30 | 31 | NOTE: This file is automatically generated. To submit updates, please refer to 32 | [`CONTRIBUTING.md`](CONTRIBUTING.md). 33 | 34 | | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | 35 | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | 36 | | Zabbix | | | | Unknown | [link](https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 37 | | ZAMMAD | | | | Unknown | [link](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 38 | | Zaproxy | | | | Unknown | [link](https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 39 | | Zebra | | | | Unknown | [link](https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 40 | | Zeiss | Cataract Suite | | 1.3.1 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 41 | | Zeiss | EQ Workplace | | 1.6, 1.8 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 42 | | Zeiss | FORUM | | 4.2.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 43 | | Zeiss | Glaucoma Workplace | | 3.5.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 44 | | Zeiss | Laser Treatment Workplace | | 1.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 45 | | Zeiss | Retina Workplace | | 2.5.x, 2.6.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 46 | | Zendesk | All Products | All Versions | | Affected | [link](https://support.zendesk.com/hc/en-us/articles/4413583476122) | Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | 47 | | Zenoss | | | | Unknown | [link](https://support.zenoss.com/hc/en-us) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 48 | | Zentera Systems, Inc. | CoIP Access Platform | | | Not Affected | [link](https://support.zentera.net/hc/en-us/articles/4416227743511--CVE-2021-44228-Log4Shell-Vulnerability-in-Apache-Log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | 49 | | Zerto | Cloud Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 50 | | Zerto | Cloud Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 51 | | Zerto | Virtual Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 52 | | Zerto | Virtual Replication Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 53 | | Zesty | | | | Unknown | [link](https://www.zesty.io/mindshare/company-announcements/log4j-exploit/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 54 | | Zimbra | | | | Unknown | [link](https://bugzilla.zimbra.com/show_bug.cgi?id=109428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 55 | | Zix | | | | Unknown | [link](https://status.appriver.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | 56 | | Zoho | Online | | | Unknown | [link](https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | 57 | | Zoom | | | | Not Affected | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 58 | | ZPE systems Inc | | | | Unknown | [link](https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 59 | | Zscaler | See Link (Multiple Products) | | | Unknown | [link](https://trust.zscaler.com/posts/9581) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | 60 | | Zyxel | | | | Unknown | [link](https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | 61 | | Zyxel | All other products | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | 62 | | Zyxel | Netlas Element Management System (EMS) | | | Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | 63 | | Zyxel | Security Firewall/Gateways | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | 64 | --------------------------------------------------------------------------------