Skip to content

Latest commit

 

History

History
2537 lines (2475 loc) · 433 KB

README.md

File metadata and controls

2537 lines (2475 loc) · 433 KB
Raw

Log4j overview related software

This page contains an overview of any related software regarding the Log4j vulnerability. On this page NCSC-NL will maintain a list of all known vulnerable and not vulnerable software. Futhermore any reference to the software will contain specific information regarding which version contains the security fixes, and which software still requires mitigation. Please note that this vulnerability may also occur in custom software developed within your organisation. These occurrences are not registered in this overview.

NCSC-NL will use the following status:

Status Description
Vulnerable Software is vulnerable for CVE-2021-44228.
Fix Software contains a fix for CVE-2021-44228
Workaround Software is vulnerable but mitigation steps are available
Not vuln Software is NOT vulnerable for CVE-2021-44228.
Investigation Software is under investigation whether it is vulnerable or not

The Version relates to the Status column. If Status is Vulnerable, Version indicates vulnerable version(s). If Status is Fix, Version indicates the fixed version(s).

NCSC-NL has published a HIGH/HIGH advisory for the Log4j vulnerability. Normally we would update the HIGH/HIGH advisory for vulnerable software packages, however due to the extensive amounts of expected updates we have created a list of known vulnerable software in the software directory.

Note: daily releases of this software list are listed, including CSV and JSON files, in the releases overview. Please check the software list parser tool to generate a CSV or JSON on your own.

Software overview

0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0-9

Supplier Product Version (see Status) Status Notes Links
2Brightsparks All Not vuln source
3CX All Not vuln source
7Signal Sapphire Fix Fix released 2021-12-14 Corresp. with vendor

A

Supplier Product Version (see Status) Status Notes Links
ABB Alarminsight Cloud Investigation Potentially affected as per the advisory source
Accellence Technologies vimacc All Not vuln source
Accellence Technologies EBÜS All Workaround EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-partie software setups, which may be affected (see source for more info). source
Acronis All Investigation See further information below source
Acronis Cyber Backup 12.5 Not vuln source
Acronis Cyber Files 8.6.2 onwards Not vuln source
Acronis Cyber Infrastrcuture 3.5 and 4.x Not vuln source
Acronis Cyber Protection Home Office 2017 onwards Not vuln source
Acunetix 360 All Not Vuln source
Acunetix Application All Not Vuln source
Acunetix Agents All Not Vuln source
Acunetix IAST: NodeJS All Not Vuln source
Acunetix IAST: ASP. NET All Not Vuln source
Acunetix IAST: PHP All Not Vuln source
Acunetix IAST: Java All Workaround AcuSensor IAST module needs attention source
Adobe Acrobate Reader Not Vuln source
Adobe All Investigation source
Adobe Cold Fusion All Vulnerable Fix planned for Dec 17th source
ADP All Investigation Patching were needed, no signs of intrusion source
AFAS All Not vuln source
Ahsay Mobile version 1.6+ Not vuln source
Ahsay Other products version 8.5.4.86 (and above) Not vuln source
Ahsay AhsayPRD version 2.0 Not vuln source
Aiden all all Not vuln source
AIL AIL all Not vuln source
Alexion Software Alexion CRM All Not vuln source
Akamai Eanterprise Application Access Connector Not vulnerable Source: Akamai support
Akamai Siem Splunk Connector =>1.4.10 Not vuln source (paywall)
Akamai Siem Splunk Connector <1.4.10 Workaround Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector. source
Alertus Console 5.15.0 Fix source
Alphatron AMiSconnect Not Vuln source
Alphatron Custo diagnostics 5.4 to 5.6 Vuln Potentially vulnerable through the HL7 and DICOM communication interfaces source
Alphatron JiveX Not Vuln source
Alphatron Zorgbericht Not Vuln source
Amazon AMS Fix Work in progress, portion of customers may still be vulnerable. Actively monitoring this issue, and are working on addressing it for any AMS services which use Log4j2 source
Amazon API Gateway Fix All hosts now patched source
Amazon AWS CloudHSM 3.4.1 Fix CloudHSM JCE SDK 3.4.1 or higher is not vulnerable source
Amazon AWS Directory Service Fix Updated to mitigate the issues identified in CVE-2021-44228 source
Amazon AWS Elastic Beanstalk Not vuln Default configuration of application's usage of Log4j versions is not vulnerable source
Amazon AWS Glue Fix Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j source
Amazon AWS Greengrass Fix Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, an update for the Stream Manager feature is included in Greengrass patch versions 1.10.5 and 1.11.5 source
Amazon AWS IoT SiteWise Edge Fix Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2) source
Amazon AWS KMS Fix AWS KMS has been updated to mitigate the issues identified in CVE-2021-44228 source
Amazon AWS Lambda Fix Vulnerable when using aws-lambda-java-log4j2 source
Amazon AWS SDK Not vuln source
Amazon AWS Secrets Manager Fix Updated to mitigate the issues identified in CVE-2021-44228 source
Amazon Cloud Directory Fix Updated to mitigate the issues identified in CVE-2021-44228 source
Amazon CloudFront Fix CloudFront services have been updated source
Amazon CloudWatch Fix Updated to mitigate the issues identified in CVE-2021-44228 source
Amazon Connect Fix Connect services have been updated source
Amazon DocumentDB Fix Patched to mitigate the Log4j issue referenced in CVE-2021-44228 source
Amazon DynamoDB Fix DynamoDB and DynamoDB Accelerator have been updated source
Amazon EC2 Fix Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is source, fix
Amazon ElastiCache Fix Amazon ElastiCache completed patching the Apache Log4j2 issue source
Amazon EMR Not vuln Vulnerable only if affected EMR releases are used and untrusted sources are configured to be processed source
Amazon Inspector Classic Fix Patched against the Log4j issue source
Amazon Inspector Fix Patched against the Log4j issue source
Amazon Kafka (MSK) Fix Applying updates as required, portion of customers may still be vulnerable. Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed source
Amazon Keyspaces (for Apache Cassandra) Fix Has been updated source
Amazon Kinesis Data Analytics Fix Updates are available. See source for more information source
Amazon Kinesis Data Streams Fix KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable source
Amazon Kinesis Fix Update for Kinesis Agent is available source
Amazon Lake Formation Fix Update in progress, portion of customers may still be vulnerable. AWS Lake Formation service hosts are being updated to the latest version of Log4j source
Amazon Managed Workflows for Apache Airflow (MWAA) Fix Completed all required updates to the MWAA service code to address the issue source
Amazon MemoryDB for Redis Fix Amazon MemoryDB for Redis completed patching the Apache Log4j2 issue source
Amazon MQ Fix All required updates have been completed source
Amazon Neptune Fix All active Amazon Neptune clusters have been automatically updated source
Amazon NICE Fix Recommended to update EnginFrame or Log4j library source
Amazon OpenSearch R20211203-P2 Fix Update released, customers need to update their clusters to the fixed release source
Amazon RDS for Oracle Fix Amazon RDS Oracle has updated the version of Log4j2 in use within the service source
Amazon RDS Fix Update in progress, portion of customers may still be vulnerable. Amazon RDS and Amazon Aurora are actively addressing all service usage of Log4j2 by applying updates source
Amazon Redshift Fix Amazon Redshift clusters have been automatically updated to mitigate the issues identified in CVE-2021-44228 source
Amazon S3 Fix All S3 systems are patched source
Amazon Simple Notification Service (SNS) Fix Systems that serve customer traffic are patched against the Log4j2 issue. Working to apply the patch to sub-systems that operate separately from SNS’s systems that serve customer traffic. source
Amazon Simple Queue Service (SQS) Fix Completed patching. source
Amazon Simple Workflow Service (SWF) Fix Amazon Simple Workflow Service (SWF) has been updated to mitigate the issues identified in CVE-2021-44228 source
Amazon Single Sign-On Fix Updated to mitigate the issues identified in CVE-2021-44228 source
Amazon Step Functions Fix AWS Step Functions has been updated to mitigate the issues identified in CVE-2021-44228 source
Amazon Timestream Fix Updated to mitigate the issues identified in CVE-2021-44228 source
Amazon WorkSpaces/AppStream 2.0 Fix Not affected by CVE-2021-44228 with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info source
AOMEI All Products Not Vuln source
Apache Archiva <2.2.6 Fix Fixed in 2.2.6 source, fix
Apache Camel all Not vuln source
Apache Cassandra all Not vuln source
Apache Druid 0.22.1 Fix source
Apache Dubbo All versions Fix source
Apache Flink 1.15.0, 1.14.2, 1.13.5, 1.12.7, 1.11.6 Fix source
Apache Fortress < 2.0.7 Fix Fixed in 2.0.7 source
Apache Guacamole All versions Not vuln source
Apache Geode 1.14.0 Fix Fixed in 1.12.6, 1.13.5, 1.14.1 source
Apache Hadoop Unknown Not vuln Uses log4j 1.x. Are plans to migrate to log4j2 but never performed source
Apache HBase Unknown Vulnerable Fix is committed, but not yet released source
Apache Hive 4.x Fix Fix in 4.x source
Apache James 3.6.0 Vulnerable source
Apache Jena < 4.3.1 Fix Fixed in 4.3.1 source
Apache JMeter Any Vulnerable Manual Bypass source
Apache JSPWiki 2.11.1 Fix source
Apache Kafka All versions Not vuln Uses log4j 1.x source
Apache Karaf Unknown Vulnerable Depends on PAX logging which is affected source
Apache Log4j 2.16.0 Fix source
Apache Maven All Versions Not Vuln source
Apache NiFi All Versions Fix Fixed in 1.15.1, 1.16.0 source
Apache OFBiz < 18.12.03 Fix Fixed in 18.12.03 source
Apache Ozone < 1.2.1 Fix Fixed in 1.2.1 source
Apache SkyWalking < 8.9.1 Fix Fixed in 8.9.1 source
Apache SOLR 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 Fix Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations source
Apache Spark All versions Not vuln Uses log4j 1.x source
Apache Struts 2.5.28 Vulnerable source
Apache Tapestry 5.7.3 Vulnerable Uses Log4j source
Apache Tika 2.0.0 and up Vulnerable source
Apache Tomcat Not vuln source
Apache TrafficControl Vulnerable source
Apache Zookeeper Not vuln Zookeeper uses Log4j 1.2 version source
APC PowerChute Business Edition Unknow to 10.0.2.301 Vulnerable
APC PowerChute Network Shutdown Unknow to 4.2.0 Vulnerable
Apereo CAS 6.3.x & 6.4.x Fix Other versions still in active maintainance might need manual inspection source
Apereo Opencast < 9.10, < 10.6 Fix source
Apigee Edge and OPDK products All version Not vuln source
Appian Appian Fix source
Aptible Aptible Search 5.x Fix source
Arduino Arduino IDE 1.8.17 Fix source
Arista Networks CloudVision Portal >2019.1.0 Vulnerable source
Arista Networks CloudVision Wi-Fi, virtual appliance or physical appliance >8.8 Vulnerable source
Arista Networks Analytics Node for DANZ Monitoring Fabric (formerly Big Monitoring Fabric) >7.0.0 Vulnerable source
Arista Networks Analytics Node for Converged Cloud Fabric (formerly Big Cloud Fabric) >7.0.0 Vulnerable source
Arista Networks Embedded Analytics for Converged Cloud Fabric (formerly Big Cloud Fabric) >5.3.0 Vulnerable source
Arista Networks CloudVision Portal >2019.1.0 Vulnerable source
Arista Networks CloudVision Wi-Fi, virtual appliance or physical appliance >8.8 Vulnerable source
Atlassian Bamboo Server & Data Center On prem Vulnerable Only vulnerable when using non-default config, cloud version fixed source
Atlassian BitBucket Server On prem Workaround source
Atlassian Confluence Server & Data Center On prem Vulnerable Only vulnerable when using non-default config, cloud version fixed source
Atlassian Crowd Server & Data Center On prem Vulnerable Only vulnerable when using non-default config, cloud version fixed source
Atlassian Crucible On prem Vulnerable Only vulnerable when using non-default config, cloud version fixed source
Atlassian Fisheye On prem Vulnerable Only vulnerable when using non-default config, cloud version fixed source
Atlassian Jira Server & Data Center On prem Vulnerable Only vulnerable when using non-default config, cloud version fixed source
Avaya source
AVM all products devices, firmware, software incl. MyFritz Service Not Vuln source
AXIS AXIS OS All versions Not Vuln source

B

Supplier Product Version (see Status) Status Notes Links
Backblaze Cloud N/A (SaaS) Fix Cloud service patched source
Barco Demetra Investigation source
Barco Other products Not vuln source
Basis Technology Autopsy 4.18.0 onwards Workaround version 4.18.0 onwards use Apache Solr 8 source
Bender GmbH und Co. KG All Not vuln source
B. Braun All Not vuln source
BD Arctic Sun Analytics Not vuln source
BD Diabetes Care App Cloud Not vuln source
BD HealthSight Clinical Advisor Not vuln source
BD HealthSight Data Manager Not vuln source
BD HealthSight Diversion Management Not vuln source
BD HealthSight Infection Advisor Not vuln source
BD HealthSight Inventory Optimization Analytics Not vuln source
BD HealthSight Medication Safety Not vuln source
BD Knowledge Portal for Infusion Technologies Not vuln source
BD Knowledge Portal for Medication Technologies Not vuln source
BD Knowledge Portal for BD Pyxis Supply Not vuln source
BD Synapsys Informatics Solution Not vuln source
BD Veritor COVID At Home Solution Cloud Not vuln source
BeyondTrust Privilege Management Cloud Unknown Not vuln source
BeyondTrust Privilege Management Reporting Unknown Not vuln source
BigBlueButton BigBlueButton Unknown Not vuln source
Bitdefender GravityZone On-Premises Unknown Not vuln source
Bitnami Unknown Unknown Fix source
Bitwarden Bitwarden All Not Vuln source
BioJava Java library for processing biological data 6.0.3 Fix source
BlackBerry Enterprise Mobility Server 2.12 and above Workaround source
BlackBerry Workspaces On-prem Server All Workaround source
BlackBerry  2FA All Workaround source
BMC Software 3270 SUPEROPTIMIZER/CICS    Not vuln source
BMC Software Application Restart Control for Db2    Not vuln source
BMC Software Application Restart Control for IMS    Not vuln source
BMC Software Application Restart Control for VSAM    Not vuln source
BMC Software Bladelogic Database Automation   Vulnerable Fix expected on Dec 15th source
BMC Software BMC AMI Batch Optimizer    Not vuln source
BMC Software BMC AMI Capacity Management    Not vuln source
BMC Software BMC AMI Command Center for Security    Not vuln source
BMC Software BMC AMI Console management      Not vuln source
BMC Software BMC AMI Cost Management    Not vuln source
BMC Software BMC AMI Datastream for Ops    Not vuln source
BMC Software BMC AMI Defender for Db2    Not vuln source
BMC Software BMC AMI Defender for Ops Insight    Not vuln source
BMC Software BMC AMI Defender for z/Linux    Not vuln source
BMC Software BMC AMI Defender for z/OS    Not vuln source
BMC Software BMC AMI Defender for z/VM    Not vuln source
BMC Software BMC AMI Defender TCP/IP Receiver    Not vuln source
BMC Software BMC AMI Enterprise Connector    Not vuln source
BMC Software BMC AMI Ops Automation for Capping    Not vuln source
BMC Software BMC AMI Ops Common Rest API (CRA) Vulnerable Fix expected on Dec 14th source
BMC Software BMC AMI Ops for Networks    Not vuln source
BMC Software BMC AMI Ops Infrastructure (MVI) - CRA component Vulnerable Fix expected on Dec 14th source
BMC Software BMC AMI Ops Insight Vulnerable Fix expected on Dec 14th source
BMC Software BMC AMI Ops Monitor for CMF    Not vuln source
BMC Software BMC AMI Ops Monitor for IMS Offline    Not vuln source
BMC Software BMC AMI Ops Monitor for IMS Online    Not vuln source
BMC Software BMC AMI Ops Monitor for USS    Not vuln source
BMC Software BMC AMI Ops Monitor for z/OS    Not vuln source
BMC Software BMC AMI Ops Monitor SYSPROG Services    Not vuln source
BMC Software BMC AMI Ops UI  Vulnerable Fix expected on Dec 14th source
BMC Software BMC AMI Recovery for VSAM    Not vuln source
BMC Software BMC AMI Security Administrator    Not vuln source
BMC Software BMC AMI Security Policy Manager    Not vuln source
BMC Software BMC AMI Security Privileged Access Manager (also called BMC AMI Security Breakglass)    Not vuln source
BMC Software BMC AMI Security Self Service Password Reset    Not vuln source
BMC Software BMC AMI Storage    Not vuln source
BMC Software BMC AMI Utilities    Not vuln source
BMC Software BMC Client Management Vulnerable Fix expected on Dec 14th source
BMC Software BMC Compuware Abend-Aid    Not vuln source
BMC Software BMC Compuware Application Audit    Not vuln source
BMC Software BMC Compuware DevEnterprise    Not vuln source
BMC Software BMC Compuware Enterprise Common Components (ECC)    Not vuln source
BMC Software BMC Compuware Enterprise Services (CES)    Not vuln source
BMC Software BMC Compuware Enterprise Services    Not vuln source
BMC Software BMC Compuware File-AID Data Privacy    Not vuln source
BMC Software BMC Compuware File-AID Data Solutions    Not vuln source
BMC Software BMC Compuware File-AID for DB2    Not vuln source
BMC Software BMC Compuware File-AID for IMS    Not vuln source
BMC Software BMC Compuware File-AID/MVS    Not vuln source
BMC Software BMC Compuware File-AID/RDX    Not vuln source
BMC Software BMC Compuware Hiperstation ALL Product Offerings    Not vuln source
BMC Software BMC Compuware ISPW    Not vuln source
BMC Software BMC Compuware iStrobe    Not vuln source
BMC Software BMC Compuware Program Analyzer    Not vuln source
BMC Software BMC Compuware Storage Backup and Recovery    Not vuln source
BMC Software BMC Compuware Storage Migration    Not vuln source
BMC Software BMC Compuware Storage Performance    Not vuln source
BMC Software BMC Compuware ThruPut Manager    Not vuln source
BMC Software BMC Compuware Topaz Enterprise Data    Not vuln source
BMC Software BMC Compuware Topaz for Java Performance    Not vuln source
BMC Software BMC Compuware Topaz for Total Test    Not vuln source
BMC Software BMC Compuware Topaz Program Analysis    Not vuln source
BMC Software BMC Compuware Topaz Workbench    Not vuln source
BMC Software BMC Compuware Xpediter/CICS    Not vuln source
BMC Software BMC Compuware Xpediter/Code Coverage    Not vuln source
BMC Software BMC Compuware Xpediter/TSO and IMS    Not vuln source
BMC Software BMC Compuware Xpediter/Xchange    Not vuln source
BMC Software BMC Compuware zAdviser    Not vuln source
BMC Software BMC Db2 Admin    Not vuln source
BMC Software BMC Db2 SQL Performance    Not vuln source
BMC Software BMC Defender Agent Configuration Manager    Not vuln source
BMC Software BMC Defender Agent for SAP    Not vuln source
BMC Software BMC Defender Agent for Unix/Linux    Not vuln source
BMC Software BMC Defender Agent for Windows    Not vuln source
BMC Software BMC Defender App for Splunk    Not vuln source
BMC Software BMC Defender SIEM Correlation Server    Not vuln source
BMC Software BMC Defender SIEM for Motorola    Not vuln source
BMC Software BMC Defender SIEM for NNT    Not vuln source
BMC Software BMC Defender SyslogDefender    Not vuln source
BMC Software BMC Defender Windows Agent for Splunk    Not vuln source
BMC Software BMC Discovery Fix Fix available in BMC’s Electronic Product Download site (EPD) source
BMC Software BMC Helix Continuous Optimization – Agents    Not vuln source
BMC Software BMC Helix Continuous Optimization Vulnerable Fix expected on Dec 15th source
BMC Software BMC Helix Knowledge Management    Not vuln source
BMC Software BMC License Usage Collection Utility Vulnerable Fix expected on Dec 14th source
BMC Software BMC Plus Utilities    Not vuln source
BMC Software BMC Recovery Management – BMC AMI LogMaster, Recovery Manager, Copy, Recover    Not vuln source
BMC Software Cloud Lifecycle Management    Not vuln source
BMC Software CMDB Vulnerable source
BMC Software Common Components: Next Generation Logger (NGL), Runtime Component System (RTCS), User Interface Middleware (UIM)    Not vuln source
BMC Software Control-M Vulnerable source
BMC Software ExceptionReporter    Not vuln source
BMC Software Footprints    Not vuln source
BMC Software Helix Data Manager Vulnerable source
BMC Software KMs - Sybase KM & Linux (RHEV) Fix Fix available in BMC’s Electronic Product Download site (EPD)   source
BMC Software MainView Explorer    Not vuln source
BMC Software MainView Middleware Administrator    Not vuln source
BMC Software MainView Middleware Monitor Vulnerable Fix expected on Dec 20th source
BMC Software MainView Transaction Analyzer    Not vuln source
BMC Software PATROL Agent    Not vuln source
BMC Software Release Process Management    Not vuln source
BMC Software Remedy ITSM (IT Service Management)    Not vuln source
BMC Software Remedy Smart Reporting Vulnerable source
BMC Software Resident Security Server    Not vuln source
BMC Software Track-It!    Not vuln source
BMC Software TrueSight App Visibility Manager Vulnerable Fix expected on Dec 15th source
BMC Software TrueSight Automation Console Vulnerable Fix expected on Dec 17th source
BMC Software TrueSight Automation for Networks Vulnerable Fix expected on Dec 13th source
BMC Software TrueSight Automation for Servers - Data Warehouse Vulnerable Fix expected on Dec 17th source
BMC Software TrueSight Automation for Servers Vulnerable Fix expected on Dec 17th source
BMC Software TrueSight Capacity Optimization – Agents    Not vuln source
BMC Software TrueSight Capacity Optimization    Not vuln source
BMC Software TrueSight Infrastructure Management Vulnerable source
BMC Software TrueSight IT Data Analytics Vulnerable Fix expected on Dec 15th source
BMC Software TrueSight Operations Management Vulnerable Fix expected on Dec 16th source
BMC Software TrueSight Orchestration    Not vuln source
BMC Software TrueSight Smart Reporting Vulnerable Fix expected on Dec 14th source
BMC Software TSCO For Mainframes    Not vuln source
BMC Software TSOM Smart Reporting Vulnerable Fix expected on Dec 14th source
BMC Software ULTRAOPT/CICS    Not vuln source
BMC Software ULTRAOPT/IMS    Not vuln source
BMC Software zDetect  Not vuln source
Brian Pangburn SwingSet < 4.0.6 Fix source
Broadcom Advanced Secure Gateway (ASG) Unknown Investigation source
Broadcom BCAAA Unknown Investigation source
Broadcom CA Advanced Authentication 9.1 & 9.1.01 & 9.1.02 Workaround source
Broadcom CloudSOC Cloud Access Security Broker (CASB) Unknown Not vuln source
Broadcom Cloud Workload Assurance (CWA) Unknown Not vuln source
Broadcom Cloud Workload Protection (CWP) Unknown Investigation source
Broadcom Cloud Workload Protection for Storage (CWP:S) Unknown Not vuln source
Broadcom Cloud Workload Protection for Storage (CWP:S) Unknown Not vuln source
Broadcom Content Analysis (CA)(SEPM) Unknown Not vuln source
Broadcom Critical System Protection (CSP) Unknown Not vuln source
Broadcom Data Center Security (DCS) Unknown Not vuln source
Broadcom Data Loss Prevention (DLP) Unknown Not vuln source
Broadcom Email Security Service (ESS) Unknown Investigation source
Broadcom Ghost Solution Suite (GSS) Unknown Not vuln source
Broadcom HSM Agent Unknown Investigation source
Broadcom Industrial Control System Protection (ICSP) Unknown Not vuln source
Broadcom Information Centric Analytics (ICA) Unknown Not vuln source
Broadcom Integrated Cyber Defense Exchange (ICDx) Unknown Investigation source
Broadcom Integrated Cyber Defense Manager (ICDm) Unknown Investigation source
Broadcom Integrated Secure Gateway (ISG) Unknown Investigation source
Broadcom IT Analytics (ITA) Unknown Not vuln source
Broadcom IT Management Suite Unknown Not vuln source
Broadcom IT Management Suite Unknown Not vuln source
Broadcom Layer7 API Developer Portal Unknown Investigation source
Broadcom Layer7 API Gateway Unknown Not vuln source
Broadcom Layer7 API Gateway Unknown Not vuln source
Broadcom Layer7 Mobile API Gateway Unknown Not vuln source
Broadcom Layer7 Mobile API Gateway Unknown Not vuln source
Broadcom LiveUpdate Administrator (LUA) Unknown Investigation source
Broadcom Management Center (MC) Unknown Not vuln source
Broadcom PacketShaper (PS) S-Series Unknown Not vuln source
Broadcom PolicyCenter (PC) S-Series Unknown Not vuln source
Broadcom Privileged Access Manager Server Control Unknown Investigation source
Broadcom Privileged Access Manager Unknown Investigation source
Broadcom Privileged Identity Manager Unknown Investigation source
Broadcom ProxySG Unknown Not vuln source
Broadcom ProxySG Unknown Not vuln source
Broadcom Reporter Unknown Not vuln source
Broadcom Secure Access Cloud (SAC) Unknown Investigation source
Broadcom Security Analytics (SA) Unknown Not vuln source
Broadcom Security Analytics (SA) Unknown Not vuln source
Broadcom ServiceDesk Unknown Not vuln source
Broadcom SiteMinder (CA Single Sign-On) 12.8.x Policy Server, 12.8.04 or later Administrative UI, 12.8.x Access Gateway, 12.8.x SDK, 12.7 and 12.8 ASA Agents Fix, Workaround source
Broadcom SSL Visibility (SSLV) Unknown Investigation source
Broadcom Symantec Control Compliance Suite (CCS) Unknown Not vuln source
Broadcom Symantec Control Compliance Suite (CCS) Unknown Not vuln source
Broadcom Symantec Directory Unknown Not vuln source
Broadcom Symantec Directory Unknown Not vuln source
Broadcom Symantec Endpoint Detection and Response (EDR) Unknown Investigation source
Broadcom Symantec Endpoint Encryption (SEE) Unknown Not vuln source
Broadcom Symantec Endpoint Protection Manager (SEPM) 14.3 Workaround source
Broadcom Symantec Endpoint Protection (SEP) Agent Unknown Not vuln source
Broadcom Symantec Endpoint Protection (SEP) for Mobile Unknown Investigation source
Broadcom Symantec Endpoint Protection (SEP) Unknown Investigation source
Broadcom Symantec Identity Governance and Administration (IGA) Unknown Not vuln source
Broadcom Symantec Mail Security for Microsoft Exchange (SMSMSE) Unknown Not vuln source
Broadcom Symantec Messaging Gateway (SMG) Unknown Not vuln source
Broadcom Symantec PGP Solutions Unknown Not vuln source
Broadcom Symantec Protection Engine (SPE) Unknown Not vuln source
Broadcom Symantec Protection for SharePoint Servers (SPSS) Unknown Not vuln source
Broadcom VIP Authentication Hub Unknown Investigation source
Broadcom VIP Unknown Not vuln source
Broadcom Web Isolation (WI) Unknown Investigation source
Broadcom WebPulse Unknown Investigation source
Broadcom Web Security Service (WSS)) Unknown Investigation source

C

Supplier Product Version (see Status) Status Notes Links
Carbon Black Cloud Workload Appliance Unknown Mitigation More information on pages linked bottom of blogpost (behind login) source
Carbon Black EDR Servers Unknown Mitigation More information on pages linked bottom of blogpost (behind login) source
CareStream All Not vuln source
CaseWare Cloud All Fix source
CaseWare IDEA All Not vuln source
CaseWare WorkingPapers All Not vuln source
Catalogic CloudCasa All Not vuln source
Cepheid C360 Not vuln source
Cepheid GeneXpert Investigation source
Cerebro Cerebro Elasticsearch Web Admin All Not vuln Uses logback for logging source
Cerberus FTP Unknown Not vuln source
Cerebrate Cerebrate All Not vuln source
Chaser Systems discrimiNAT Firewall All Not vuln source
Check Point Quantum Security Gateway All Not vuln source
Check Point Quantum Security Management All Not vuln source
Check Point CloudGuard All Not vuln source
Check Point Infinity Portal All Not vuln source
Check Point Harmony Endpoint & Harmony Mobile All Not vuln source
Check Point SMB All Not vuln source
Check Point ThreatCloud All Not vuln source
Chef Infra Server All Not vuln source
Chef Automate All Not vuln source
Chef Backend All Not vuln source
Cisco General Cisco Disclaimer Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly
Cisco ACI Multi-Site Orchestrator Unknown Not vuln source
Cisco ACI Virtual Edge Unknown Not vuln source
Cisco Adaptive Security Appliance (ASA) Software Unknown Not vuln source
Cisco Adaptive Security Device Manager Unknown Not vuln source
Cisco Advanced Web Security Reporting Application Unknown Vulnerable source
Cisco Aironet 1560 Series Access Points Unknown Not vuln source
Cisco Aironet 1810 Series OfficeExtend Access Points Unknown Not vuln source
Cisco Aironet 1810w Series Access Points Unknown Not vuln source
Cisco Aironet 1815 Series Access Points Unknown Not vuln source
Cisco Aironet 1830 Series Access Points Unknown Not vuln source
Cisco Aironet 1850 Series Access Points Unknown Not vuln source
Cisco Aironet 2800 Series Access Points Unknown Not vuln source
Cisco Aironet 3800 Series Access Points Unknown Not vuln source
Cisco AMP Virtual Private Cloud Appliance Unknown Vulnerable Fixes expecteded 10-Jan-2022 source
Cisco AnyConnect Secure Mobility Client All versions Not vuln source
Cisco AppDynamics <21.12.0 Fix source
Cisco Application Policy Infrastructure Controller (APIC) Unknown Not vuln source
Cisco ASR 5000 Series Routers Unknown Not vuln source
Cisco Broadcloud Calling Unknown Investigation source
Cisco BroadWorks Unknown Vulnerable source
Cisco Business Process Automation Unknown Not vuln source
Cisco Catalyst 9800 Series Wireless Controllers Unknown Not vuln source
Cisco CloudCenter Action Orchestrator Unknown Not vuln source
Cisco CloudCenter Suite Admin Unknown Vulnerable source
Cisco CloudCenter Workload Manager Unknown Vulnerable Fixes expecteded 23-Dec-2021 source
Cisco Cloud Email Security Unknown Not vuln source
Cisco Cloud Services Platform 2100 All versions Not vuln source
Cisco Cloud Services Platform 5000 Series All versions Not vuln source
Cisco Cognitive Intelligence Unknown Not vuln source
Cisco Common Services Platform Collector Unknown Vulnerable source
Cisco Computer Telephony Integration Object Server (CTIOS) Unknown Vulnerable source
Cisco ConfD Unknown Not vuln source
Cisco Connected Grid Device Manager Unknown Not vuln source
Cisco Connected Mobile Experiences Unknown Not vuln source
Cisco Connectivity Unknown Investigation source
Cisco Contact Center Domain Manager (CCDM) Unknown Vulnerable source
Cisco Contact Center Management Portal (CCMP) Unknown Vulnerable source
Cisco Container Platform Unknown Not vuln source
Cisco Content Security Management Appliance (SMA) Unknown Not vuln source
Cisco Crosswork Change Automation Unknown Vulnerable source
Cisco CX Cloud Agent Software Unknown Not vuln source
Cisco Data Center Network Manager (DCNM) Unknown Vulnerable source
Cisco Defense Orchestrator Unknown Not vuln source
Cisco DNA Assurance Unknown Investigation source
Cisco DNA Center Unknown Vulnerable source
Cisco DNA Spaces 2.5, 2.8.2, 2.11.0, 2.13.3 Fix source
Cisco Duo Unknown Fix source
Cisco Elastic Services Controller (ESC) Unknown Not vuln source
Cisco Email Security Appliance (ESA) Unknown Not vuln source
Cisco Emergency Responder Unknown Vulnerable source
Cisco Enterprise Chat and Email Unknown Vulnerable source
Cisco Enterprise NFV Infrastructure Software (NFVIS) Unknown Not vuln source
Cisco Evolved Programmable Network Manager Unknown Vulnerable source
Cisco Exony Virtualized Interaction Manager (VIM) Unknown Investigation source
Cisco Expressway Series Unknown Not vuln source
Cisco Extensible Network Controller (XNC) Unknown Not vuln source
Cisco Finesse Unknown Vulnerable source
Cisco Firepower 4100 Series Unknown Not vuln source
Cisco Firepower 9300 Security Appliances Unknown Investigation source
Cisco Firepower Management Center Unknown Not vuln source
Cisco Firepower Threat Defense (FTD) Unknown Vulnerable source
Cisco GGSN Gateway GPRS Support Node Unknown Not vuln source
Cisco Hosted Collaboration Mediation Fulfillment Unknown Not vuln source
Cisco HyperFlex System Unknown Not vuln source
Cisco Identity Services Engine (ISE) 2.4, 2.6 Vulnerable Fix expected on Dec 17th source
Cisco Identity Services Engine (ISE) 2.7, 3.0 Vulnerable Fix expected on Dec 16th source
Cisco Identity Services Engine (ISE) 3.1 Vulnerable Fix expected on Dec 18th source
Cisco Integrated Management Controller (IMC) Supervisor Unknown Vulnerable source
Cisco Intersight Unknown Investigation source
Cisco Intersight Virtual Appliance Unknown Vulnerable source
Cisco IOS and IOS XE Software Unknown Not vuln source
Cisco IOS XR Software Unknown Not vuln source
Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) Unknown Not vuln source
Cisco IoT Operations Dashboard Unknown Investigation source
Cisco IOx Fog Director Unknown Vulnerable source
Cisco IP Services Gateway (IPSG) Unknown Not vuln source
Cisco Jabber Guest All versions Not vuln source
Cisco Kinetic for Cities Unknown Investigation source
Cisco Managed Services Accelerator (MSX) Network Access Control Service Unknown Investigation source
Cisco MDS 9000 Series Multilayer Switches Unknown Not vuln source
Cisco Meeting Server Unknown Not vuln source
Cisco Meraki GO Unknown Not vuln source
Cisco Meraki MR Unknown Not vuln source
Cisco Meraki MS Unknown Not vuln source
Cisco Meraki MT Unknown Not vuln source
Cisco Meraki MV Unknown Not vuln source
Cisco Meraki MX Unknown Not vuln source
Cisco Meraki System Manager Unknown Not vuln source
Cisco Meraki Z-Series Unknown Not vuln source
Cisco MME Mobility Management Entity Unknown Not vuln source
Cisco Mobility Services Engine Unknown Not vuln source
Cisco Mobility Unified Reporting and Analytics System Unknown Not vuln source
Cisco Modeling Labs Unknown Not vuln source
Cisco Network Assessment (CNA) Tool Unknown Investigation source
Cisco Network Assurance Engine Unknown Vulnerable source
Cisco Network Convergence System 2000 Series Unknown Not vuln source
Cisco Network Planner Unknown Investigation source
Cisco Network Services Orchestrator (NSO) < nso-5.3.5.1, nso-5.4.5.2, nso-5.5.4.1, nso-5.6.3.1 Vulnerable Fixes expected 17-Dec source
Cisco Nexus 3000 Series Switches Unknown Not vuln source
Cisco Nexus 5500 Platform Switches Unknown Not vuln source
Cisco Nexus 5600 Platform Switches Unknown Not vuln source
Cisco Nexus 6000 Series Switches Unknown Not vuln source
Cisco Nexus 7000 Series Switches Unknown Not vuln source
Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode Unknown Not vuln source
Cisco Nexus 9000 Series Switches in standalone NX-OS mode Unknown Not vuln source
Cisco Nexus Dashboard (formerly Cisco Application Services Engine) <2.1.2 Vulnerable Fixes expected 7-Jan-2022 source
Cisco Nexus Data Broker Unknown Not vuln source
Cisco Nexus Insights Unknown Investigation source
Cisco Optical Network Planner Unknown Investigation source
Cisco Packaged Contact Center Enterprise Unknown Vulnerable source
Cisco Paging Server (InformaCast) Unknown Investigation source
Cisco Paging Server Unknown Investigation source
Cisco PDSN/HA Packet Data Serving Node and Home Agent Unknown Not vuln source
Cisco PGW Packet Data Network Gateway Unknown Not vuln source
Cisco Policy Suite Unknown Not vuln source
Cisco Prime Access Registrar Unknown Not vuln source
Cisco Prime Cable Provisioning Unknown Not vuln source
Cisco Prime Central for Service Providers Unknown Investigation source
Cisco Prime Collaboration Assurance Unknown Not vuln source
Cisco Prime Collaboration Deployment Unknown Not vuln source
Cisco Prime Collaboration Manager Unknown Investigation source
Cisco Prime Collaboration Provisioning Unknown Not vuln source
Cisco Prime Infrastructure Unknown Investigation source
Cisco Prime IP Express Unknown Not vuln source
Cisco Prime License Manager Unknown Not vuln source
Cisco Prime Network Unknown Not vuln source
Cisco Prime Network Registrar Unknown Not vuln source
Cisco Prime Optical for Service Providers Unknown Not vuln source
Cisco Prime Performance Manager Unknown Not vuln source
Cisco Prime Provisioning Unknown Not vuln source
Cisco Prime Service Catalog Unknown Investigation source
Cisco Registered Envelope Service Unknown Not vuln source
Cisco SD-WAN vEdge 1000 Series Routers Unknown Not vuln source
Cisco SD-WAN vEdge 2000 Series Routers Unknown Not vuln source
Cisco SD-WAN vEdge 5000 Series Routers Unknown Not vuln source
Cisco SD-WAN vEdge Cloud Router Platform Unknown Not vuln source
Cisco SD-WAN vManage Unknown Vulnerable source
Cisco Secure Network Analytics (SNA), formerly Stealthwatch Unknown Investigation source
Cisco Security Manager Unknown Not vuln source
Cisco Smart Software Manager On-Prem Unknown Not vuln source
Cisco SocialMiner All versions Not vuln source
Cisco System Architecture Evolution Gateway (SAEGW) Unknown Not vuln source
Cisco TelePresence Management Suite Unknown Not vuln source
Cisco TelePresence Video Communication Server (VCS) Unknown Not vuln source
Cisco Tetration Analytics All versions Not vuln source
Cisco UCS Central Software Unknown Not vuln source
Cisco UCS C-Series Rack Servers - Integrated Management Controller Unknown Not vuln source
Cisco UCS Director Unknown Vulnerable source
Cisco UCS Manager Unknown Not vuln source
Cisco UCS Performance Manager Unknown Investigation source
Cisco Ultra Packet Core Unknown Not vuln source
Cisco Umbrella Unknown Investigation source
Cisco Unified Attendant Console Advanced Unknown Not vuln source
Cisco Unified Attendant Console Business Edition Unknown Not vuln source
Cisco Unified Attendant Console Department Edition Unknown Not vuln source
Cisco Unified Attendant Console Enterprise Edition Unknown Not vuln source
Cisco Unified Attendant Console Premium Edition Unknown Not vuln source
Cisco Unified Communications Domain Manager Unknown Not vuln source
Cisco Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition Unknown Vulnerable source
Cisco Unified Communications Manager Cloud Unknown Vulnerable source
Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) Unknown Vulnerable source
Cisco Unified Contact Center Enterprise - Live Data server Unknown Vulnerable source
Cisco Unified Contact Center Enterprise Unknown Vulnerable source
Cisco Unified Contact Center Express Unknown Vulnerable source
Cisco Unified Customer Voice Portal Unknown Not vuln source
Cisco Unified Intelligence Center Unknown Not vuln source
Cisco Unified Intelligent Contact Management Enterprise Unknown Vulnerable source
Cisco Unified SIP Proxy Software Unknown Vulnerable source
Cisco Unity Connection Unknown Vulnerable source
Cisco Unity Express Unknown Not vuln source
Cisco Video Surveillance Media Server Unknown Not vuln source
Cisco Video Surveillance Operations Manager <7.14.4 Vulnerable Fixes expected 16-Dec-2021 source
Cisco Virtualized Voice Browser Unknown Investigation source
Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM Unknown Investigation source
Cisco Vision Dynamic Signage Director Unknown Not vuln source
Cisco WAN Automation Engine (WAE) Unknown Vulnerable source
Cisco Webex App Unknown Not vuln source
Cisco Webex Cloud-Connected UC (CCUC) Unknown Vulnerable source
Cisco Webex Meetings Server CWMS-3.0MR4SP2, CWMS-4.0MR4SP2 Vulnerable Fixes expecteded 14-Dec-2021 source
Cisco Webex Room Phone Unknown Not vuln source
Cisco Web Security Appliance (WSA) Unknown Not vuln source
Cisco Wide Area Application Services (WAAS) All versions Not vuln source
Cisco Cisco Wireless LAN Controller Unknown Not vuln source
CIS-CAT CSAT Pro < 1.7.1 Vulnerable Upgrade to v1.7.1 to be released 16/12 source
CIS-CAT CIS-CAT Pro Assessor v4 < 4.13.0 Vulnerable Upgrade to v4.13.0 to be released 16/12 source
CIS-CAT CIS-CAT Pro Assessor Service v4 < 1.13.0 Vulnerable Upgrade to v1.13.0 to be released 16/12 source
CIS-CAT CIS-CAT Pro Assessor v3 < 3.0.77 Vulnerable Upgrade to v3.0.77 to be released 16/12 source
CIS-CAT CIS-CAT Pro Dashboard All Not vuln source
Citrix Analytics Unknown Investigation source
Citrix Application Delivery Management (NetScaler MAS) All versions Not vuln source
Citrix Endpoint Management (XenMobile Server) 10.12 RP10, 10.13 RP5 and 10.14 RP2 Fix source
Citrix Hypervisor (XenServer) Unknown Not Vuln source
Citrix NetScaler ADC All versions Not vuln source
Citrix NetScaler Gateway All versions Not vuln source
Citrix SD-WAN All versions Not vuln source
Citrix Sharefile Unknown Not vuln source
Citrix Virtual Apps and Desktops (XenApp & XenDesktop) Unknown Investigation Not vulnerable: App Layering, Delivery Controller, Director, FAS, HDX, Profile Management, PVS, Session Recording, Storefront, Studio, Windows VDA, WEM source
Citrix Workspace App All versions Not vuln source
Citrix Workspace Unknown Not vuln source
Clavister NetWall - Not vuln source
Clavister NetShield - Not vuln source
Clavister InControl - Not vuln source
Clavister OneConnect - Vulnerable Fixed source
Clavister EasyAccess <= 4.1.2 Vulnerable See link for fix source
Clavister InCenter <= 1.68.03, 2.0.0 and 2.1.0 Vulnerable See link for fix source
Cockroach Labs CockroachDB - Not vuln source
CODESYS all all Not vuln source
Commvault Cloud Apps & Oracle & MS-SQL All supported versions Fix source
Compumatica CryptoGuard all Not vuln source
Compumatica CompuMail Gateway all Not vuln source
Compumatica Compuwall all Not vuln source
Compumatica MagiCtwin all Not vuln source
Compumatica MASC all Not vuln source
Confluence CIS CSAT Pro v1.7.1 Vuln source
Confluence CIS WorkBench Not Vuln source
Confluence CIS-CAT Lite v4.13.0 Vuln source
Confluence CIS-CAT Pro Assessor v3 Full and Dissolvable v3.0.77 Vuln source
Confluence CIS-CAT Pro Assessor v4 v4.13.0 Vuln source
Confluence CIS-CAT Pro Assessor v4 Service v1.13.0 Vuln source
Confluence CIS-CAT Pro Dashboard Not Vuln source
Confluence CIS-Hosted CSAT Not Vuln source
Connect2id Connect2id server < 12.5.1 Fix source
Connectwise Global search capability of Manage Cloud Unknown Mitigation source
Connectwise Manage on-premise's Global Search Unknown Mitigation source
Connectwise Marketplace Unknown Mitigation source
Connectwise Perch Unknown Fix source
Connectwise StratoZen Unknown Mitigation Urgent action for self-hosted versions source
Contrast Hosted SaaS Enviroments All Fix source
Contrast Java Agent All Not vuln source
Contrast On-premises (EOP) Environments All Fix/Mitigation source
Contrast Scan All Fix source
ControlUp All products All versions Fix source
Copadata Zenon product family All Not vuln source
Coralogix Coralogix Unknown Fix source
Couchbase Couchbase ElasticSearch connector < 4.3.3 & < 4.2.13 Fix source
cPanel cPanel Unknown Mitigation source
Cryptshare Cryptshare for Notes All Not vuln source
Cryptshare Cryptshare for NTA 7516 All Not vuln source
Cryptshare Cryptshare for Outlook All Not vuln source
Cryptshare Cryptshare Java API All Not vuln source
Cryptshare Cryptshare .NET API All Not vuln source
Cryptshare Cryptshare Robot All Not vuln source
Cryptshare Cryptshare Server All Not vuln source
Cyberark Cloud Entitlements Manager Not Vuln source
Cyberark Endpoint Privilege Manager (EPM) - Agents Not Vuln source
Cyberark Endpoint Privilege Manager (EPM) - EPM Server (On-Premise) Not Vuln source
Cyberark Endpoint Privilege Manager (EPM) - Service (SaaS) Not Vuln source
Cyberark HTML5 Gateway Not Vuln source
Cyberark Identity - Mobile App Not vuln source
Cyberark Identity - On-Premise Components Not vuln source
Cyberark Identity - Secure Web Sessions (SWS) Fix source
Cyberark Identity - Service (SaaS) Not vuln source
Cyberark Legacy Sensitive Information Management (SIM) Not vuln source
Cyberark Marketplace components - Certified and Trusted Marketplace Components Not vuln source
Cyberark Marketplace components - CPM Plugins Not vuln source
Cyberark Marketplace components - PSM Connection Components Not vuln source
Cyberark On-Demand Privileges Manager (OPM) Not Vuln source
Cyberark PAS Self Hosted (Vault, PVWA, CPM, PSM, PSMP) Not Vuln source
Cyberark Privilege Cloud - On-Premise Components Not Vuln source
Cyberark Privilege Cloud - Service (SaaS) Fix Mitigation applied. No further action required by customers source
Cyberark Privileged Threat Analytics (PTA) Workaround source, workaround
Cyberark Remote Access (Alero) - Connector Fix source
Cyberark Remote Access (Alero) - Mobile App Not vuln source
Cyberark Remote Access (Alero) - Service (SaaS) Fix Mitigation applied. No further action required by customers source
Cyberark Secrets Manager Conjur Enterprise Not vuln source
Cyberark Secrets Manager Credential Providers Not vuln source
Cybereason All Cybereason products Unknown Not vuln source

D

Supplier Product Version (see Status) Status Notes Links
DatadogHQ Datadog Agent 6 < 6.32.2, 7 < 7.32.2 Fix/workaround JMX monitoring component leverages an impacted version of log4j source
DataNet Quality Systems WinSPC Not vuln Note: this is not WinSCP. This is a Statistical Process Control software. Email from customer support. See vendor-statements folder.
Datev All Datev products Unknown Vulnerable german source source
Dataverse The Dataverse Project Vulnerable source
Datto All Datto products Unknown Not vuln source
Datto All Datto products Unknown Not vuln source
DBeaver DBeaver Unknown Not vuln source
Debian Apache-log4j.1.2 stretch, buster, bullseye Fix source
Debian Apache-log4j2 stretch, buster, bullseye Fix source
Dell Alienware Command Center Unknown Not vuln source
Dell Alienware OC Controls Unknown Not vuln source
Dell Alienware On Screen Display Unknown Not vuln source
Dell Alienware Update Unknown Not vuln source
Dell APEX Console Unknown Vulnerable Cloud environment patch in progress source
Dell APEX Data Storage Services Unknown Vulnerable Cloud environment patch in progress source
Dell Atmos Unknown Not vuln source
Dell Cloud IQ Unknown Vulnerable Cloud environment patch in progress source
Dell BSAFE Crypto-C Micro Edition Unknown Not vuln source
Dell BSAFE Crypto-J Unknown Not vuln source
Dell BSAFE Micro Edition Suite Unknown Not vuln source
Dell Centera Unknown Not vuln source
Dell Chassis Management Controller (CMC) Unknown Not vuln source
Dell Cloud Mobility for Dell EMC Storage Unknown Not vuln source
Dell Cloudlink Unknown Not vuln source
Dell Data Domain OS Unknown Vulnerable Workaround expected 12/15 source
Dell Disk Library for Mainframe Unknown Not vuln source
Dell Embedded NAS Unknown Not vuln source
Dell EMC Avamar Unknown Vulnerable See DSA-2021-277 source
Dell EMC Cloud Disaster Recovery Unknown Vulnerable Workaround expected 12/15 source
Dell EMC DataIQ Unknown Not vuln source
Dell EMC Data Protection Central Unknown Vulnerable Fix Release Timeline TBD source
Dell EMC Data Protection Search Unknown Vulnerable Fix Release Timeline TBD source
Dell EMC ECS Unknown Vulnerable Patch expected 12/17 source
Dell EMC Enterprise Storage Analytics for vRealize Operations Unknown Fix See DSA-2021-278 source
Dell EMC Integrated System for Microsoft Azure Stack Hub Unknown Not vuln source
Dell EMC License Manager Unknown Not vuln source
Dell EMC NetWorker Unknown Vulnerable Workaround expected 12/15 source
Dell EMC NetWorker VE Unknown Vulnerable Fix Release Timeline TBD source
Dell EMC Networking Onie Unknown Not vuln source
Dell EMC ObjectScale Unknown Vulnerable Fix Release Timeline TBD source
Dell EMC PowerFlex Appliance Unknown Vulnerable Workaround expected 12/15 source
Dell EMC PowerFlex Manager Unknown Vulnerable Fix Release Timeline TBD source
Dell EMC PowerFlex Rack Unknown Vulnerable Fix Release Timeline TBD source
Dell EMC PowerMax Unknown Not vuln source
Dell EMC PowerPath Unknown Not vuln source
Dell EMC PowerPath Management Appliance Unknown Not vuln source
Dell EMC PowerProtect Cyber Recovery Unknown Not vuln source
Dell EMC PowerProtect Data Manager Unknown Vulnerable Workaround expected 12/15 source
Dell EMC PowerProtect DP Series Appliance (iDPA) Unknown Vulnerable Workaround expected 12/15 source
Dell EMC PowerScale OneFS Unknown Not vuln source
Dell EMC PowerShell for PowerMax Unknown Not vuln source
Dell EMC PowerShell for Powerstore Unknown Not vuln source
Dell EMC PowerShell for Unity Unknown Not vuln source
Dell EMC PowerStore Unknown Vulnerable Patch expected 12/31 source
Dell EMC RecoverPoint Unknown Vulnerable Fix Release Timeline TBD source
Dell EMC Repository Manager (DRM) Unknown Not vuln source
Dell EMC SourceOne Unknown Not vuln source
Dell EMC SRM vApp Unknown Vulnerable Fix Release Timeline TBD source
Dell EMC Streaming Data Platform Unknown Vulnerable Fix Release Timeline TBD source
Dell EMC Systems Update (DSU) Unknown Not vuln source
Dell EMC Unity Unknown Vulnerable Patch expected 12/31 source
Dell EMC Virtual Storage Integrator Unknown Not vuln source
Dell EMC VPLEX Unknown Vulnerable Fix Release Timeline TBD source
Dell EMC VxRail Unknown Vulnerable See DSA-2021-265 source
Dell EMC XtremIO Unknown Not vuln source
Dell Enterprise Hybrid Cloud Unknown Vulnerable See DSA-2021-270 source
Dell GeoDrive Unknown Not vuln source
Dell Hybrid Client (DHC) Unknown Not vuln source
Dell ImageAssist Unknown Not vuln source
Dell Insight IQ Unknown Not vuln source
Dell Integrated Dell Remote Access Controller (iDRAC) Unknown Not vuln source
Dell IsilonSD Management Server Unknown Not vuln source
Dell Mainframe Enablers Unknown Not vuln source
Dell MyDell Mobile Unknown Not vuln source
Dell NetWorker Management Console Unknown Not vuln source
Dell Networking N-Series Unknown Not vuln source
Dell Networking OS 10 Unknown Not vuln source
Dell Networking OS 9 Unknown Not vuln source
Dell Networking SD-WAN Edge Unknown Investigation source
Dell Networking W-Series Unknown Not vuln source
Dell Networking X-Series Unknown Not vuln source
Dell OMIMSSC (OpenManage Integration for Microsoft System Center) Unknown Not vuln source
Dell Open Manage Mobile Unknown Not vuln source
Dell Open Manage Server Administrator Unknown Not vuln source
Dell Open Management Enterprise - Modular Unknown Vulnerable Patch expected 12/17 source
Dell OpenManage Change Management Unknown Not vuln source
Dell OpenManage Enterprise Unknown Vulnerable Patch expected 12/17 source
Dell OpenManage Enterprise Services Unknown Vulnerable Patch expected 12/17 source
Dell OpenManage Integration for Microsoft System Center for System Center Operations Manager Unknown Not vuln source
Dell OpenManage Integration with Microsoft Windows Admin Center Unknown Not vuln source
Dell OpenManage Network Integration Unknown Not vuln source
Dell PowerEdge BIOS Unknown Not vuln source
Dell Remotely Anywhere Unknown Not vuln source
Dell Secure Connect Gateway (SCG) 5.0 Appliance Unknown Vulnerable Fix Release Timeline TBD source
Dell Smart Fabric Storage Software Unknown Not vuln source
Dell Solutions Enabler Unknown Not vuln source
Dell Sonic Unknown Not vuln source
Dell SRS Policy Manager Unknown Vulnerable Fix Release Timeline TBD source
Dell SRS VE Unknown Not vuln source
Dell SupportAssist Client Commercial Unknown Not vuln source
Dell SupportAssist Client Consumer Unknown Not vuln source
Dell SupportAssist Enterprise Unknown Vulnerable Fix Release Timeline TBD source
Dell Unisphere Central Unknown Vulnerable Fix Release Timeline TBD source
Dell Unisphere for PowerMax Unknown Not vuln source
Dell Vblock Unknown Vulnerable Fix Release Timeline TBD source
Dell ViPR Controller Unknown Not vuln source
Dell VNX Control Station Unknown Not vuln source
Dell VNX1 Unknown Not vuln source
Dell VNX2 Unknown Not vuln source
Dell VNXe 1600 Unknown Vulnerable Fix Release Timeline TBD source
Dell VNXe 3200 Unknown Vulnerable Fix Release Timeline TBD source
Dell Vsan Ready Nodes Unknown Not vuln source
Dell VxBlock Unknown Vulnerable Fix Release Timeline TBD source
Dell VxFlex Ready Nodes Unknown Vulnerable Workaround expected 12/15 source
Dell Wyse Management Suite Unknown Vulnerable See DSA-2021-267 source
Dell Wyse Management Suite Import Tool Unknown Not vuln source
Dell Wyse Proprietary OS (ThinOS) Unknown Not vuln source
Dell Wyse Windows Embedded Unknown Vulnerable Fix Release Timeline TBD source
Device42 Device42 All Not vuln source
Devolutions All products Not vuln source
DirectAdmin All products Not vuln Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. source
Docker Docker infrastructure Unknown Not vuln Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. source
DotCMS Hybrid Content Management System Fix source
Draytek All products Unknown Not vuln source
Dräger All Medical Devices Not Vuln source
Dropwizard Dropwizard Unknown Not vuln Only vulnerable if you manually added Log4j source
Dynatrace ActiveGates 1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926 Fix source
Dynatrace Dynatrace Cloud Services Unknown Fix source

E

Supplier Product Version (see Status) Status Notes Links
EAL ATS Classic All Versions Not Vuln See vendor-statements
EclecticIQ TIP < 2.11 Vulnerable The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation. see link in their own fix for Logstash (Support account needed, ongoing investigation) source/fix
Elastic APM Java Agent 1.17.0-1.28.0 Workaround Only vulnerable with specific configuration source
Elastic APM Server Not Vuln source
Elastic Beats Not Vuln source
Elastic Cmd Not Vuln source
Elastic Elastic Agent Not Vuln source
Elastic Elastic Cloud Enterprise Not Vuln source
Elastic Elastic Cloud Not Vuln source
Elastic Elastic Cloud on Kubernetes Not Vuln source
Elastic Elastic Endgame Not Vuln source
Elastic Elastic Maps Service Not Vuln source
Elastic Elasticsearch < 6.8.9, 7 - 7.8 Fix Information leakage vulnerability, Fixed in 7.16.1 and 6.8.21 source
Elastic Endpoint Security Not Vuln source
Elastic Enterprise Search Not Vuln source
Elastic Fleet Server Not Vuln source
Elastic Kibana Not Vuln source
Elastic Logstash < 6.8.21, < 7.16.1 Fix No known remote code execution exposure, Fixed in 6.8.21, 7.16.1 source
Elastic Machine Learning Not Vuln source
Elastic Swiftype Investigation source
ELO Digital Office Not Vuln source
Enovation All Not Vuln source
ESET All products Unknown Not vuln source
ESET Secure Authentication Unknown Workaround source
Esri ArcGIS Enterprise and related products < 10.8.0 Workaround See source for workaround source
estos All products Unknown Not vuln source
EVL Labs JGAAP <8.0.2 Fix source
Exivity Exivity On-Premise All version Not Vuln source
Exact All Products Not vuln source NL, source EN
Evolveum midPoint Not vuln source
Extensis Universal Type Server =>7.0.6 Fix source
eXtreme Hosting All products Unknown Not vuln source
Extreme Networks 200-series Investigation source
Extreme Networks BOSS Not vuln source
Extreme Networks EXOS Not vuln source
Extreme Networks Extreme AirDefense Not vuln source
Extreme Networks Extreme Campus Controller (ExtremeCloud Appliance) Not vuln source
Extreme Networks Extreme Fabric Automation (EFA) Not vuln source
Extreme Networks Extreme Management Center (XMC) Not vuln source
Extreme Networks Extreme Visibility Manager (XVM) Not vuln source
Extreme Networks ExtremeAnalytics Not vuln source
Extreme Networks ExtremeCloud A3 Not vuln source
Extreme Networks ExtremeCloud IQ Not vuln source
Extreme Networks ExtremeConnect Not vuln source
Extreme Networks ExtremeControl Not vuln source
Extreme Networks ExtremeGuest Investigation source
Extreme Networks ExtremeLocation Not vuln source
Extreme Networks ExtremeWireless (Identifi) Not vuln source
Extreme Networks Fabric Manager Not vuln source
Extreme Networks HiveManager Classic On-Premises Not vuln source
Extreme Networks HiveManager Classic Online Not vuln source
Extreme Networks IQEngine (HiveOS) Not vuln source
Extreme Networks IQVA Vulnerable source
Extreme Networks ISW Not vuln source
Extreme Networks NetIron OS Not vuln source
Extreme Networks Network OS Not vuln source
Extreme Networks Nsight Investigation source
Extreme Networks SLX-OS Not vuln source
Extreme Networks Traffic Sensor Not vuln source
Extreme Networks VOSS Not vuln source
Extreme Networks WiNG Not vuln source
Extreme Networks XIQ-SE Not vuln source
Ewon eCatcher 6.7.7 Fix source

F

Supplier Product Version (see Status) Status Notes Links
F5 All products Not Vuln F5 products themselves are not vulnerable, but F5 published guidance on mitigating through BIG-IP ASM/Advanced WAF and NGINX App Protect source
Fiix CMMS core V5 Fix source
FileCap FileCap Server 5.1.1 Fix source
FileCap FileCap Plugins Not vuln source
Forcepoint Advanced Malware Detection Not vuln source
Forcepoint Behavioral Analytics Investigation source
Forcepoint Bitglass SSE Not vuln source
Forcepoint CASB Investigation source
Forcepoint Content Gateway Not vuln source
Forcepoint DDP/DUP/DPS Investigation source
Forcepoint Directory Synchronization Client Not vuln source
Forcepoint DLP Manager Workaround source
Forcepoint Email Security Not vuln source
Forcepoint Forcepoint Cloud Security Gateway (CSG) Not vuln source
Forcepoint Insider Threat Not vuln source
Forcepoint Next Generation Firewall (NGFW) Not vuln source
Forcepoint Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder Not vuln source
Forcepoint Next Generation Firewall Security Management Center, and virtual SMC appliances (NGFW) Workaround source
Forcepoint One Endpoint Not vuln source
Forcepoint Private Access Not vuln source
Forcepoint Remote Browser Isolation Not vuln source
Forcepoint Security Manager (Web, Email and DLP) Workaround source
Forcepoint Web Security Investigation source
Forescout Investigation source
ForgeRock Autonomous Identity Workaround all other ForgeRock products not vuln source
Fortinet FortiAIOps version < 1.0.1 Vulnerable Fixed in version 1.0.2 source
Fortinet FortiAnalyzer Cloud Not Vuln source
Fortinet FortiAnalyzer Not Vuln source
Fortinet FortiAP Not Vuln source
Fortinet FortiAuthenticator Not Vuln source
Fortinet FortiCASB Vulnerable source
Fortinet FortiConvertor Vulnerable source
Fortinet FortiDeceptor Not Vuln source
Fortinet FortiEDR Agent Not Vuln source
Fortinet FortiEDR Cloud Vulnerable source
Fortinet FortiGate Cloud Not Vuln source
Fortinet FortiGSLB Cloud Not Vuln source
Fortinet FortiMail Not Vuln source
Fortinet FortiManager Cloud Not Vuln source
Fortinet FortiManager Not Vuln source
Fortinet FortiNAC Vulnerable source
Fortinet FortiNAC Vulnerable source
Fortinet FortiOS (includes FortiGate & FortiWiFi) Not Vuln source
Fortinet FortiPhish Cloud Not Vuln source
Fortinet FortiPolicy Vulnerable source
Fortinet FortiPortal Fix Vulnerable Fixed in version 6.0.8 and 5.3.8 source
Fortinet FortiRecorder Not Vuln source
Fortinet FortiSIEM Workaround Vulnerable Mitigation steps source
Fortinet FortiSOAR Vulnerable source
Fortinet FortiSwitch Cloud in FortiLANCloud Not Vuln source
Fortinet FortiSwitch & FortiSwitchManager Not Vuln source
Fortinet FortiToken Cloud Not Vuln source
Fortinet FortiVoice Not Vuln source
Fortinet FortiWeb Cloud Not Vuln source
Fortinet ShieldX Vulnerable source
Fujitsu ServerView Suite Unknown Vulnerable Log4j v2.12 present in ServerView Operations Manager source
Fujitsu SecDocs Unknown Vulnerable source
F-Secure Endpoint Proxy 13-15 Fix source
F-Secure Policy Manager 13-15 Fix source
F-Secure Policy Manager Proxy 13-15 Fix source
FusionAuth FusionAuth 1.32 Not Vuln source

G

Supplier Product Version (see Status) Status Notes Links
Genesys All products Investigation source
GeoSolutions GeoServer All versions Not vuln source
GeoSolutions Geonetwork All versions Workaround source
GFI Software Kerio Connect Vulnerable source
Ghisler Total Commander All Not Vuln Third Party plugins might contain log4j source
GitHub Github Enterprise Server 3.3.1, 3.2.6, 3.1.14, 3.0.22 Fix source
GitLab GitLab Not vuln source
GoAnywhere Agents Unknown Workaround source
GoAnywhere Gateway Unknown Workaround source
GoAnywhere MFT Unknown Workaround source
Gradle Gradle Not vuln Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. source
Gradle Gradle Enterprise 2021.3.6 Fix source
Gradle Gradle Enterprise Test Distribution Agent 1.6.2 Fix source
Gradle Gradle Enterprise Build Cache Node 10.1 Fix source
Grafana All products Not vuln source
Gravwell All products Not vuln Gravwell products do not use Java source
Graylog Graylog 3.3.15, 4.0.14, 4.1.9, 4.2.3 Fix The vulnerable Log4j library is used to record GrayLog's own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. Graylog version 4.2.4 fixes another vulnerability source
GuardedBox GuardedBox 3.1.2 Fix source

H

Supplier Product Version (see Status) Status Notes Links
HackerOne Unknown Unknown Fix source
Hashicorp All products Not Vuln source
HCL Software BigFix Insights Unknown Not vuln not vuln for CVE-2021-45046 source
HCL Software BigFix Insights for Vulnerability Remediation Unknown Not vuln not vuln for CVE-2021-45046 source
HCL Software BigFix Compliance > 2.0.1 ; < 2.0.4 Workaround not vuln for CVE-2021-45046 source
HCL Software BigFix Inventory < 10.0.7 Workaround not vuln for CVE-2021-45046 source
HCL Software BigFix Lifecycle Unknown Not vuln not vuln for CVE-2021-45046 source
HCL Software BigFix Mobile Unknown Not vuln not vuln for CVE-2021-45046 source
HCL Software BigFix Patch Unknown Not vuln not vuln for CVE-2021-45046 source
Heimdal Security web-based services Cloud Not vuln source
Helpsystems Clearswift Secure Email Gateway 5.4.0 ,5.3.0 Vulnerable Investigation source
Helpsystems Clearswift Secure Exchange Gateway 5.4.0 ,5.3.0 Vulnerable Investigation source
Helpsystems Clearswift Secure Web Gateway 5.4.0 ,5.3.0 Vulnerable Investigation source
Helpsystems Clearswift Secure ICAP Gateway 5.4.0 ,5.3.0 Vulnerable Investigation source
Hexagon ERDAS APOLLO Advantage & Professional Unknown Investigation source
Hexagon ERDAS APOLLO Essentials Unknown Not vuln source
Hexagon GeoMedia SmartClient Unknown Not vuln source
Hexagon GeoMedia Unknown Not vuln source
Hexagon GeoMedia WebMap Unknown Not vuln source
Hexagon Geospatial Portal Unknown Not vuln source
Hexagon Geospatial SDI Unknown Not vuln source
Hexagon ImageStation Unknown Not vuln source
Hexagon IMAGINE Unknown Not vuln source
Hexagon Luciad Fusion Unknown Not vuln The only risk is if Log4J was implemented outside of the default product install source
Hexagon Luciad Lightspeed Unknown Not vuln The only risk is if Log4J was implemented outside of the default product install source
Hexagon M.App Enterprise standalone or with Luciad Fusion Unknown Not vuln source
Hexagon M.App Enterprise Unknown Investigation Might be vulnerable only when used with Geoprocessing Server source
Hitachi Energy all other products Investigation Meta-Advisory listing all known affected products, other are still unter investigation source
Hitachi Energy FOXMAN-UN < R11BSP1 Vulnerable source
Hitachi Energy FOXMAN-UN R15A, R14B, R14A, R11BSP1 Workaround source
Hitachi Energy UNEM < R11BSP1 Vulnerable source
Hitachi Energy UNEM R15A, R14B, R14A, R11BSP1 Workaround source
Hitachi Vantara Pentaho v8.3.x, v9.2.x Not vuln source
HostiFi Unifi hosting Unknown Fix Hosted Unifi solution source
HPE 3PAR Service Processor 5.x Vulnerable source
HPE 3PAR StoreServ Arrays Not vuln source
HPE AirWave Management Platform Not vuln source
HPE Alletra 6000 Not vuln source
HPE Alletra 9k Not vuln source
HPE Aruba Central Not vuln source
HPE Aruba ClearPass Policy Manager Not vuln source
HPE Aruba ClearPass Policy Manager Not vuln source
HPE Aruba Instant (IAP) Not vuln source
HPE Aruba Location Services Not vuln source
HPE Aruba NetEdit Not vuln source
HPE Aruba NetInsight Network Analytics All versions Vulnerable source
HPE ArubaOS-CX switches Not vuln source
HPE ArubaOS SD-WAN Controllers and Gateways Not vuln source
HPE ArubaOS-S switches Not vuln source
HPE ArubaOS Wi-Fi Controllers and Gateways Not vuln source
HPE Aruba PVOS Switches Not vuln source
HPE Aruba SDN VAN Controller Not vuln source
HPE Aruba User Experience Insight (UXI) Not vuln source
HPE Aruba VIA Client Not vuln source
HPE Authentication Server Function (AUSF) 1.2107.0, 1.2109.0 and 1.2112.0 Vulnerable source
HPE BladeSystem Onboard Administrator Not vuln source
HPE Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy Not vuln source
HPE Brocade 16Gb SAN Switch for HPE BladeSystem c-Class Not vuln source
HPE Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy Not vuln source
HPE Brocade Network Advisor Not vuln source
HPE CloudAuth Not vuln source
HPE CloudPhysics Not vuln source
HPE Compute Cloud Console Not vuln source
HPE Compute operations manager- FW UPDATE SERVICE (internal name olive) Not vuln source
HPE COS (Cray Operating System) Not vuln source
HPE Cray EX System Monitoring Application (SMA) All versions Vulnerable source
HPE Cray Systems Management (CSM) Not vuln source
HPE Cray View for ClusterStor 1.3.1 Vulnerable source
HPE Custom SPP Portal (https://spp.hpe.com/custom) Not vuln source
HPE Data Management Framework 7.x Vulnerable source
HPE Data Services Cloud Console Not vuln source
HPE Dragon 7.2 and 7.3 Vulnerable source
HPE Dynamic SIM Provisioning (DSP) DSP3.3, DSP3.1 and DSP3.4 Vulnerable source
HPE Device Entitlement Gateway (DEG) 5 Vulnerable source
HPE Edge Infrastructure Automation 2.0.x Vulnerable source
HPE enhanced Internet Usage Manager (eIUM) 10.6.3 Vulnerable source
HPE Ezmeral Container Platform 5.x Vulnerable source
HPE Ezmeral Container Platform Bluedata EPIC 3.x and 4.x Vulnerable source
HPE Ezmeral Data Fabric Core/Client v6.2.0; MCS v6.0.1, v6.1.0, v6.1.1 and v6.2.0; Installer v1.17.0.0 and older Vulnerable source
HPE Ezmeral Ecosystem Pack (EEP) Elastic Search v6.8.8 and older; Data Access Gateway (DAG) v2.x and older; Hive v2.3.x and older; HBase v1.4.13 and older; Kafka HDFS Connector v10.0.0 and older Vulnerable source
HPE General information HPE Investigation Security bulletins for affected products will be posted on HPE Support Center, as the results of the investigation become available in the near future. HPE products not listed below are either vulnerable or undergoing investigation. source
HPE Harmony Data Platform Not vuln source
HPE HOP public services (grafana, vault, rancher, Jenkins) Not vuln source
HPE HPE B-series SN2600B SAN Extension Switch Not vuln source
HPE HPE B-series SN4000B SAN Extension Switch Not vuln source
HPE HPE B-series SN6000B Fibre Channel Switch Not vuln source
HPE HPE B-series SN6500B Fibre Channel Switch Not vuln source
HPE HPE B-series SN6600B Fibre Channel Switch Not vuln source
HPE HPE B-series SN6650B Fibre Channel Switch Not vuln source
HPE HPE B-series SN6700B Fibre Channel Switch Not vuln source
HPE HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager Not vuln source
HPE HPE Infosight for Servers Not vuln source
HPE HPE OneView for VMware vRealize Operations (vROps) Not vuln source
HPE HPE OneView Global Dashboard Not vuln source
HPE HPE OneView Not vuln source
HPE HPE Performance Cluster Manager (HPCM) Not vuln source
HPE HPE Slingshot Not vuln source
HPE HPE SN3000B Fibre Channel Switch Not vuln source
HPE HPE SN8000B 4-Slot SAN Director Switch Not vuln source
HPE HPE SN8000B 8-Slot SAN Backbone Director Switch Not vuln source
HPE HPE SN8600B 4-Slot SAN Director Switch Not vuln source
HPE HPE SN8600B 8-Slot SAN Director Switch Not vuln source
HPE HPE SN8700B 4-Slot Director Switch Not vuln source
HPE HPE SN8700B 8-Slot Director Switch Not vuln source
HPE HPE Synergy Image Streamer Not vuln source
HPE HPE Systems Insight Manager (SIM) Not vuln source
HPE HPE Virtual Connect Enterprise Manager (VCEM) Not vuln source
HPE HPE Virtual Connect Not vuln source
HPE HPE Virtual Server Environment (VSE) Not vuln source
HPE Hyper Converged 250 System All versions Vulnerable source
HPE Hyper Converged 380 All versions Vulnerable source
HPE Infosight for Storage All versions Vulnerable source
HPE Insight Cluster Management Utility (CMU) Not vuln source
HPE Integrated Home Subscriber Server Software Series 4.0.x Vulnerable Only vulnerable when using the nHSS 4G/5G IWK function source
HPE Integrated Lights-Out 4 (iLO 4) Not vuln source
HPE Integrated Lights-Out 5 (iLO 5) Not vuln source
HPE Integrated Lights-Out (iLO) Amplifier Pack Not vuln source
HPE Integrity BL860c, BL870c, BL890c Not vuln source
HPE Integrity Superdome 2 Not vuln source
HPE Integrity Superdome X Not vuln source
HPE Intelligent Assurance All versions Vulnerable Only Analytics on Metrics is vulnerable source
HPE Intelligent Management Center (IMC) Standard and Enterprise 7.3 (E0706) and 7.3 (E0706P06) Vulnerable source
HPE Intelligent Provisioning Not vuln source
HPE iSUT integrated smart update tool Not vuln source
HPE Maven Artifacts (Atlas) Not vuln source
HPE Media Workflow Master (MWM) All versions Vulnerable source
HPE MSA Not vuln source
HPE NetEdit Not vuln source
HPE Network Function Virtualization Director (NFV Director) 5.1.x and 6.0.x Vulnerable source
HPE Nimble Storage Not vuln source
HPE NS-T0634-OSM CONSOLE TOOLS Not vuln source
HPE NS-T0977-SCHEMA VALIDATOR Not vuln source
HPE ntegrity Rx2800/Rx2900 Not vuln source
HPE OfficeConnect Not vuln source
HPE Primera Storage Not vuln source
HPE Real Time Management System (RTMS) 3.0.x and 3.1.x Vulnerable source
HPE Remote SIM Provisioning Manager (RSPM) 1.3.2 and 1.4.1 Vulnerable source
HPE RepoServer part of OPA (on Premises aggregator) Not vuln source
HPE Resource Aggregator for Open Distributed Infrastructure Management Not vuln source
HPE RESTful Interface Tool (iLOREST) Not vuln source
HPE Revenue Intelligence Software Series All versions Vulnerable source
HPE SANnav Management Software 2.0.0 and 2.1.1 Vulnerable source
HPE SAT (System Admin Toolkit) Not vuln source
HPE Scripting Tools for Windows PowerShell (HPEiLOCmdlets) Not vuln source
HPE Service Director (SD) All versions Vulnerable source
HPE SGI MC990 X Server Not vuln source
HPE SGI UV 2000 Server Not vuln source
HPE SGI UV 3000 Server Not vuln source
HPE SGI UV 300, 300H, 300RL, 30EX Not vuln source
HPE Shasta Monitoring Framework (SMF) All versions Vulnerable source
HPE Silver Peak Orchestrator Workaround source, workaround
HPE SimpliVity 325, 380 Gen9, 380 Gen10 and 2600 Gen10 All versions Vulnerable source
HPE SimpliVity OmniCube All versions Vulnerable source
HPE SN8700B 8-Slot Director Switch Not vuln source
HPE StoreEasy Not vuln source
HPE StoreEver CVTL Not vuln source
HPE StoreEver LTO Tape Drives Not vuln source
HPE StoreEver MSL Tape Libraries Not vuln source
HPE StoreOnce Not vuln source
HPE StoreServ Management Console (SSMC) All versions Vulnerable source
HPE SUM (Smart Update Manager) Not vuln source
HPE Superdome Flex 280 Not vuln source
HPE Superdome Flex Server Not vuln source
HPE Telecom Analytics Smart Profile Server (TASPS) All versions Vulnerable source
HPE Telecom Management Information Platform Software Series Vulnerable Only TeMIP Rest Server 8.3.2 and TMB 3.4.0 are vulnerable source
HPE Trueview Inventory Software Series 8.6.x and 8.7.x Vulnerable source
HPE UAN (User Access Node) Not vuln source
HPE Unified Data Management (UDM) 1.2107.0, 1.2109.0, 1.2109.1 and 1.2112.0 Vulnerable source
HPE Universal IoT (UioT) Platform All versions Vulnerable source
HPE Unstructured Data Storage Function (UDSF) 1.2108.0, 1.2110.0 and 1.2112.0 Vulnerable source
HPE User Data Repository (UDR) 1.2106.0, 1.2110.0 and 1.2112.0 Vulnerable source
HPE Virtual Headend Manager (vHM) All versions Vulnerable source
HPE XP Performance Advisor Software 7.5 through 8.4 Vulnerable source
Huawei All products Investigation source

I

Supplier Product Version (see Status) Status Notes Links
IBM All products Investigation source
IBM Business Automation Workflow 18.0.0+ Fix JR64456 / JR64096 source
IBM Cloud Object Storage All versions Fix Fix: 3.16.0.53 and 3.16.2.57 source
IBM Curam SPM 8.0.0, 7.0.11 Vulnerable source
IBM DB2 Server 11.5 Vulnerable source
IBM IBM Netezza Analytics for NPS All versions <= 11.2.21 Vulnerable Fix should be available from 14th Dec source
IBM IBM Netezza Analytics All versions <= 3.3.9 Vulnerable Fix should be available from 14th Dec source
IBM IBM Security Access Manager 9.0.7-ISS-ISAM-FP0002 Fix source
IBM IBM Security Access Manager 10.0.2-ISS-ISVA-FP0000 Fix source
IBM IBM MQ iFix 9.2-IBM-MQ-LinuxX64-LAIT39386 Fix source
IBM Power Hardware Management Console V10.1.1010.0,V9.2.950.0 Fix Fix: MH01913,MF69263 source
IBM Sterling Fulfillment Optimizer Unknown Vulnerable source
IBM Sterling Inventory Visibility Unknown Vulnerable source
IBM Sterling Order Management Unknown Not vuln source
IBM VM Manager Tool (part of License Metric Tool) >9.2.21,<9.2.26 Vulnerable source
IBM Websphere 8.5 Vulnerable fix: PH42728 source
IBM Websphere 9.0 Vulnerable fix: PH42728 source
IGEL Universal Management Suite Workaround source
iGrafix All Latest Fix source
Illumio C-VEN Not vuln source
Illumio CLI Not vuln source
Illumio CloudSecure Not vuln source
Illumio Core on-premise PCE Not vuln source
Illumio Core SaaS PCE Not vuln source
Illumio Edge SaaS PCE Not vuln source
Illumio Edge-CrowdStrike Not vuln source
Illumio Flowlink Not vuln source
Illumio Kubelink Not vuln source
Illumio NEN Not vuln source
Illumio QRadar App Not vuln source
Illumio Splunk App Not vuln source
Illumio VEN Not vuln source
Imprivata ConfirmID Not Vuln Link is behind a login source
Imprivata Cortext Not Vuln Link is behind a login source
Imprivata GroundControl Not Vuln Link is behind a login source
Imprivata Identity Governance Not Vuln Link is behind a login source
Imprivata Mobile Device Access Not Vuln Link is behind a login source
Imprivata OneSign Not Vuln Link is behind a login source
Imprivata PAM Fix Link is behind a login source
Imprivata PatientSecure Not Vuln Link is behind a login source
Inductive Automation Ignition All versions Not Vuln source
Influxdata All All versions Not Vuln source
Informatica Axon 7.2.x Workaround source
Informatica Data Privacy Management 10.5, 10.5.1 Workaround source
Informatica Information Deployment Manager Fix source
Informatica Metadata Manager 10.4, 10.4.1, 10.5, 10.5.1 Workaround source
Informatica PowerCenter 10.5.1 Workaround source
Informatica PowerExchange for CDC (Publisher) and Mainframe 10.5.1 Workaround source
Informatica Product 360 All versions Workaround source
Informatica Secure Agents (Cloud hosted) Unknown Fix Fixed agents may need to be restarted source
Infoblox All products All versions Not Vuln source
Infoland iQualify Not Vuln source
Infoland Zenya (iProva) Not Vuln source
INIT GmbH AppComm Not Vuln source source
INIT GmbH MOBILE-PERDIS Not Vuln source source
INIT GmbH Mobile Plan 4.22.x and 5.x Vulnerable source source
INIT GmbH WebComm Not Vuln source source
Intel Audio Development Kit Vulnerable source
Intel Datacenter Manager Vulnerable source
Intel oneAPI sample browser plugin for Eclipse Vulnerable source
Intel System Debugger Vulnerable source
Intel Secure Device Onboard Vulnerable source
InterSystems API Manager Not Vuln source
InterSystems Atelier Integration Not Vuln source
InterSystems Cache Not Vuln source
InterSystems Ensemble Investigation source
InterSystems FHIR Accelerator Not Vuln source
InterSystems HealthShare Care Community Not Vuln source
InterSystems HealthShare Clinical Viewer 2019.2 to 2021.1 Not Vuln source
InterSystems HealthShare Health Connect Investigation source
InterSystems HealthShare Health Insight Not Vuln source
InterSystems HealthShare Message Transformation Service Not Vuln source
InterSystems HealthShare Patient Index Not Vuln source
InterSystems HealthShare Personal Community Not Vuln source
InterSystems HealthShare Provider Directory Not Vuln source
InterSystems HealthShare Unified Care Record Not Vuln source
InterSystems Health Integration as a Service Investigation source
InterSystems InterSystems Cloud Manager Not Vuln source
InterSystems IRIS Not Vuln source
InterSystems IRIS for Health Investigation source
InterSystems ISC Reports Vulnerable source
InterSystems TrakCare Core Vulnerable source
InterSystems TrakCare Editions Investigation source
InterSystems TrakCare Lab Investigation source
InterSystems VS Code Integration Not Vuln source
IronNet All products All verisons Investigation source
ISL Online All products All versions Not Vuln source
ISPNext All products All versions Not Vuln source
Ivanti Avalache 6.3.[0-3] Fix Information behind login source
Ivanti Core Connector All versions Workaround Information behind login source
Ivanti File Director All versions Workaround Information behind login source
Ivanti MobileIron Core All versions Workaround Information behind login source
Ivanti MobileIron Sentry 9.13, 9.14 Workaround Information behind login source

J

Supplier Product Version (see Status) Status Notes Links
JFrog all products Not Vuln source
Jamf Nation Jamf Cloud Unknown Fix source
Jamf Nation Jamf Pro (hosted on-prem) < 10.34.1 See notes <10.14 vulnerable, 10.14-10.34 patch, >= 10.34.1 fix source
Jamf Nation Health Care Listener Unknown Not Vuln source
Jamf Nation Jamf Connect Unknown Not Vuln source
Jamf Nation Jamf Data Policy Unknown Not Vuln source
Jamf Nation Jamf Infrastructure Manager Unknown Not Vuln source
Jamf Nation Jamf Now Unknown Not Vuln source
Jamf Nation Jamf Private Access Unknown Not Vuln source
Jamf Nation Jamf Protect Unknown Not Vuln source
Jamf Nation Jamf School Unknown Not Vuln source
Jamf Nation Jamf Threat Defense Unknown Not Vuln source
Jazz/IBM JazzSM DASH Unknown See notes DASH on WebSphere Application Server requires mitigations source
Jenkins Jenkins CI Unknown Not Vuln Invidivual plugins not developed as part of Jenkins core may be vulnerable. source
JetBrains IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, Rider, RubyMine, WebStorm) Unknown Not vuln source
JetBrains All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, dotCover, dotPeek) Unknown Not vuln source
JetBrains ToolBox Unknown Not vuln source
JetBrains TeamCity Unknown Not vuln source
JetBrains Hub 2021.1.14080 Fix source
JetBrains YouTrack Standalone 2021.4.35970 Fix source
JetBrains YouTrack InCloud Unknown Fix source
JetBrains Datalore Unknown Not vuln source
JetBrains Space Unknown Not vuln source
JetBrains Code With Me Unknown Fix source
JetBrains Gateway Unknown Not vuln source
JetBrains Kotlin Unknown Not vuln source
JetBrains Ktor Unknown Not vuln source
JetBrains MPS Unknown Not vuln source
JetBrains Floating license server 30211 Fix source
JetBrains UpSource 2020.1.1952 Fix source
JGraph DrawIO All Not vuln source
Jitsi jitsi-videobridge v2.1-595-g3637fda42 Fix source
jPOS (ISO-8583) bridge Unknown Not Vuln source
Juniper Networks Cross Provisioning Platform Unspecified Under investigation source
Juniper Networks JSA Series Unspecified Under investigation source
Juniper Networks Juniper Networks Advanced Threat Prevention (JATP) Unspecified Not Vuln source
Juniper Networks Juniper Networks AppFormix Unspecified Not Vuln source
Juniper Networks Juniper Networks Apstra System Unspecified Not Vuln source
Juniper Networks Juniper Networks CTPOS and CTPView Unspecified Not Vuln source
Juniper Networks Juniper Networks Connectivity Services Director Unspecified Not Vuln source
Juniper Networks Juniper Networks Contrail products: Contrail Analytics, Contrail Cloud, Contrail Networking or Contrail Service Orchestration Unspecified Not Vuln source
Juniper Networks Juniper Networks ICEAAA Manager Unspecified Not Vuln source
Juniper Networks Juniper Networks JATP Cloud Unspecified Not Vuln source
Juniper Networks Juniper Networks Juniper Identity Management Services (JIMS) Unspecified Not Vuln source
Juniper Networks Juniper Networks Juniper Mist Edge Unspecified Not Vuln source
Juniper Networks Juniper Networks Juniper Sky Enterprise Unspecified Not Vuln source
Juniper Networks Juniper Networks Junos OS Evolved Unspecified Not Vuln source
Juniper Networks Juniper Networks Junos OS Unspecified Not Vuln source
Juniper Networks Juniper Networks Mist Access Points Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63. Not Vuln source
Juniper Networks Juniper Networks Network Director Unspecified Not Vuln source
Juniper Networks Juniper Networks Policy Enforcer Unspecified Not Vuln source
Juniper Networks Juniper Networks ScreenOS Unspecified Not Vuln source
Juniper Networks Juniper Networks SecIntel Unspecified Not Vuln source
Juniper Networks Juniper Networks Security Director Insights Unspecified Not Vuln source
Juniper Networks Juniper Networks Security Director Unspecified Not Vuln source
Juniper Networks Juniper Networks Session Smart Router (Formerly 128T) Unspecified Not Vuln source
Juniper Networks Juniper Networks Space SDK Unspecified Not Vuln source
Juniper Networks Juniper Networks Standalone Log Collector 20.1 (as also used by Space Security Director) Unspecified Not Vuln source
Juniper Networks Juniper Networks products using Wind River Linux in Junos OS and Junos OS Evolved Unspecified Not Vuln source
Juniper Networks Junos Space Network Management Platform Unspecified Vulnerable Only when OpenNMS has been enabled. source
Juniper Networks MIST: Juniper Networks Marvis Virtual Network Assistant (VNA) Unspecified Not Vuln source
Juniper Networks MIST: Juniper Networks Mist AI Unspecified Not Vuln source
Juniper Networks MIST: Juniper Networks Paragon Active Assurance Unspecified Not Vuln source
Juniper Networks MIST: Juniper Networks WAN Assurance Unspecified Not Vuln source
Juniper Networks MIST: Juniper Networks Wi-Fi Assurance Unspecified Not Vuln source
Juniper Networks MIST: Juniper Networks Wired Assurance Unspecified Not Vuln source
Juniper Networks Northstar Controller Unspecified Vulnerable source
Juniper Networks Northstar Planner Unspecified Under investigation source
Juniper Networks Paragon Insights >= 21 version 21.1 ; >= 22 version 22.2 Vulnerable source
Juniper Networks Paragon Pathfinder >= 21 version 21.1 ; >= 22 version 22.2 Vulnerable source
Juniper Networks Paragon Planner >= 21 version 21.1 ; >= 22 version 22.2 Vulnerable source
Juniper Networks Secure Analytics Unspecified Under investigation source
Juniper Networks User Engagement Virtual BLE Unspecified Not Vuln source

K

Supplier Product Version (see Status) Status Notes Links
Kaseya AuthAnvil Unknown Not Vuln source
Kaseya BMS Unknown Not Vuln source
Kaseya ID Agent DarkWeb ID and BullPhish ID Unknown Not Vuln source
Kaseya IT Glue Unknown Not Vuln source
Kaseya MyGlue Unknown Not Vuln source
Kaseya Network Glue Unknown Not Vuln source
Kaseya Passly Unknown Not Vuln source
Kaseya RocketCyber Unknown Not Vuln source
Kaseya Spannign Salesforce Backup Unknown Not Vuln source
Kaseya Spanning O365 Backup Unknown Not Vuln source
Kaseya Unitrends Unknown Not Vuln source
Kaseya VSA SaaS and VSA On-Premises Unknown Not Vuln source
Kaseya Vorex Unknown Not Vuln source
Kaseya products not listed above Unknown Investigation source
Keeper SSO Connect On-Prem 16.0.2 Fix source, source
Keycloak Keycloak all version Not Vuln source
Kofax Robotic Process Automation (RPA) 11.1 Workaround source
Kofax Robotic Process Automation (RPA) 11.2 Workaround source
Kofax Robot File System (RFS) >=10.7 Workaround source

L

Supplier Product Version (see Status) Status Notes Links
Lancom Systems All products All versions Not Vuln source
Lansweeper All products All versions Not Vuln source
LastPass Other products Not Vuln source
LastPass LastPass MFA Fix Universal Proxy on Windows with Debug logging enabled are highly recommended to update to the newest version of the Universal Proxy 3.0.2 or 4.1.2 source
LeanIX All products All versions Fix source
Lenovo Any 5594 UPS unit Not vuln source
Lenovo Any 5595 UPS unit Not vuln source
Lenovo BIOS/UEFI Not vuln source
Lenovo Chassis Management Module 2 (CMM) Not vuln source
Lenovo Commercial Vantage Not vuln source
Lenovo Confluent Not vuln source
Lenovo CP6000 (ThinkAgile) Vulnerable source
Lenovo CP-CB-10E (Lenovo) Vulnerable source
Lenovo CP-CB-10 (Lenovo) Vulnerable source
Lenovo CP-CN-10E (ThinkAgile) Vulnerable source
Lenovo CP-CN-10 (ThinkAgile) Vulnerable source
Lenovo CP-I-10 (ThinkAgile) Vulnerable source
Lenovo CP-SB-D20E (ThinkAgile) Vulnerable source
Lenovo CP-SB-D20E (ThinkAgile) Vulnerable source
Lenovo CP-SB-D20 (ThinkAgile) Vulnerable source
Lenovo DM120S (ThinkSystem) Vulnerable source
Lenovo DM240N (ThinkSystem) Vulnerable source
Lenovo DM240S (ThinkSystem) Vulnerable source
Lenovo DM3000H (ThinkSystem) Vulnerable source
Lenovo DM5000F (ThinkSystem) Vulnerable source
Lenovo DM5000H (ThinkSystem) Vulnerable source
Lenovo DM5100F (ThinkSystem) Vulnerable source
Lenovo DM600S (ThinkSystem) Vulnerable source
Lenovo DM7000F (ThinkSystem) Vulnerable source
Lenovo DM7000H (ThinkSystem) Vulnerable source
Lenovo DM7100F (ThinkSystem) Vulnerable source
Lenovo DM7100H (ThinkSystem) Vulnerable source
Lenovo Eaton UPS Network Management Card (NMC) Not vuln source
Lenovo Eaton UPS Network Management Card (NMC) Not vuln source
Lenovo Fan Power Controller2 (FPC2) Not vuln source
Lenovo Fan Power Controller (FPC) Not vuln source
Lenovo IBM Advanced Management Module (AMM) Not vuln source
Lenovo IBM Advanced Management Module (AMM) Not vuln source
Lenovo Lenovo Cloud Deploy Not vuln source
Lenovo Lenovo Device Intelligence (LDI) Not vuln source
Lenovo Lenovo DSS-G Vulnerable source
Lenovo Lenovo Dynamic System Analysis (DSA) Not vuln source
Lenovo Lenovo Dynamic System Analysis (DSA) Not vuln source
Lenovo Lenovo Dynamic System Analysis (DSA) Not vuln source
Lenovo Lenovo Thin Installer Not vuln source
Lenovo Lenovo ThinkSystem Digital 2x1x16 KVM Switch, 1754-D1T Not vuln source
Lenovo Lenovo Update Retriever Not vuln source
Lenovo Lenovo Update Retriever Not vuln source
Lenovo Lenovo Vantage Not vuln source
Lenovo Lenovo XClarity Administrator Vulnerable source
Lenovo Lenovo XClarity Controller (XCC) Not vuln source
Lenovo Lenovo XClarity Energy Manager Vulnerable source
Lenovo Lenovo XClarity Essentials (LXCE) Not vuln source
Lenovo Lenovo XClarity Integrator (LXCI) for Microsoft System Center Not vuln source
Lenovo Lenovo xClarity Integrator Vulnerable source
Lenovo Lenovo XClarity Mobile (LXCM) Not vuln source
Lenovo Lenovo XClarity Mobile (LXCM) Not vuln source
Lenovo Lenovo XClarity Orchestrator (LXCO) Not vuln source
Lenovo Lenovo XClarity Provisioning Manager (LXPM) Not vuln source
Lenovo Network Switches Not vuln Lenovo CNOS, Lenovo ENOS, IBM ENOS, Brocade FOS source
Lenovo P920 Rack Workstation Vulnerable source
Lenovo SR530 (ThinkSystem) Vulnerable source
Lenovo SR550 (ThinkSystem) Vulnerable source
Lenovo SR570 (ThinkSystem) Vulnerable source
Lenovo SR590 (ThinkSystem) Vulnerable source
Lenovo SR630 (ThinkSystem) Vulnerable source
Lenovo SR630 V2 (ThinkSystem) Vulnerable source
Lenovo SR645 (ThinkSystem) Vulnerable source
Lenovo SR650 (ThinkSystem) Vulnerable source
Lenovo SR650 V2 (ThinkSystem) Vulnerable source
Lenovo SR665 (ThinkSystem) Vulnerable source
Lenovo SR850 V2 (ThinkSystem) Vulnerable source
Lenovo SR860 V2 (ThinkSystem) Vulnerable source
Lenovo ST550 (ThinkSystem) Vulnerable source
Lenovo ST558 (ThinkSystem) Vulnerable source
Lenovo System Management Module (SMM) Not vuln source
Lenovo System Management Module (SMM) Not vuln source
Lenovo ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T Not vuln source
Lenovo ThinkSystem DE Series Storage Not vuln source
Lenovo ThinkSystem DM Series Storage Not vuln source
Lenovo ThinkSystem DS Series Storage Not vuln source
Lenovo ThinkSystem Manager (TSM) Not vuln source
Lightbend Akka Unknown Not Vuln source
Lightbend Akka Serverless Unknown Not Vuln source
Lightbend Lagom Framework Unknown Not Vuln by default Users that switched from logback to log4j are affected source
Lightbend Play Framework Unknown Not Vuln by default Users that switched from logback to log4j are affected source
Liongard All products Unknown Investigation source
LiquidFiles LiquidFiles All versions Not vuln source
LiveAction LiveNX <21.5.1 Fix source
LiveAction LiveNA <21.5.1 Fix source
LogZilla NEO All versions Not vuln LogZilla's engine is C++
LogicMonitor LogicMonitor SaaS Platform Unknown Fix Automatic update before 13th December source
Lyrasis DSpace 7.x Fix/Workaround source
The Linux Foundation StackStorm (ST2) All versions Not vuln source
The Linux Foundation XCP-ng All versions Not vuln source
LucaNet LucaNet 12 LTS - 1911.0.192+3, 13 LTS - 2011.0.112+7, 22 LTS - 2111.0.11+9 Fix source

M

Supplier Product Version (see Status) Status Notes Links
MISP MISP All Not vuln source
MONARC MONARC All Not vuln source
MailStore MailStore all Not Vuln source
Mailcow Mailcow Solr Docker < 1.8 Fix source
ManageEngine ADAudit Plus Unknown Investigation Workaround source
ManageEngine ADManager Plus Unknown Investigation Mitigation: set -Dlog4j2.formatMsgNoLookups=true in jvm.options. source
ManageEngine Desktop Central Unknown Not Vuln source
ManageEngine EventLog Analyzer Unknown Workaround source
Mathworks MATLAB All Not Vuln source
Mattermost Mattermost Not Vuln source
McAfee Data Exchange Layer (DXL) Unknown Not Vuln source
McAfee Enterprise Security Manager (ESM) 11.x Workaround source
McAfee McAfee Active Response (MAR) Unknown Not Vuln Standalone MAR not vulnerable, for MAR included in bundle see TIE source
McAfee Network Security Manager (NSM) Unknown Not Vuln source
McAfee Network Security Platform (NSP) Unknown Not Vuln source
McAfee Threat Intelligence Exchange (TIE) 2.2, 2.3, 3.0 Workaround source
McAfee ePolicy Orchestrator Agent Handlers (ePO-AH) Unknown Not Vuln source
McAfee ePolicy Orchestrator Application Server (ePO) 5.10 CU11 Workaround source
McAfee ePolicy Orchestrator Application Server (ePO) <= 5.10 CU10 Not Vuln source
Meinberg LANTIME all Not Vuln source
Meinberg microSync all Not Vuln source
Memurai All products Not Vuln source
messageconcept PeopleSync All Not vuln source
Metabase Metabase <0.41.4 Fix Mitigations available for earlier versions source
Micro Focus ArcSight ESM 7.2, 7.5 Vulnerable source
Micro Focus ArcSight Logger 7.2 and above Vulnerable source
Micro Focus ArcSight Recon All Versions Vulnerable source
Micro Focus ArcSight Intelligence All Versions Vulnerable source
Micro Focus ArcSight Connectors 8.2 and above Vulnerable source
Micro Focus ArcSight Transformation Hub All Versions Vulnerable source
Microsoft Azure AD Unknown Not Vuln ADFS itself is not vulnerable, federation providers may be source
Microsoft Azure App Service Unknown Not Vuln This product itself is not vulnerable, Microsoft provides guidance on remediation for hosted applications source
Microsoft Azure Application Gateway Unknown Not Vuln source
Microsoft Azure Data Lake Store Java < 2.3.10 Not vuln Fix has been made to upgrade log4j-core. But this dependency has scope 'test' meaning it is not part of the final product/artifact. So there's no risk for end users here. source
Microsoft Azure DevOps Not Vuln source
Microsoft Azure DevOps Server 2019-2020.1 Vulnerable When Azure DevOps Server Search is configured. Uses Elasticsearch OSS 6.2.4 (vulnerable) see Elasticsearch above for mitigation source
Microsoft Azure Front Door Unknown Not Vuln source
Microsoft Azure WAF Unknown Not Vuln source
Microsoft Kafka Connect for Azure Cosmo DB < 1.2.1 Fix source
Microsoft Team Foundation Server 2018.2+ Vulnerable When Team Foundation Server Search is configured. Uses Elasticsearch OSS 5.4.1 (vulnerable) see Elasticsearch above for mitigation source
Milestone VMS Unknown Not vuln source
Minecraft Java edition <1.18.1 Fix Mitigations available for earlier versions source
Mirantis Mirantis Container Runtime All Not vuln source
Mirantis Mirantis Kubernetes Engine All Not vuln source
Mirantis Mirantis Secure Registry All Not vuln source
Mirantis Mirantis Container Cloud All Not vuln source
Mirantis Mirantis OpenStack All Not vuln source
Mirantis Lens All Not vuln source
Mirantis K0s All Not vuln source
Mitel MiCollab prior to and 9.4 Fix source
Mitel MiContact Center Enterprise All Not vuln source
Mitel MiContact Center Business All Not vuln source
Mitel Mitel CMG Suite All Investigation source
Mitel Mitel InAttend All Investigation source
Mitel Mitel Interaction Recording (MIR) 6.3 to 6.7 Fix see SA211213-17 source
Mitel Mitel Management Gateway All Not vuln source
Mitel Mitel Management Portal All Investigation source
Mitel Mitel Mobility Router All Not vuln source
Mitel Mitel Performance Analytics Server and Probe All Investigation source
Mitel Mitel Standard Linux (MSL) All Not vuln source
Mitel Mitel Virtual Reception All Investigation source
Mitel MiVoice 5000 All Not vuln source
Mitel MiVoice Border Gateway All Not vuln source
Mitel MiVoice Business All (excluding EX) Not vuln source
Mitel MiVoice Business EX and MiConfig Wizard 9.2 only Fix source
Mitel MiVoice Call Recording All Investigation source
Mitel MiVoice Connect All Not vuln source
Mitel MiVoice MX-ONE 7.4 only Fix source
Mitel MiVoice Office 400 All Not vuln source
Mitel Open Integration Gateway (OIG) All Investigation source
MongoDB Atlas Search Unknown Fix Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered. source
MongoDB Atlas Unknown Not vuln Including Atlas Database, Data Lake, Charts source
MongoDB Community Edition Unknown Not vuln Including Community Server, Cloud Manager, Community Kubernetes Operators. source
MongoDB Drivers Unknown Not vuln source
MongoDB Enterprise Advanced Unknown Not vuln Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators. source
MongoDB Realm Unknown Not vuln including Realm Database, Sync, Functions, APIs source
MongoDB Tools Unknown Not vuln Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors source
Moodle Moodle All Not vuln source
Moxa All All Not vuln source

N

Supplier Product Version (See Status) Status Notes Links
N-able Backup Unknown Not Vuln source
N-able Mail Assure Unknown Not Vuln source
N-able MSP Manager Unknown Not Vuln source
N-able N-central Unknown Not Vuln source
N-able Passportal Unknown Not Vuln source
N-able Risk Intelligence Unknown Vulnerable source
N-able RMM Unknown Fix source
N-able Take Control Unknown Not Vuln source
Nagios Nagios Core Unknown Not Vuln source
Nagios Nagios XI Unknown Not Vuln source
Nagios Nagios Log Server Unknown Not Vuln source
Nakivo Nakivo Backup & Replication Unknown Workaround manual fix by removing JndiLookup.class located in libs\log4j-core-2.2.jar. source source
Nelson Nelson 0.16.185 Vulnerable Workaround is available, but not released yet. source
Neo4j Neo4j >=4.2.12, >=4.3.8, >=4.4.1 Fix source, source_fix
NetApp Brocade SAN Naviator Unknown Vulnerable source
NetApp Cloud Insights Acquisition Unit Unknown Vulnerable source
NetApp Cloud Manager Unknown Vulnerable source
NetApp Cloud Secure Unknown Vulnerable source
NetApp Element Plug-in for vCenter Server Unknown Not Vuln source
NetApp Management Services for Element Software and NetApp HCI Unknown Not Vuln source
NetApp NetApp HCI Compute Node Unknown Not Vuln source
NetApp NetApp SolidFire, Enterprise SDS & HCI Storage Unknown Not Vuln source
NetApp NetApp SolidFire & HCI Management Node Unknown Not Vuln source
NetApp NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO) Unknown Not Vuln source
NetApp NetApp SolidFireStorage Replication Adapter Unknown Not Vuln source
NetApp ONTAP Tools for VMware vSphere Unknown Vulnerable source
NetApp OnCommand Insight Unknown Vulnerable source
NetApp SnapCenter Plug-in for VMware vSphere Unknown Workaround source
NetCore Unimus 2.1.4 Fix source
Netflix atlas 1.6.6 Workaround source
Netflix dgs-framework < 4.9.11 Fix fix
Netflix spectator < 1.0.9 Fix fix
Netflix zuul Unknown Workaround source
Netgate pfSense All Not vuln source
NetIQ Access Manager >= 4.5.x & >= 5.0.x Workaround source
NetIQ Advanced Authentication >= 6.x Workaround source
NetIQ eDirectory >= 9.2.x Not vuln source
NetIQ Identity Manager >= 4.7.x & >= 4.8.x Not vuln source
NetIQ iManager >= 3.2.x Not vuln source
Netwrix Netwrix Auditor Not vuln source
New Relic Containerized Private Minion (CPM) 3.0.55 Fix source
New Relic Java Agent 6.5.1 & 7.4.1 Fix source
NextCloud All products Not vuln Invidivual plugins not developed as part of Nextcloud core may be vulnerable. source
NextGen Healthcare Mirth Unknown Not Vuln source
Nomachine All products All versions Not vuln source
NSA Ghidra < 10.1 Fix source, fix
Nutanix General Guidance Nutanix updating Security Advisory #23 multiple times per day, please check source link for absolute latest status source
Nutanix AHV All supported versions Not vuln source
Nutanix AOS (CE) All supported versions Not vuln source
Nutanix AOS (LTS) All supported versions Not vuln source
Nutanix AOS (STS) All supported versions Workaround Non exploitable dormant code present, Patch 6.0.2.4 will remove dormant code source
Nutanix Beam SaaS Not vuln WAF updated to block exploit, backend patch pending source
Nutanix Calm On-Prem Investigation source
Nutanix Calm SaaS Not vuln WAF updated to block exploit, backend patch pending source
Nutanix Data Lens SaaS Not vuln WAF updated to block exploit, backend not vuln source
Nutanix Era All supported versions Not vuln source
Nutanix File Analytics All supported versions Investigation source
Nutanix Files All supported versions Not vuln source
Nutanix Flow All supported versions Not vuln source
Nutanix Flow Security Central SaaS Fix WAF updated to block exploit, backend production patched source
Nutanix Foundation All supported versions Not vuln source
Nutanix Frame SaaS GovCloud Not vuln WAF updated to block exploit, backend patch pending source
Nutanix Frame SaaS Public Fix WAF updated to block exploit, backend production patched source
Nutanix Insights SaaS Not vuln WAF updated to block exploit, backend patch pending source
Nutanix Karbon On-Prem Investigation source
Nutanix Karbon SaaS Not vuln WAF updated to block exploit, backend patch pending source
Nutanix LCM All supported versions Not vuln source
Nutanix Leap SaaS Not vuln WAF updated to block exploit, backend patch pending source
Nutanix Mine All supported versions Investigation source
Nutanix Move All supported versions Not vuln source
Nutanix MSP All supported versions Investigation source
Nutanix NCC All supported versions Not vuln source
Nutanix Objects All supported versions Investigation source
Nutanix Prism Central All supported versions Vulnerable Patch 2021.9.0.3 pending source
Nutanix Sizer SaaS Fix WAF updated to block exploit, backend production patched source
Nutanix Volumes All supported versions Not vuln source
Nutanix X-Ray All supported versions Not vuln source
NVIDIA DGX systems DGX OS 4 and DGX OS 5 Fix source
NVIDIA vGPU software license server 2021.7 and 2020.5 Update 1 Workaround source
NXLog NXLog Manager 5.x Not Vuln source

O

Supplier Product Version (see Status) Status Notes Links
Obsidian Dynamics kafdrop all Investigation source
OCLC all all Fix source
Ogest all all Not vuln source
Okta Access Gateway Unknown Not Vuln source
Okta AD Agent Unknown Not Vuln source
Okta Advanced Server Access Unknown Not Vuln source
Okta Browser Plugin Unknown Not Vuln source
Okta IWA Web Agent Unknown Not Vuln source
Okta LDAP Agent Unknown Not Vuln source
Okta Mobile Unknown Not Vuln source
Okta On-Prem MFA Agent <1.4.6 Fix source, fix
Okta Radius Server Agent 2.17.0 Fix source/fix
Okta Verify Unknown Not Vuln source
Okta Workflow Unknown Not Vuln source
OneSpan Authentication Appliance Unknown Vulnerable Fix availability will be announced soon source
OneSpan Authentication Server Unknown Vulnerable Fix availability will be announced soon source
OneSpan Digipass Gateway Unknown Vulnerable Fix availability will be announced soon source
OneSpan OneSpan Sign Unknown Vulnerable Fix availability will be announced soon source
OneSpan Mobile Security Suite 4.31.1 Fix source
openHAB openHAB 3.0.4, 3.1.1 Fix source
OpenMRS Talk 2.4.0-2.4.1 Vulnerable Mitigations are available, pending a new release source
OpenNMS Horizon (including derived Sentinels) < 29.0.3 Fix Workarounds are available too for earlier versions source
OpenNMS Meridian (including derived Minions and Sentinels) < 2021.1.8, 2020.1.15, 2019.1.27 Fix Workarounds are available too for earlier versions source
OpenNMS Minion appliance Unknown Fix source
OpenNMS PoweredBy OpenNMS Unknown Workaround source
OpenSearch OpenSearch < 1.2.1 Fix source
OpenVPN All products Not vuln source
Oracle Database Unknown Not Vuln source, Support note 2827611.1
Oracle Fusion Middleware 12.2.1.3.0 to 12.2.1.4.0 Fix source, Support note 209768.1, Support note 2827611.1, MOS note 2827793.1
Oracle NoSQL Database Unknown Not Vuln source, Support note 2827611.1
Oracle Forms Unknown Not Vuln source, Support note 2827611.1
Oracle Golden Gate Unknown Not Vuln source, Support note 2827611.1
Oracle Oracle Access Manager Unknown Not Vuln source, Support note 2827611.1
Oracle Oracle Data Integrator (ODI) >= 12.2.1.3.210119, Marketplace - >= 2.1.0 Workaround Patch Available, Support Note 2827793.1 source, Support note 2827611.1, Support Note 2827793.1
Oracle Oracle eBusiness Suite Unknown Workaround MOS note 2827804.1 source, Support note 2827611.1
Oracle Oracle Enterprise Manager Unknown Not Vuln source, Support note 209768.1, Support note 2827611.1
Oracle Oracle Enterprise Repository Unknown Workaround Mitigation, Support Note 2827793.1 source, Support note 2827611.1, Support Note 2827793.1
Oracle Oracle HTTP Server Unknown Not Vuln source, Support note 209768.1, Support note 2827611.1
Oracle Oracle Internet Directory Unknown Not Vuln source, Support note 209768.1, Support note 2827611.1
Oracle Oracle JDeveloper Unknown Workaround Mitigation Available, Support Note 2827793.1 source, Support note 2827611.1, Support Note 2827793.1
Oracle Oracle Policy Automation (OPA) Unknown Fix source, Support note 2827611.1, MOS note 33660673
Oracle Oracle SOA Suite Unknown Not Vuln source, Support note 2827611.1
Oracle Oracle VM VirtualBox Unknown Not Vuln source, Support note 2827611.1
Oracle Oracle WebCenter Portal 12.2.1.3 & 12.2.1.4 Workaround MOS note 2827977.1 using Elasticsearch which uses Log4j 2.X jars source, Support note 2827611.1
Oracle Oracle WebCenter Sites Unknown Workaround Mitigation Available, Support Note 2827793.1 source, Support note 2827611.1, Support Note 2827793.1
Oracle Oracle WebLogic Server 12.2.1.3.0 to 14.1.1.0.0 Fix source, Support note 209768.1, Support note 2827611.1, MOS Note 2827793.1
OTRS All products Not Vuln source
OWASP ZAP < 2.11.1 Fix source
Owncloud All Products Unknown Not Vuln source
OVHCloud Logs Data Platform Fix source
OVHCloud Hosted Private Cloud powered by VMware Vuln Deploying the workarounds provided by VMWare source
OVHCloud ML serving Fix source
OVHCloud OVHcloud Internal Systems Fix & Under Investigation source

P

Supplier Product Version (see Status) Status Notes Links
Paessler PRTG Not vuln source
PagerDuty Rundeck 3.3+ Fix source, fix
Palo Alto Bridgecrew Not Vuln source
Palo Alto CloudGenix Not Vuln source
Palo Alto Cortex XDR Agent Not Vuln source
Palo Alto Cortex XSOAR Not Vuln source
Palo Alto GlobalProtect App Not Vuln source
Palo Alto PAN-OS for Panorama 9.0., 9.1., 10.0.* Vulnerable Unaffected 8.1., 10.1. source
Palo Alto PAN-OS for Firewall and Wildfire Not Vuln source
Palo Alto Prisma Cloud Compute Not Vuln source
Palo Alto Prisma Cloud Not Vuln source
Palo Alto WildFire Appliance Not Vuln source
PaperCut PaperCut Hive Not vuln source
PaperCut PaperCut MF >= 21.0 Workaround source
PaperCut PaperCut MobilityPrint Not vuln source
PaperCut PaperCut MultiVerse Not vuln source
PaperCut PaperCut NG >= 21.0 Workaround source
PaperCut PaperCut Online Services Not vuln source
PaperCut PaperCut Pocket Not vuln source
PaperCut PaperCut Print Logger Not vuln source
PaperCut PaperCut Views Not vuln source
Parallels Remote Application Server All versions Not Vuln source
Pega Pega Platform On Prem Fix source
Pexip Endpoint Activation all Not vuln source
Pexip Eptools all Not vuln source
Pexip Infinity all Not vuln source
Pexip Infinity Connect client all Not vuln source
Pexip Microsoft Teams Connector all Not vuln source
Pexip My Meeting Video all Not vuln source
Pexip Pexip Service all Fix source
Pexip Reverse Proxy and TURN Server all Not vuln source
Pexip VMR self-service portal all Not vuln source
Philips IntelliBridge Enterprise B.13 and B.15 Vuln Software only products with customer owned Operating Systems. For products solutions where the server was provided it is customer responsibility to validate and deploy patches. source
Philips IntelliSite Pathology Solution 5.1 L1 Vuln source
Philips IntelliSpace PACS Workaround Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers. source
Philips IntelliSpace Precision Medicine Vuln Software only products with customer owned Operating Systems. For products solutions where the server was provided it is customer responsibility to validate and deploy patches. source
Philips Pathology De-identifier 1.0 L1 Vuln source
Philips Performance Bridge 3.0 Vuln Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. source
Philips Pinnacle 18.x Vuln source
Philips Protocol Applications 1.1 Vuln Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. source
Philips RIS Clinic Vuln source
Philips Scanner Protocol Manager 1.1 Vuln Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. source
Philips Tasy EMR Vuln Software only products with customer owned Operating Systems. For products solutions where the server was provided it is customer responsibility to validate and deploy patches. source
Philips Universal Data Manager (UDM) 1.x,2.1.x,2.2.x,3.1.x Workaround Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers. source
Philips VuePACS Vuln source
Phoenix Contact Cloud Services Vulnerable Remediations are being implemented source
Phoenix Contact Physical products containing firmware Not vuln source
Phoenix Contact Software products Not vuln source
Planon Software Planon Universe all Not vuln source
Plex Industrial IoT Not vuln Mitigation already applied, patch will be issued today source
Plex Media Server Not vuln source
Polycom Poly Clariti Core/Edge (a.k.a. DMA/CCE) 9.0 and above Fix source
Polycom Poly Clariti Relay version 1.x 1.0.2 Fix source
Polycom Poly RealConnect for Microsoft Teams and Skype for Business Workaround source
Polycom Cloud Relay (OTD and RealConnect hybrid use case) Investigation source
Polycom RealAccess Workaround source
Portex Portex <3.0.2 Fix source
Postgres PostgreSQL JDBC Not vuln source
PowerDNS dnsdist Not vuln source
PowerDNS PowerDNS Authoritative Not vuln source
PowerDNS PowerDNS Recursor Not vuln source
Progress DataDirect Hybrid Data Pipeline Workaround source, mitigations
Progress OpenEdge Workaround source, mitigations
Proxmox Backup Server Not vuln source
Proxmox Mail Gateway Not vuln source
Proxmox VE Not vuln source
PTV Arrival Board / Trip Creator / EM Portal PTV Arrival Board / Trip Creator / EM Portal Unknown Investigation source
PTV Balance and PTV Epics PTV Balance and PTV Epics Unknown Not vuln source
PTV Developer PTV Developer Unknown Fix source
PTV Drive&Arrive App PTV Drive&Arrive App Unknown Not vuln source
PTV Drive&Arrive PTV Drive&Arrive Unknown Investigation source
PTV Hyperpath PTV Hyperpath Unknown Not vuln source
PTV MaaS Modeller PTV MaaS Modeller Unknown Vulnerable source
PTV Map&Guide internet PTV Map&Guide internet Unknown Not vuln source
PTV Map&Guide intranet PTV Map&Guide intranet Unknown Not vuln source
PTV Map&Market PTV Map&Market Unknown Investigation source
PTV Navigator App PTV Navigator App Unknown Not vuln source
PTV Navigator Licence Manager PTV Navigator Licence Manager Unknown Not vuln source
PTV Optima PTV Optima Unknown Not vuln source
PTV Road Editor PTV Road Editor Unknown Not vuln source
PTV Route Optimiser CL PTV Route Optimiser CL Unknown Investigation source
PTV Route Optimiser ST PTV Route Optimiser ST Unknown Investigation source
PTV Route Optimizer SaaS / Demonstrator PTV Route Optimizer SaaS / Demonstrator Unknown Fix source
PTV TLN planner internet PTV TLN planner internet Unknown Fix source
PTV TRE and PTV Tre-Addin PTV TRE and PTV Tre-Addin Unknown Not vuln source
PTV Vissim PTV Vissim Unknown Not vuln source
PTV Vistro PTV Vistro Unknown Not vuln source
PTV Visum PTV Visum Unknown Not vuln source
PTV Visum Publisher PTV Visum Publisher Unknown Fix source
PTV Viswalk PTV Viswalk Unknown Not vuln source
PTV xServer < 1.34 (on prem) PTV xServer < 1.34 (on prem) Unknown Not vuln source
PTV xServer 1.34 (on prem) PTV xServer 1.34 (on prem) Unknown Vulnerable source
PTV xServer 2.x (on prem) PTV xServer 2.x (on prem) Unknown Vulnerable source
PTV xServer internet 1 / PTV xServer internet 2 PTV xServer internet 1 / PTV xServer internet 2 Unknown Fix source
Pulse Secure Ivanti Connect Secure (ICS) Not Vuln source
Pulse Secure Ivanti Neurons for secure Access Not Vuln source
Pulse Secure Ivanti Neurons for ZTA Not Vuln source
Pulse Secure Pulse Connect Secure Not Vuln source
Pulse Secure Pulse Desktop Client Not Vuln source
Pulse Secure Pulse Mobile Client Not Vuln source
Pulse Secure Pulse One Not Vuln source
Pulse Secure Pulse Policy Secure Not Vuln source
Pulse Secure Pulse Secure Services Director Not Vuln source
Pulse Secure Pulse Secure Virtual Traffic Manager Not Vuln source
Pulse Secure Pulse Secure Web Application Firewall Not Vuln source
Pulse Secure Pulse ZTA Not Vuln source
Puppet Continuous Delivery for Puppet Enterprise 3.x, < 4.10.2 Fix Update available for version 4.x, mitigations for 3.x which is EOL source, workaround,mitigations
Puppet Puppet agents Not Vuln source
Puppet Puppet Enterprise Not Vuln source
PuTTY PuTTY Not Vuln source
Pyramid Analytics Pyramid Analytics All Not vuln source

Q

Supplier Product Version (see Status) Status Notes Links
Qconferencing FaceTalk Fix source
QlikTech International Compose Investigation source
QlikTech International Nprinting Not Vuln source
QlikTech International QEM products Investigation source
QlikTech International Qlik Replicate Investigation source
QlikTech International Qlik Sense Enterprise Not Vuln source
QlikTech International QlikView Not Vuln source
QNAP General information QNAP Investigation Applications maintained by a third-party are under investigation. source
QNAP Qsirch Not Vuln source
QNAP QES Operating System Not Vuln source
QNAP QTS operating system Not Vuln source
QNAP QuTS hero operating system Not Vuln source
QOS.ch SLF4J Simple Logging Facade for Java SLF4J API doesn't protect against the vulnerability when using a vulnerable version of log4j source
QUEST Quest KACE SMA Not Vuln source
QUEST Foglight 5.9 Not Vuln source
QUEST Foglight 6.0 Workaround source

R

Supplier Product Version (see Status) Status Notes Links
Red Hat A-MQ Clients 2 Not Vuln source
Red Hat Red Hat build of Quarkus Not Vuln source
Red Hat Red Hat CodeReady Studio 12 Vulnerable source
Red Hat Red Hat Data Grid 8 Vulnerable source
Red Hat Red Hat Descision Manager 7 Vulnerable source
Red Hat Red Hat Integration Camel K Vulnerable source
Red Hat Red Hat Integration Camel Quarkus Vulnerable source
Red Hat Red Hat JBoss A-MQ Streaming Vulnerable source
Red Hat Red Hat JBoss Enterprise Application Platform 6 Not Vuln source
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack Vulnerable source
Red Hat Red Hat JBoss Fuse 7 Vulnerable source
Red Hat Red Hat OpenShift Application Runtimes Vulnerable source
Red Hat Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5 Vulnerable source
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6 Vulnerable source
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive Vulnerable source
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto Vulnerable source
Red Hat Red Hat OpenShift Logging logging-elasticsearch6-container Vulnerable source
Red Hat Red Hat OpenStack Platform 13 (Queens) opendaylight Vulnerable source
Red Hat Red Hat Process Automation 7 Vulnerable source
Red Hat Red Hat Single Sign-On 7 Not Vuln source
Red Hat Red Hat Virtualization 4 Not Vuln source
Redgate Flyway all Not Vuln Only vulnerable when using non-default config. source
Redis Jedis 3.7.1, 4.0.0-rc2 Fix Jedis uses the affected library in test suites only. source
Redis Redis Enterprise & Open Source all Not Vuln Redis Enterprise and Open Source Redis (self-managed software product) does not use Java and is therefore not impacted by this vulnerability source
ResMed AirView Not Vuln source
ResMed myAir Not Vuln source
Ricoh Commercial & Industrial Printing - Garment Printers Not Vuln source
Ricoh Commercial & Industrial Printing - Production Printers Not Vuln source
Ricoh Office Products - Digital Duplicators Not Vuln source
Ricoh Office Products - FAX Not Vuln source
Ricoh Office Products - Interactive Whiteboards Not Vuln source
Ricoh Office Products - Multifunction Printers/Copiers - Black & White MFP Not Vuln source
Ricoh Office Products - Multifunction Printers/Copiers - Color MFP Not Vuln source
Ricoh Office Products - Multifunction Printers/Copiers - Wide Format MFP Not Vuln source
Ricoh Office Products - Printers - Black & White Laser Printers Not Vuln source
Ricoh Office Products - Printers - Color Laser Printers Not Vuln source
Ricoh Office Products - Printers - Gel Jet Printers Not Vuln source
Ricoh Office Products - Printers - Handy Printers Not Vuln source
Ricoh Office Products - Printers - Printer based MFP Not Vuln source
Ricoh Office Products - Projectors Not Vuln source
Ricoh Office Products - Video Conferencing Not Vuln source
Ricoh Software & Solutions - Card Authentication Package Series Not Vuln source
Ricoh Software & Solutions - Certificate Enrolment Service Not Vuln source
Ricoh Software & Solutions - Device Manager NX Accounting Not Vuln source
Ricoh Software & Solutions - Device Manager NX Enterprise Not Vuln source
Ricoh Software & Solutions - Device Manager NX Lite Not Vuln source
Ricoh Software & Solutions - Device Manager NX Pro Not Vuln source
Ricoh Software & Solutions - Enhanced Locked Print Series Not Vuln source
Ricoh Software & Solutions - GlobalScan NX Not Vuln source
Ricoh Software & Solutions - Intelligent Barcode Solution Not Vuln source
Ricoh Software & Solutions - myPrint Not Vuln source
Ricoh Software & Solutions - Printer Driver Packager NX Not Vuln source
Ricoh Software & Solutions - @Remote Connector NX Not Vuln source
Ricoh Software & Solutions - RICOH Print Management Cloud Not Vuln source
Ricoh Software & Solutions - Ricoh Smart Integration (RSI) applications Not Vuln source
Ricoh Software & Solutions - Ricoh Smart Integration (RSI) Platform and its applications Not Vuln source
Ricoh Software & Solutions - RICOH Streamline NX V2 Not Vuln source
Ricoh Software & Solutions - RICOH Streamline NX V3 Not Vuln source
Ricoh Software & Solutions - Scan Workflow Navigator Not Vuln source
Ricoh Software & Solutions - Streamline NX Share Not Vuln source
Riverbed AppResponse11 Not Vuln source
Riverbed Aternity Investigation See source for latest updates source
Riverbed Client Accelerator Controllers and Client Accelerator (aka SteelCentral Controller for SteelHead Mobile and SteelHead Mobile) Not Vuln source
Riverbed Flow Gateway Not vuln source
Riverbed FlowTraq Not vuln source
Riverbed Modeler Investigation source
Riverbed NetAuditor Desktop Investigation source
Riverbed NetAuditor Web Not vuln source
Riverbed NetCollector Investigation source
Riverbed NetExpress Investigation source
Riverbed NetIM 1.x Not vuln source
Riverbed NetIM 2.x Vulnerable Patches planned source
Riverbed NetIM Test Engine Not vuln source
Riverbed NetPlanner Not vuln source
Riverbed NetProfiler Not vuln source
Riverbed Packet Analyzer Not Vuln source
Riverbed Packet Trace Warehouse Not Vuln source
Riverbed Portal 1.x Vulnerable Includes Log4j 2.2 source
Riverbed Portal 3.x Vulnerable Includes Log4j 2.13 source
Riverbed SaaS Accelerator Not Vuln source
Riverbed Scon CX Not vuln source
Riverbed Scon EX Analytics Vulnerable Patches planned source
Riverbed Scon EX Director Vulnerable Patches planned source
Riverbed Scon EX FlexVNF Not vuln source
Riverbed SteelCentral Controller for SteelHead Not Vuln source
Riverbed SteelFusionCore (appliance, virtual) Not vuln source
Riverbed SteelFusion Edge Not vuln source
Riverbed SteelHead CX (appliance, virtual, cloud) Not Vuln source
Riverbed SteelHead Interceptor Not Vuln source
Riverbed Transaction Analyzer Agents Not vuln Log4j not in use source
Riverbed Transaction Analyzer Investigation source
Riverbed UCExpert Vulnerable source
Riverbed WinSec Controller for SteelHead (WSC) Not Vuln source
RocketChat All All Not Vuln source
Rockwell Automation Warehouse Management 4.01.00, 4.02.00, 4.02.01, 4.02.02 Vulnerable Patch under development source
Rockwell Automation MES EIG 3.03.00 Vulnerable Product discontinued. Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions. source
Rockwell Automation Industrial Data Center Gen 1, Gen 2, Gen 3, Gen 3.5 Workaround Follow the mitigation instructions outlined by VMware in VMSA-2021-0028 source
Rockwell Automation VersaVirtual Series A Workaround Follow the mitigation instructions outlined by VMware in VMSA-2021-0028 source
Rockwell Automation FactoryTalk Analytics DataFlowML 4.00.00 Vulnerable Patch under development source
Rockwell Automation FactoryTalk Analytics DataView 3.03.00 Vulnerable Patch under development source
RSA NetWitness Orchestrator >= 6.0 Workaround Mitigation for the ThreatConnect Application server is available, no impact described source
RSA NetWitness Platform 11.4 Workaround It is theoretically possible to exploit the vulnerability to gain shell access to the NetWitness Platform source
RSA NetWitness Platform >= 11.5 Workaround It is possible to leak system configuration data source
RSA SecurID Authentication Manager Not Vuln Version 8.6 Patch 1 contains a version of log4j that is vulnerable, but this vulnerability is not exploitable. source
RSA SecurID Authentication Manager Prime Not Vuln source
RSA SecurID Authentication Manager WebTier Not Vuln source
RSA SecurID Governance and Lifecycle Cloud (SecurID G&L Cloud) Not Vuln source
RSA SecurID Governance and Lifecycle (SecurID G&L) Not Vuln source
RSA SecurID Identity Router (On-Prem component of Cloud Authentication Service) Not Vuln source
Ruckus FlexMaster Vuln Additional details in PDF/Text (Sign-in Required) source
Ruckus SmartZone 100 (SZ-100) 5.1 to 6.0 Vuln Additional details in PDF/Text (Sign-in Required) source
Ruckus SmartZone 144 (SZ-144) 5.1 to 6.0 Vuln Additional details in PDF/Text (Sign-in Required) source
Ruckus SmartZone 300 (SZ-300) 5.1 to 6.0 Vuln Additional details in PDF/Text (Sign-in Required) source
Ruckus Unleashed Vuln Additional details in PDF/Text (Sign-in Required) source
Ruckus Virtual SmartZone (vSZ) 5.1 to 6.0 Vuln Additional details in PDF/Text (Sign-in Required) source

S

Supplier Product Version (see Status) Status Notes Links
SAE IT-systems codeIT Runtime all Not vuln source
SAE IT-systems codeIT Workbench all Not vuln source
SAE IT-systems connectIT all Not vuln source
SAE IT-systems net-line series5 all Not vuln source
SAE IT-systems setIT all Not vuln source
SAE IT-systems SG-50 / Kombisafe all Investigation source
SAE IT-systems Straton Runtime all Investigation source
SAE IT-systems Straton Workbench all Investigation source
SAE IT-systems System-4 all Not vuln source
SAE IT-systems T10/T7 Touch panel all Investigation source
SAE IT-systems visIT Runtime all Not vuln source
SAE IT-systems visIT Workbench all Not vuln source
Safe FME Server Investigation source
SailPoint IdentityIQ 8.0 or later Workaround source
Salesforce All products Investigation source
SAP S/4 HANA On-Premise on ABAP Not Vuln source
SAP S/4 HANA Cloud Customer systems Not Vuln (behind login) source
SAP S/4 HANA Digital Payments Add-On Not Vuln (behind login) source
SAP BusinessObjects Business Intelligence Not Vuln (behind login) source
SAP BusinessObjects Explorer Not Vuln (behind login) source
SAP BusinessObjects Data Services Not Vuln (behind login) source
SAP BusinessObjects Financial Information Management Not Vuln (behind login) source
SAP BusinessObjects Knowledge Accelerator Not Vuln (behind login) source
SAP HANA Database Not Vuln (behind login) source
SAP HANA Smart Data Integration Not Vuln (behind login) source
SAP HANA Streaming Analytics Not Vuln (behind login) source
SAP HANA Spatial Service Not Vuln (behind login) source
SAP HANA Streaming Analytics Not Vuln (behind login) source
SAP Integrated Business Planning for Supply Chain – Customer systems Not Vuln (behind login) source
SAP NetWeaver Application Server for ABAP Not Vuln (behind login) source
SAP SuccessFactors Litmos Not Vuln (behind login) source
SAP Customer Checkout PoS / manager 2.0 FP09, 2.0 FP10, 2.0 FP11 PL06 (or lower) and 2.0 FP12 PL04 (or lower) Fix SAP note 3130499 source
SAP XS Advanced Runtime 1.0.140 or lower Fix SAP note 3130698 source
SAS Institute JMP Not vuln source
SAS Institute SAS Cloud Solutions Workaround source
SAS Institute SAS Profile Fix source
Schneider Electric All other products Investigation source
Schneider Electric EcoStruxure IT Expert Fix cloud-based offer; no customer action required. source
Schneider Electric EcoStruxure IT Gateway 1.5.0 - 1.13.0 Vulnerable source
Schneider Electric EcoStruxure IT Gateway 1.13.1.5 Fix source
SecurityRoots Dradis Professional All Not vuln source
Seafile Seafile Server Fix source
Security Onion Solutions Security Onion 2.3.90 20211210 Fix source
Sentry.io Self Hosted and SaaS All Versions Not Vuln Not affected as it is written in Python and Rust. Makes use of unaffected versions of log4j 1.x in Kafka and Zookeeper subsystems source
Scootersoftware Beyond Compare All Not Vuln source
Shibboleth Shibboleth IdP/SP Not Vuln source
Siemens Advantage Navigator Cloud Service Investigation source
Siemens Advantage Navigator Software Proxy all Investigation source
Siemens Capital (and its derivatives) >= 2019.1 SP1912 Workaround Only vulnerable if Teamcenter integration feature is used source
Siemens Comfy Investigation source
Siemens Comos Desktop App all Vulnerable source
Siemens Desigo CC Advanced Reporting V4.0, V4.1, V4.2, V5.0, V5.1 Vulnerable source
Siemens Desigo CC Info Center V5.0, V5.1 Vulnerable source
Siemens E-Car OC Cloud Application Fix Vulnerability fixed on central cloud service starting2021-12-13; no user actions necessary source
Siemens EnergyIP Investigation source
Siemens EnergyIP Prepay 3.7, 3.8 Vulnerable source
Siemens Enlighted Investigation source
Siemens Geolus Not Vuln source
Siemens GMA-Manager > V8.6.2j-398 Vulnerable source
Siemens HCRA Not Vuln source
Siemens HES UDIS all Vulnerable source
Siemens Industrial Edge Management App (IEM-App) all Vulnerable source
Siemens Industrial Edge Management OS (IEM-OS) all Vulnerable source
Siemens Industrial Edge Manangement Hub all Fix Vulnerability fixed on central cloud service starting 2021-12-13; no user actions necessary source
Siemens LOGO! Soft Comfort all Workaround Only LOGO! Web Projects deployed to AWS are potentially affected source
Siemens Mendix Applications all Vulnerable source
Siemens Mindsphere Cloud Application < 2021-12-11 Fix Vulnerability fixed on central cloud service starting2021-12-11; no user actions necessary source
Siemens Opscenter Intelligence >= 3.2 Workaround Only OEM version that ships Tableau is affected source
Siemens Operation Scheduler >= V1.1.3 Vulnerable source
Siemens RUGGEDCOM ELAN Not Vuln source
Siemens RUGGEDCOM MAESTRO Not Vuln source
Siemens SIGUARD DSA V4.2, V4.3, V4.4 Workaround source
Siemens SIMATIC WinCC V7.4 < V7.4 SP1 Fix source
Siemens SINAMICS TEC - SDK Not Vuln source
Siemens SINUMERIK Analyze MyWorkpiece / Capture Not Vuln source
Siemens SINUMERIK Optimize MyMachine Not Vuln source
Siemens SiPass Integrated V2.80, V2.85 Vulnerable source
Siemens Siveillance Command >= 4.16.2.1 Vulnerable source
Siemens Siveillance Control Pro all Fix Hotfix available for versions >= V2.1 source
Siemens Siveillance Control Pro >= V2.1 Workaround source
Siemens Siveillance Identity V1.5, V1.6 Workaround source
Siemens Siveillance Vantage all Vulnerable source
Siemens SIZER Design Tool for SINAMICS Not Vuln source
Siemens Solid Edge Not Vuln source
Siemens Solid Edge Technical Publication Not Vuln source
Siemens Solid Edge Wiring and Harness Design >= 2020 SP2002 Workaround Only affected if Teamcenter integration feature is used source
Siemens Spectrum Power 4 all versions only with component jROS in version 3.0.0 Fix Patch available for V4.70 SP9 source
Siemens Spectrum Power 7 all except < V2.30 SP2 without component jROS Fix Patch available for V21Q4 source
Siemens Teamcenter all Workaround source
Siemens Teamcenter Integration for NX (TcIN) <= NX 2007 Workaround Also known as "NX Managed Mode" source
Siemens VeSys >= 2019.1 SP1912 Workaround Only vulnerable if Teamcenter integration feature is used source
Siemens XHQ Not Vuln source
Siemens Xpedition EDM Client VX.2.6-VX.2.10 Workaround source
Siemens Xpedition EDM Server VX.2.6-VX.2.10 Workaround source
Siemens Xpedition Package Integrator VX.2.6-VX.2.10 Workaround source
Sitecore Sitecore Content Hub Not Vuln source
Sitecore Sitecore CDP Not Vuln source
Sitecore Sitecore Personalize Not Vuln source
Sitecore Boxever Not Vuln source
Sitecore Sitecore OrderCloud Not Vuln source
Sitecore Moosend Not Vuln source
Sitecore Sitecore Send Not Vuln source
Sitecore Sitecore Discover Not Vuln source
Sitecore Sitecore XP <= 9.1 (with SOLR as Content Search provider) Not Vuln source
Sitecore Sitecore XP >= 9.2 (with SOLR as Content Search provider) Workaround source
Sitecore Sitecore XP all (with Azure Search as Content Search provider) Not Vuln source
Sitecore Sitecore Managed Cloud customers who host Solr using SearchStax Not Vuln source
Sitecore Sitecore Managed Cloud customers who bring their own Solr Workaround source
Sitecore Sitecore Managed Cloud customers who do not use Solr Not Vuln source
Snow Software Snow Commander 8.0.x - 8.9.x Workaround source, workaround
Snow Software VM Access Proxy >= 3.0 Workaround source, workaround
SolarWinds Database Performance Analyzer 2021.1.x, 2021.3.x, 2022.1.x Workaround source, workaround
SolarWinds Orion Platform core Not vuln source
SolarWinds Server & Application Monitor >= 2020.2.6 Workaround source, workaround
Soliton Systems MailZen Management Portal - On-Premise 2.36.2, 2.37.3, 2.38.2 Fix source
Soliton Systems MailZen Management - Cloud Service all Fix source
Soliton Systems MailZen Push Server all Fix source
Soliton Systems Other products all Not vuln source
SonarSource SonarCloud Fix source
SonarSource SonarQube Workaround source
SonicWall Access Points Not vuln source
SonicWall Analytics Investigation source
SonicWall Analyzer Not vuln source
SonicWall Capture Client & Capture Client Portal Not vuln source
SonicWall Capture Security Appliance Not vuln source
SonicWall CAS Not vuln source
SonicWall Email Security 10.0.12 Fix source
SonicWall Gen5 Firewalls (EOS) Not vuln source
SonicWall Gen6 Firewalls Not vuln source
SonicWall Gen7 Firewalls Not vuln source
SonicWall GMS Not vuln source
SonicWall MSW Not vuln source
SonicWall NSM Investigation source
SonicWall SMA 1000 Not vuln source
SonicWall SMA 100 Not vuln source
SonicWall SonicCore Not vuln source
SonicWall SonicWall Switch Not vuln source
SonicWall WAF Not vuln source
SonicWall WNM Not vuln source
SonicWall WXA Not vuln source
Sophos Cloud Optix Fix source
Sophos Reflexion Not Vuln source
Sophos SG UTM All Not Vuln source
Sophos SG UTM Manager (SUM) All Not Vuln source
Sophos Sophos Central Not Vuln source
Sophos Sophos Firewall All Not Vuln source
Sophos Sophos Home Not Vuln source
Sophos Sophos Mobile EAS Proxy 9.7.2 Fix source
Sophos Sophos Mobile Not Vuln source
Sophos Sophos ZTNA Not Vuln source
Specops Software All Not Vuln source
Splunk Add-On: Java Management Extensions 3.0.0, 2.1.0 Vulnerable source
Splunk Add-On: JBoss 3.0.0, 2.1.0 Vulnerable source
Splunk Add-On: Tomcat 3.0.0, 2.1.0 Vulnerable source
Splunk Admin Config Service all Not vuln source
Splunk Analytics Workspace all Not vuln source
Splunk Behavior Analytics all Not vuln source
Splunk Dashboard Studio all Not vuln source
Splunk Data Stream Processor DSP 1.0.x, DSP 1.1.x, DSP 1.2.x Vulnerable source
Splunk Developer Tools: AppInspect all Not vuln source
Splunk Enterprise Security all Not vuln source
Splunk Intelligence Management (TruSTAR) all Not vuln source
Splunk IT Service Intelligence (ITSI) 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x Vulnerable source
Splunk KV Service all Not vuln source
Splunk Mission Control all Not vuln source
Splunk MLTK all Not vuln source
Splunk Operator for Kubernetes all Not vuln source
Splunk Security Analytics for AWS all Not vuln source
Splunk SignalFx Smart Agent all Not vuln source
Splunk SOAR Cloud (Phantom) all Not vuln source
Splunk SOAR (On-Premises) all Not vuln source
Splunk Splunk Application Performance Monitoring all Not vuln source
Splunk Splunk Augmented Reality all Not vuln source
Splunk Splunk Cloud Data Manager (SCDM) all Not vuln source
Splunk Splunk Connect for Kafka <2.0.4 Fix source
Splunk Splunk Connect for Kubernetes all Not vuln source
Splunk Splunk Connect for SNMP all Not vuln source
Splunk Splunk Connect for Syslog all Not vuln source
Splunk Splunk DB Connect all Not vuln source
Splunk Splunk Enterprise All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used. Workaround source
Splunk Splunk Enterprise Amazon Machine Image (AMI) see Splunk Enterprise Workaround source
Splunk Splunk Enterprise Cloud all Not vuln source
Splunk Splunk Enterprise Docker Container see Splunk Enterprise Workaround source
Splunk Splunk Heavyweight Forwarder (HWF) all Not vuln source
Splunk Splunk Infrastructure Monitoring all Not vuln source
Splunk Splunk Logging Library for Java <1.11.1 Fix source
Splunk Splunk Log Observer all Not vuln source
Splunk Splunk Mint all Not vuln source
Splunk Splunk Mobile all Not vuln source
Splunk Splunk Network Performance Monitoring all Not vuln source
Splunk Splunk On-Call/Victor Ops all Not vuln source
Splunk Splunk Open Telemetry Distributions all Not vuln source
Splunk Splunk Profiling all Not vuln source
Splunk Splunk Real User Monitoring all Not vuln source
Splunk Splunk Secure Gateway (Spacebridge) all Not vuln source
Splunk Splunk Synthetics all Not vuln source
Splunk Splunk TV all Not vuln source
Splunk Splunk Universal Forwarder (UF) all Not vuln source
Splunk Splunk User Behavior Analytics (UBA) all Not vuln source
Splunk Stream Processor Service Current Vulnerable source
Sprecher Automation SPRECON-E all Not vuln source
Sprecher Automation SPRECON-EDIR all Not vuln source
Sprecher Automation SPRECON-SG all Not vuln source
Sprecher Automation SPRECON-V all Not vuln source
Stackstate 4.3.x, 4.4.x, 4.5.x and SaaS Workaround StackState ships with a version of Elasticsearch that contains a vulnerable Log4j library. source
Stackstate Agent Workaround StackState Agent distributed as an RPM, DEB or MSI package contains a vulnerable Log4j library. source
Stardog Stardog <7.8.1 Fix source
Stratodesk NoTouch 4.5.231 Fix source
Sumo logic Sumu logic 19.361-12 Fix source
SuperMicro BIOS all Not vuln source
SuperMicro BMC all Not vuln source
SuperMicro SuperCloud Composer (SCC) all Not vuln source
SuperMicro Supermicro Server Manager (SSM) all Not vuln source
SuperMicro Supermicro SuperDoctor (SD5) all Not vuln source
SuperMicro Supermicro Power Manager (SPM) all Vulnerable Upgrade to Log4j 2.15.0. Release pending ASAP source
SuperMicro SMCIPMITool all Not vuln source
SuperMicro SCC Analytics all Not vuln source
SuperMicro SCC PODM all Not vuln source
SuperMicro vCenter Plug-in all Not vuln source
SuperMicro Super Diagnostics Offline all Not vuln source
SuperMicro Supermicro Update Manager (SUM) all Not vuln source
SuperMicro SUM Service (SUM_SERVER) all Not vuln source
SUSE SUSE Linux Enterprise server all Not vuln source
SUSE SUSE Manager all Not vuln source
SUSE SUSE Openstack Cloud all Vuln will get update source
SUSE SUSE Rancher all Not vuln source
Synacor Zimbra 8.8.15 and 9.x Not vuln Zimbra stated (in their private support portal) they're not vulnerable. Currently supported Zimbra versions ship 1.2.6 source
Syncro Soft Oxygen Content Fusion <= v4.1 Fix Fix available source
Syncro Soft Oxygen Content Fusion 3.0.1 Fix Fix available source
Syncro Soft Oxygen XML Web Author v22.1 - v24.0.0 Fix Fix available source
Syncro Soft Oxygen XML Web Author 23.1.1.2 Fix Fix available source
Syncro Soft Oxygen Feedback 1.4.4 Fix Fix available source
Syncro Soft Oxygen XML Publishing Engine v22.1 - v24.0 Fix Fix available source
Syncro Soft Oxygen XML WebHelp v22.1 - v24.0 Fix Fix available source
Syncro Soft Oxygen PDF Chemistry v22.1 - v24.0 Fix Fix available source
Syncro Soft Oxygen License Server v22.1 - v24.0 Fix Fix available source
Syncro Soft Oxygen XML Author v16.1 - v24.0 Fix Fix available source
Syncro Soft Oxygen XML Developer v16.1 - v24.0 Fix Fix available source
Syncro Soft Oxygen XML Editor v16.1 - v24.0 Fix Fix available source
Synology DSM Not vuln The base DSM is not affected. Software installed via the package manager may be vulnerable. source
syntevo DeepGit >= 4.0 Fix 3.0.x and older are vulnerable source
syntevo SmartGit >= 18.1 Fix 17.1.x and older are vulnerable source
syntevo SmartSVN >= 9.3 Fix 9.2.x and older are vulnerable source
syntevo SmartSynchronize >= 3.5 Fix 3.4.x and older are vulnerable source
SysAid All products Fix source

T

Supplier Product Version Status Notes Links
Tableau Tableau Desktop 2021.4 Vulnerable source
Tableau Tableau Server 2021.2.5 Vulnerable source
Tableau Tableau Desktop 2021.4.1 Fix source, fix
Tableau Tableau Server 2021.4.1 Fix source, fix
Tableau Tableau Prep 2021.4.2 Fix source, fix
Tableau Tableau Bridge 20214.21.1214.2057 Fix source, fix
Tableau Tableau Reader unkown Fix source, fix
Tailscale Tailscale all Not vuln source
Talend Talend Component Kit Fix source
Tanium All products all Not vuln source
TARGIT All products all Not vuln source
Tealium All products Fix source
Teamviewer All products Fix Server-side hotfix deployed. No user interaction required source
Tenable All products Not vuln source
Tesorion Immunity-appliances and software all Not vuln source
Tesorion SOC-appliances and software all Fix Potential Log4j impact mitigated source
TheHive Cortex all Not vuln source
TheHive TheHive all Not vuln source
TOPdesk TOPdesk SaaS all Not Vuln source
TOPdesk TOPdesk On-Premises Virtual Appliance all Not Vuln Although the standard product is not vulnerable, we advise our customers to scan for vulnerabilies if they modified the product, installed add-ons or bespoke work source
TOPdesk TOPdesk On-Premises Classic all Not Vuln Although the standard product is not vulnerable, we advise our customers to scan for vulnerabilies if they modified the product, installed add-ons or bespoke work source
Topicus Security Topicus KeyHub all Not vuln source
Tosibox All products Fix source
Trend Micro 5G Mobile Network Security Not vuln source
Trend Micro ActiveUpdate Not vuln source
Trend Micro Apex Central (including as a Service) Not vuln source
Trend Micro Apex One (all versions including SaaS, Mac, and Edge Relay) Not vuln source
Trend Micro Cloud App Security fix source
Trend Micro Cloud Edge Not vuln source
Trend Micro Cloud One - Application Security Not vuln source
Trend Micro Cloud One - Common Services Not vuln source
Trend Micro Cloud One - Conformity Not vuln source
Trend Micro Cloud One - Container Security Not vuln source
Trend Micro Cloud One - File Storage Security Not vuln source
Trend Micro Cloud One - Network Security Not vuln source
Trend Micro Cloud One - Workload Secuity Not vuln source
Trend Micro Cloud Sandbox Not vuln source
Trend Micro Deep Discovery Analyzer Not vuln source
Trend Micro Deep Discovery Director Investigation source
Trend Micro Deep Discovery Email Inspector Not vuln source
Trend Micro Deep Discovery Inspector Not vuln source
Trend Micro Deep Discovery Web Inspector Not vuln source
Trend Micro Deep Security Not vuln source
Trend Micro Endpoint Encryption Not vuln source
Trend Micro Fraudbuster Not vuln source
Trend Micro Home Network Security Not vuln source
Trend Micro Housecall Not vuln source
Trend Micro Instant Messaging Security Not vuln source
Trend Micro Internet Security for Mac (Consumer) Not vuln source
Trend Micro Interscan Messaging Security Not vuln source
Trend Micro Interscan Messaging Security Virtual Appliance (IMSVA) Not vuln source
Trend Micro Interscan Web Security Suite Not vuln source
Trend Micro Interscan Web Security Virtual Appliance (IWSVA) Not vuln source
Trend Micro Mobile Security for Enterprise Not vuln source
Trend Micro Mobile Security for Android Not vuln source
Trend Micro Mobile Security for iOS Not vuln source
Trend Micro MyAccount (Consumer Sign-on) Not vuln source
Trend Micro Network Viruswall Not vuln source
Trend Micro OfficeScan Not vuln source
Trend Micro Password Manager Not vuln source
Trend Micro Phish Insight Not vuln source
Trend Micro Policy Manager Not vuln source
Trend Micro Portable Security Not vuln source
Trend Micro PortalProtect Not vuln source
Trend Micro Public Wifi Protection / VPN Proxy One Pro Not vuln source
Trend Micro Rescue Disk Not vuln source
Trend Micro Rootkit Buster Not vuln source
Trend Micro Safe Lock (TXOne Edition) Not vuln source
Trend Micro Safe Lock 2.0 Not vuln source
Trend Micro Sandbox as a Service Fix source
Trend Micro ScanMail for Domino Not vuln source
Trend Micro ScanMail for Exchange Not vuln source
Trend Micro Security for NAS Not vuln source
Trend Micro ServerProtect (all versions) Not vuln source
Trend Micro Smart Home Network Not vuln source
Trend Micro Smart Protection Complete Not vuln source
Trend Micro Smart Protection for Endpoints Not vuln source
Trend Micro Smart Protection Server (SPS) Not vuln source
Trend Micro TippingPoint Accessories Not vuln source
Trend Micro TippingPoint IPS (N-, NX- and S-series) Not vuln source
Trend Micro TippingPoint Network Protection (AWS & Azure) Not vuln source
Trend Micro TippingPoint SMS Not vuln source
Trend Micro TippingPoint Threat Management Center (TMC) Fix source
Trend Micro TippingPoint ThreatDV Not vuln source
Trend Micro TippingPoint TPS Not vuln source
Trend Micro TippingPoint TX-Series Not vuln source
Trend Micro TippingPoint Virtual SMS Not vuln source
Trend Micro TippingPoint Virtual TPS Not vuln source
Trend Micro TMUSB Not vuln source
Trend Micro Trend Micro Email Security & HES Fix source
Trend Micro Trend Micro Endpoint Sensor Not vuln source
Trend Micro Trend Micro ID Security Not vuln source
Trend Micro Trend Micro Remote Manager Not vuln source
Trend Micro Trend Micro Security (Consumer) Not vuln source
Trend Micro Trend Micro Virtual Patch for Endpoint Investigation source
Trend Micro Trend Micro Web Security Fix source
Trend Micro TXOne (Edge Series) Not vuln source
Trend Micro TXOne (Stekkar Series) Not vuln source
Trend Micro Vision One Fix source
Trend Micro Worry-Free Business Security (on-prem) Not vuln source
Trend Micro Worry-Free Business Security Services Not vuln source
tribe29 Check_MK Not vuln source
Tripwire Tripwire® Enterprise Not vuln source
Tripwire Tripwire IP360™ Not vuln source
Tripwire Tripwire LogCenter® Not vuln source
Tripwire Tripwire Industrial Visibility Not vuln source
Tripwire Tripwire Apps Not vuln source
Tripwire Tripwire Configuration Compliance Manager (CCM) Not vuln source
Tripwire Tripwire for Servers (TFS) Not vuln source
Tripwire Tripwire Connect (on-prem) Vulnerable source
Tripwire Tripwire Connect SaaS (cloud) Vulnerable source
Tripwire Tripwire Configuration Manager SaaS Vulnerable source
Tripwire Tripwire Anyware SCM Vulnerable source
Tripwire Tripwire State Analyzer Vulnerable source
Tripwire Tripwire Industrial Sentinel Workaround source
TRUMPF PFO Smart Teach App Not vuln source
TRUMPF QDS 2.0 Not vuln source
TRUMPF redpowerDirect Not vuln source
TRUMPF Smart Power Tube Not vuln source
TRUMPF Smart View Services Not vuln source
TRUMPF TruBend Cell 5000 / 7000 Investigation source
TRUMPF TruBend Center Investigation source
TRUMPF TruConvert Investigation source
TRUMPF TruDiode Not vuln source
TRUMPF TruDisk Not vuln source
TRUMPF TruFiber Not vuln source
TRUMPF TruHeat Investigation source
TRUMPF TruLaser 5000 series Investigation source
TRUMPF TruLaser all other series Not vuln source
TRUMPF TruLaser Center 7030 Investigation source
TRUMPF TruMark Not vuln source
TRUMPF TruMatic 1000 fiber Investigation source
TRUMPF TruMatic 3000 Investigation source
TRUMPF TruMatic all other series Not vuln source
TRUMPF TruMicro series Not vuln source
TRUMPF TRUMPF TRUMPF Seamline Remote Not vuln source
TRUMPF TRUMPF Visionline Not vuln source
TRUMPF TruPlasma Investigation source
TRUMPF TruPulse Not vuln source
TRUMPF TruTops Boost Investigation source
TRUMPF TruTops Calculate Not vuln source
TRUMPF TruTops Classic Not vuln source
TRUMPF TruTops Cell Not vuln source
TRUMPF TruTops FAB Not vuln source
TRUMPF TruTops I-PFO Not vuln source
TRUMPF TruTops Mark 3D Not vuln source
TRUMPF TruTops Monitor Not vuln source
TRUMPF TruTops PFO Not vuln source
TRUMPF TruTops Print Not vuln source
TRUMPF TruTops Print Multilaser Assistant Not vuln source
TRUMPF TruPrint Monitoring Analyzer Not vuln source
TRUMPF TruPunch 1000 / 3000 Investigation source
TRUMPF TruPunch all other series Not vuln source
TRUMPF all other TRUMPF machines and systems Not vuln source

U

Supplier Product Version (see Status) Status Notes Links
Ubiquiti UniFi Network Application 6.5.55 Fix Update log4j version to 2.16.0 (CVE-2021-45046) source
Unify First Response OpenScape Policy Store Vulnerable source
Unify Hipath DS-Win Vulnerable source
Unify OpenScape Contact Center Vulnerable source
Unify OpenScape Contact Media Service Vulnerable source
Unify OpenScape Enterprise Express Investigation source
Unify OpenScape UC >= 10.2.9.0 Vulnerable source
Unify OpenScape Voice simplex deployments Vulnerable source
US Signal Remote Management and Monitoring platform Workaround source
USoft USoft 9.1.1F Vulnerable Found by manual scanning proof

V

Supplier Product Version (see Status) Status Notes Links
Variphy All products Not vuln source
Vectra All products Not vuln source
Veeam All products Not vuln source
Veritas Aptare IT Analytics 10.5 and 10.6 Workaround Version 10.4 and earlier are not affected. source
Veritas NetBackup Appliance 3.1.2 through 4.1.0.1 MR1 Workaround source
Veritas NetBackup Client 7.7.3 through 9.1.0.1 Not vuln source
Veritas NetBackup CloudPoint 2.2.2, 8.3 through 9.1.0.1 Workaround source
Veritas NetBackup Flex Scale 2.1 Workaround Veritas strongly recommends customers using version 1.3 or 1.3.1 to upgrade to NetBackup FlexScale 2.1 in order to be able to perform the mitigation steps. source
Veritas NetBackup Media Server 8.1 through 9.1.0.1 Not vuln source
Veritas NetBackup Media Server container on Flex Appliance 8.1 through 9.1.0.1 Not vuln source
Veritas NetBackup OpsCenter 7.7 through 7.7.3 and 8.0 Not vuln source
Veritas NetBackup OpsCenter 8.1.2 through 9.1.0.1 Workaround Veritas has published updated versions of Log4j that replace the vulnerable libraries used by NetBackup OpsCenter 8.1.2 through 9.1.0.1. source
Veritas NetBackup Primary Server 7.7 through 7.7.3 and 8.0 Not vuln source
Veritas NetBackup Primary Server 8.1.2 through 9.1.0.1 Workaround Veritas has published updated versions of Log4j that replace the vulnerable libraries used by NetBackup Primary Server 8.1.2 through 9.1.0.1. source
Veritas NetBackup Primary Server BYO (also known as Master Server) 8.1 through 8.1.1 Workaround Veritas strongly recommends customers upgrade to NetBackup 8.1.2 or the latest release in order to be able to perform the mitigation steps. source
Veritas NetBackup Primary Server container on Flex Appliance 8.1.2 through 9.1.0.1 Workaround source
Veritas NetBackup Resiliency Platform 3.4 through 4.0 Workaround source
Veritas Media Server Deduplication Pool (MSDP) (on NB Appliance) 3.1.2 and 3.2 Workaround source
VMware API Portal for VMware Tanzu 1.x Fix Fixed in 1.0.7 source, fix
VMware AppDefense Appliance 2.x Workaround source, workaround
VMware App Metrics 2.1.1 Fix source, fix
VMware Carbon Black Cloud Workload Appliance 1.x Fix Fixed in 1.1.1 source, workaround
VMware Carbon Black EDR Server 7.x, 6.x Fix Fixed in 7.6.0 source, workaround, fix
VMware Cloud Director Object Storage Extension 2.1.x, 2.0.x Fix Fixed in 2.1.0.1, 2.0.0.3 source, fix
VMware Cloud Foundation 4.x, 3.x Workaround source, workaround
VMware HCX 4.2.3, 4.1.0.2 Fix source
VMware Healthwatch for Tanzu Application Service 2.1.7, 1.8.6 Fix source, fix
VMware Horizon 8.x, 7.x Workaround source, workaround
VMware Horizon Cloud Connector 1.x, 2.x Fix Fixed in 2.1.1 source, fix
VMware Horizon DaaS 9.1.x, 9.0.x Workaround source, workaround
VMware Identity Manager 3.3.x Workaround source, workaround
VMware NSX Data Center for vSphere 6.x Workaround source, workaround
VMware NSX-T Data Center 3.x, 2.x Workaround source, workaround
VMware Single Sign-On for VMware Tanzu Application Service 1.x Fix Fixed in 1.14.5 source, fix
VMware Site Recovery Manager 8.x Vuln source, workaround
VMware Skyline Collector virtual appliance Not vuln source
VMware Spring Boot < 2.5.8, < 2.6.2 Workaround source
VMware Spring Cloud Gateway for Kubernetes 1.x Vulnerable source
VMware Spring Cloud Gateway for VMware Tanzu 1.x Fix Fixed in 1.1.3 source, fix
VMware Spring Cloud Services for VMware Tanzu 3.x Fix Fixed in 3.1.26 source, fix
VMware Tanzu Application Service for VMs 2.x Fix Fixed in 2.7.42, 2.10.22, 2.11.10, 2.12.3 source, workaround, fix
VMware Tanzu GemFire 1.14.x, 1.13.x, 1.10.x Fix Fixed in 1.14.1, 1.13.4 source, fix
VMware Tanzu Greenplum 6.x Workaround source, workaround
VMware Tanzu Kubernetes Grid Integrated Edition 2.x Workaround source, workaround
VMware Tanzu Observability by Wavefront Nozzle 3.x, 2.x Fix Fixed in 3.0.3 source, fix
VMware Tanzu Operations Manager 2.x Fix Fixed in 2.10.23 source, workaround, fix
VMware Tanzu SQL with MySQL for VMs 2.x, 1.x Vulnerable source
VMware Telco Cloud Automation 2.x, 1.x Vulnerable source
VMware Unified Access Gateway 21.x, 20.x, 3.x Workaround source, workaround
VMware vCenter Cloud Gateway 1.x Workaround source, workaround
VMware vCenter Server 6.x Workaround Running on: Windows source, workaround
VMware vCenter Server 7.x, 6.x Workaround Running on: Virtual Appliance source, workaround
VMware vCloud Director all Not vuln source
VMware vCloud Workstation all Not vuln source
VMware vRealize Automation 8.x, 7.x Vulnerable source
VMware vRealize Lifecycle Manager 8.x Workaround source, workaround
VMware vRealize Log Insight 8.x Workaround source, workaround
VMware vRealize Operations 8.x Workaround source, workaround
VMware vRealize Operations Cloud Proxy Any Workaround source, workaround
VMware vRealize Orchestrator 8.x, 7.x Vulnerable source
VMware vSphere ESXi Unknown Not Vuln source
VMware Workspace ONE Access 21.x, 20.x Workaround source, workaround
VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 19.03.0.1, 20.x, 21.x Workaround source, workaround
Vuze Vuze Torrent (desktop/server/mobile) Revision 44261 Investigation Also know as Azureus source, vendor

W

Supplier Product Version Status Notes Links
Watcher Watcher all Not vuln source
WatchGuard AuthPoint Cloud Fixed See link source
WatchGuard Dimension - Not vuln source
WatchGuard Firebox - Not vuln source
WatchGuard Threat Detection and Response Cloud Fixed See link source
WatchGuard WatchGuard EPDR and Panda AD360 - Not vuln source
WatchGuard WatchGuard System Manager, Dimension, WatchGuard EPDR and Panda AD360 - Not vuln source
WatchGuard Wi-Fi Cloud Cloud Fixed See link source
Weblib Ucopia Not vuln source
Wibu Systems CodeMeter Keyring for TIA Portal > 1.30 Fix Only the Password Manager is affected source
Wibu Systems CodeMeter Cloud Lite > 2.2 Fix source
WildFly WildFly < 22 Not vuln "No log4j artifact shipped" source
WildFly WildFly >= 22; <= 26.0.0.Beta1 Not vuln "ships log4j-api but not vulnerable code from log4j-core; version of log4j-api might seem to be vulnerable but is not" source
WildFly WildFly > 26.0.0.Final Not vuln "ships log4j-api where version matches patched version" source
Wind River Wind River Linux <= 8 Not vuln "contain package log4j, but their version is 1.2.x, too old to be affected" source
Wind River Wind River Linux > 8 Not vuln no support for log4j source
Wireshark Wireshark Not vuln source
WitFoo WitFoo Precinct 6.x Fix WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable source
Wowza Wowza Streaming Engine 4.7.8, 4.8.x Workaround source
WSO2 WSO2 API Manager >= 3.0.0 Workaround source
WSO2 WSO2 API Manager Analytics >= 2.6.0 Workaround source
WSO2 WSO2 Enterprise Integrator >= 6.1.0 Workaround source
WSO2 WSO2 Enterprise Integrator Analytics >= 6.6.0 Workaround source
WSO2 WSO2 Identity Server >= 5.9.0 Workaround source
WSO2 WSO2 Identity Server Analytics >= 5.7.0 Workaround source
WSO2 WSO2 Identity Server as Key Manager >= 5.9.0 Workaround source
WSO2 WSO2 Micro Gateway >= 3.2.0 Workaround source
WSO2 WSO2 Micro Integrator >= 1.1.0 Workaround source
WSO2 WSO2 Micro Integrator Dashboard >= 4.0.0 Workaround source
WSO2 WSO2 Micro Integrator Monitoring Dashboard >= 1.0.0 Workaround source
WSO2 WSO2 Stream Processor >= 4.0.0 Workaround source
WSO2 WSO2 Stream Integrator >= 1.0.0 Workaround source
WSO2 WSO2 Stream Integrator Tooling >= 1.0.0 Workaround source
WSO2 WSO2 Open Banking AM >= 2.0.0 Workaround source
WSO2 WSO2 Open Banking BI >= 1.3.0 Workaround source
WSO2 WSO2 Open Banking KM >= 2.0.0 Workaround source

X

Supplier Product Version (see Status) Status Notes Links
Xerox All other products Investigation source
Xerox AltaLink B8000 Series Not vuln source
Xerox AltaLink B8100 Series Not vuln source
Xerox AltaLink C8000 Series Not vuln source
Xerox AltaLink C8100 Series Not vuln source
Xerox B1022/1025 Not vuln source
Xerox Baltoro HF Inkjet Press Not vuln source
Xerox DocuShare Not vuln DocuShare using Solr search is vulnerable, see below. source
Xerox DocuShare Flex Not vuln source
Xerox DocuShare Go Not vuln source
Xerox DocuShare using Solr search 7.5 hotfix 11 Fixed source
Xerox EC8036/EC8056 Not vuln source
Xerox iGen 5 Not vuln source
Xerox Instant Print Kiosk Not vuln source
Xerox Nuvera EA Perfecting Production Systems Not vuln source
Xerox Nuvera EA Production Systems Not vuln source
Xerox Phaser 3330 Not vuln source
Xerox Phaser 3435 Not vuln source
Xerox Versant 180/280 Not vuln source
Xerox Versant 3100/4100 Not vuln source
Xerox WorkCentre 3335/45 Not vuln source
Xerox WorkCentre 5865i/5875i/58901 Not vuln source
Xerox WorkCentre 7970i Not vuln source
Xerox WorkCentre EC7836/EC7856 Not vuln source
Xerox Workplace Kiosk Not vuln source

Y

Supplier Product Version (see Status) Status Notes Links
Yahoo Vespa Not vuln Your Vespa application may still be affected if log4j is included in your application package source
Y Soft SAFEQ 6 <= 6.0.63 Workaround source
Yellowfin Yellowfin 8.0.10.3, 9.7.0.2 Fix v7 and v6 releases are not affected unless you have manually upgraded to Log4j2 source
Yenlo Connext 2.x Not vuln Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable source

Z

Supplier Product Version (see Status) Status Notes Links
Zabbix Zabbix Not vuln Zabbix is aware of this vulnerability, has completed verification, and can conclude that the only product where we use Java is Zabbix Java Gateway, which does not utilize the log4j library, thereby is not impacted by this vulnerability. source
Zammad Zammad Workaround Most of Zammad instances make use of Elasticsearch which might be vulnerable. source
Zendesk Zendesk Workaround SaaS - No user action source
Zerto Virtual Replication Appliance Not vuln source
Zerto Zerto Cloud Appliance Not vuln source
Zerto Zerto Cloud Manager Not vuln source
Zerto Zerto Virtual Manager Not vuln source
Zesty Zesty.io Not vuln source
Zoho Online Investigation source
Zoom All products Not vuln source
Zscaler All products Fix source
Zyxel All other products Not vuln source
Zyxel NetAtlas Element Management System (EMS) Vulnerable Hotfix availability Dec. 20, 2021, Patch availability in end of Feb. 2022 source