Skip to content

Instantly share code, notes, and snippets.

@SwitHak
Last active March 26, 2024 02:38
Star You must be signed in to star a gist
Save SwitHak/b66db3a06c2955a9cb71a8718970c592 to your computer and use it in GitHub Desktop.
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0-9

A

B

Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) : https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j

C

D

DCM4CHE.org : dcm4che/dcm4che#1050

E

Ellucian (Banner and Colleague Higher Education SIS) : https://www.ellucian.com/news/ellucian-response-apache-log4j-issue

F

G

Google Cloud Global Products coverage : https://cloud.google.com/log4j2-security-advisory

GratWiFi WARNING I can't confirm it: https://www.facebook.com/GratWiFi/posts/396447615600785

H

I

J

K

Komoot Photon : komoot/photon#620

L

M

N

NextGen Healthcare Mirth : nextgenhealthcare/connect#4892 (comment)

Nice Software (AWS) EnginFRAME : https://download.enginframe.com/

O

Obsidiandynamics KAFDROP : obsidiandynamics/kafdrop#315

P

Progress / IpSwitch : https://www.progress.com/security

PWM Project : pwm-project/pwm#628

Q

R

S

T

U

V

W

X

Xray connector plugin : jenkinsci/xray-connector-plugin#53

Y

Z

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
@tsaalbach95
Copy link

Philips CMND.io (digital signage from Philips) released a Update.

We strongly advise you update all CMND servers with this latest release 7.3.4 which in addition to the latest features contains fixes for the log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046, see detailed changes below. Be aware that the CMND solution as been designed as on-premise solution and not as a cloud solution, any deviation from the recommended installation is not advised nor supported.

@smalm-lyrical
Copy link

Adding to the list: Intuit QuickBooks Online. Confirmed that they use log4j and as of last interaction they have no update on where they are with addressing the issue. Umm... financial data at risk. That's a bad look.

https://quickbooks.intuit.com/learn-support/en-us/quickbooks-time/0-day-log4j-exploit/00/990291

TUESDAY DEC. 14:
"Yes, you're correct. Intuit uses log4j for the online versions of QuickBooks. Currently, we haven't received any updates about the patch yet, but rest assured that our product development team is now working on it as quickly as possible."

SATURDAY DEC. 18:
"We have not receive any updates yet from our engineers with regards to this issue."

Nothing since Saturday's response.

@steve-sdit
Copy link

steve-sdit commented Dec 20, 2021

Canon's uniFLOW is already on the list (under 'U'). Please add Canon under 'C', covering all of their brands. As of Dec. 17, no products/services are vulnerable. Here is a direct link to the security advisory page; they will update as necessary:
https://www.canon.com.au/support/support-news/support-news/security-advisory-potential-apache-log4j-vulnerability

@smalm-lyrical
Copy link

Quick update (pun intended) from Intuit Quickbooks Online:
"As stewards of our customer’s data, security is a top priority for Intuit. We are aware of and understand the potential impact of the Log4j vulnerability for the industry, and Intuit.

We’ve taken immediate action to address and mitigate the Log4j vulnerability across the Intuit platform. We’ll also be working closely with our engineering supply chain and third party partners to confirm that they are remediating any concerns with their systems."

This does not confirm that they've patched -- sharing the info nonetheless.

@SwitHak
Copy link
Author

SwitHak commented Dec 20, 2021

All before this comment have been processed in the 2021-12-20 2238 UTC big update.
thanks to you all!
SwitHak.

@alexschomb
Copy link

@raffisweb CGM Medical itself has been targeted by a ransomware attack, and some systems are offline now: https://www.cgm.com/

@TimGekev
Copy link

Hi SwitHak,
minor Issue: Keypass --> Keepass
Thanks for your big effort helping the whole community.

@maul0r
Copy link

maul0r commented Dec 21, 2021

@ScyberSocii
Copy link

ScyberSocii commented Dec 21, 2021

Possible typos - Palisade is one 's'; Philips - one 'l'; thanks for all the work you've put into this

@Jeff-Notaro
Copy link

@JoKeyser
Copy link

IBM Tivoli Storage Manager (formerly Spectrum Protect) is affected, see https://www.ibm.com/support/pages/ibm-spectrum-protect-downloads-latest-fix-packs-and-interim-fixes

@landon1013
Copy link

@x-sheep
Copy link

x-sheep commented Dec 23, 2021

Weblate is not affected: WeblateOrg/weblate#6972 (comment)

@tidji31
Copy link

tidji31 commented Dec 30, 2021

@mkarg
Copy link

mkarg commented Jan 4, 2022

@ognalysis
Copy link

FreeRADIUS is unaffected: https://freeradius.org/security/

@samuelscott
Copy link

samuelscott commented Apr 18, 2022

@sschukat
Copy link

@limcyrus
Copy link

limcyrus commented Oct 4, 2022

Resources from here as well: https://www.educatedautomation.com/

@Opkey12
Copy link

Opkey12 commented Nov 9, 2022

@TMCSindia
Copy link

TMCSindia commented Mar 16, 2023

@Taito3D
Copy link

Taito3D commented May 6, 2023

@josejuegosmola
Copy link

Los servidores VPS Barato de https://www.incservers.es/ no están afectados.

@Zeesy00
Copy link

Zeesy00 commented Aug 4, 2023

I found it worth reading. I just want to ask you to write more Bracelet

@gamma
Copy link

gamma commented Dec 13, 2023

This thread is getting spammy. It should be closed.

@simonai1254
Copy link

This thread is getting spammy. It should be closed.

I second that

@AlexBaranowski
Copy link

Unfortunately the original author is not active on GH or on Twitter 😭. There is "unsubscribe" in the mail that GH sends, so it's easy to turn it off :octocat:.

@web-apply
Copy link

@web-apply
Copy link

web-apply commented Feb 28, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment