Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0-9

1Password : https://1password.community/discussion/comment/622612/#Comment_622612

2n : https://www.2n.com/cs_CZ/novinky/produkty-2n-neohrozuje-zranitelnost-cve-2021-44228-komponenty-log4j-2

2wcom : https://www.2wcom.com/2wcom-not-using-log4j/

3CX : https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911

3HMIS : https://support.3mhis.com/app/account/updates/ri/5210

7-Zip : https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1/

8x8 : https://support.8x8.com/support-services/support/Apache_Log4j_2_Vulnerability

A

A10 Networks : https://support.a10networks.com/support/security_advisory/log4j-cve-2021-44228-cve-2021-45046/

ABB : https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch

Accellence : https://www.accellence.de/en/articles/national-vulnerability-database-62

Acquia : https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228

Acronis : https://security-advisory.acronis.com/advisories/SEC-3859

ActiveState : https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/

Acunetix : https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/

Adaptec : https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j

Addigy : https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/

Adeptia : https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-

Adobe ColdFusion : https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html

ADP : https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx

Adva : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3996900

AFAS Software : https://help.afas.nl/vraagantwoord/NL/SE/120439.htm

Agenda : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995221

Agilysys : https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f

Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability

Alexion : https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell

Alcatel : https://dokuwiki.alu4u.com/doku.php?id=log4j

Alertus : https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US

Alfresco : https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717

AlgoSec UNOFICIAl : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3994072

AlienVault : https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228

Alphatron Medical : https://www.alphatronmedical.com/home.html

Altaro : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995170

AMI : https://www.ami.com/ami-analysis-and-response-to-cve-2021-44228-log4j-vulnerability/

Anaqua : https://www.anaqua.com/

APACHE Global : https://blogs.apache.org/security/entry/cve-2021-44228

Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/

Apigee : https://status.apigee.com/incidents/3cgzb0q2r10p

Apollo : https://community.apollographql.com/t/log4j-vulnerability/2214

Appdynamics : https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability

Appeon : https://community.appeon.com/index.php/qna/q-a/apache-log4j2-remote-code-execution-vulnerability-cve-2021-44228-and-powerbuilder-infomaker#reply-31358

AppGate : https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability

AppviewX : https://www.appviewx.com/blogs/apache-log4j-cve-2021-44228-vulnerability-zero-trust-networks-are-the-future/

APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976

Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4

Aqua Security : https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub

Arca Noae : https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/

Arduino : https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228

Ariba : https://connectsupport.ariba.com/sites#announcements-display&/Event/908469

Arista : https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070

ArrayNetworks : https://twitter.com/ArraySupport/status/1470141638571745282

ArcServe : https://twitter.com/Arcserve/status/1470571214263361537

ArcticWolf : https://arcticwolf.com/resources/blog/log4j

Aruba Networks: https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security

AspenTech : https://esupport.aspentech.com/S_Article?id=000099310

Ataccama : https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf

Atempo : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3999431

Atera : https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/

Attivo networks : https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf

Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

AudioCodes : https://services.audiocodes.com/app/answers/kbdetail/a_id/2225

Autopsy : https://www.autopsy.com/autopsy-and-log4j-vulnerability/

Auth0 : https://twitter.com/auth0/status/1470086301902721024

Autodesk : https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html

Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10

Auvik : https://status.auvik.com/incidents/58bfngkz69mj

Avantra SYSLINK : https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability

Avaya : https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609

AVEPOINT : https://www.avepoint.com/company/java-zero-day-vulnerability-notification

AVM : https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C

AvTech RoomAlert : https://avtech.com/articles/23124/java-exploit-room-alert-link/

AWS New : https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

AWS OLD: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/

AXS Guard : https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77

Axway Applications : https://support.axway.com/news/1331/lang/en

AXON : https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US

AxxonSoft : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3996387

AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310

B

B&W Software : https://www.buw-soft.de/en/2021/12/20/investigation-about-log4j-vulnerability-of-bw-products/

BackBox : https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf

BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838

Balbix : https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/

Baramundi Products : https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875

Barco : https://www.barco.com/en/support/knowledge-base/kb12495

Barracuda : https://www.barracuda.com/company/legal/trust-center

BBraun : https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory/b-braun-statement-on-Apache_Log4j.html

BD : https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j

BEC Legal Systems : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995524

Bender : https://www.bender.de/en/cert

Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) : https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j

BeyondTrust Bomgar : https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542

BigBlueButton : bigbluebutton/bigbluebutton#13897 (comment)

BisectHosting : https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html

BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability

BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/

BitRise : https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228

BitWarden : https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2

BlackBaud : https://kb.blackbaud.com/knowledgebase/articles/Article/198103

Black Kite : https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/

Blancco : https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library

Blumira : https://www.blumira.com/cve-2021-44228-log4shell/

BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability

Boomi DELL : https://community.boomi.com/s/article/Log4j-Vulnerability

Box : https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228

Brainworks : https://www.brainworks.de/log4j-exploit-kerio-connect-workaround/

BrightSign : https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370679198/Security+Statement+Log4J+Meltdown+and+Spectre+Vulnerabilities#SecurityStatement%3ALog4J%2CMeltdownandSpectreVulnerabilities-JavaApacheLog4j

Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793

Broadcom Automic Automation : https://knowledge.broadcom.com/external/article?articleId=230308

BuildSoft : https://bsoft.zendesk.com/hc/en-us/articles/4411821391631-Security-Advisory-Apache-Log4j-CVE-2021-44228-

C

C4b XPHONE : https://www.c4b.com/de/news/log4j.php

Caddy : https://caddy.community/t/apache-log4j-remote-code-execution-vulnerability/14403

Calyptix Security : https://twitter.com/calyptix/status/1470498981147029507

Camunda : https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910

Canon : https://www.canon.com.au/support/support-news/support-news/security-advisory-potential-apache-log4j-vulnerability

CarbonBlack : https://www.vmware.com/security/advisories/VMSA-2021-0028.html

CAS genesisWorld : https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446

Cato Networks : https://www.catonetworks.com/blog/cato-networks-rapid-response-to-the-apache-log4j-remote-code-execution-vulnerability/

Celiveo : https://support.celiveo.com/support/solutions/articles/79000129570-cve-2021-44228-log4shell-log4j-vulnerability-celiveo-is-not-affected-

Celonis : https://www.celopeers.com/s/article/Celonis-Advisory-CVE-2021-44228

Cerberus FTP : https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability

Cerebrate : https://twitter.com/cerebrateproje1/status/1470347775141421058

Cerebro : https://github.com/lmenezes/cerebro/blob/main/conf/logback.xml#L5

CGM CompuGroup Medical SE & Co. KGaA Germany - Software Z1 : https://www.cgm.com/deu_de/plattformen/telematikinfrastruktur/service-und-updates/allgemeines-zu-updates/Information-zur-BSI-Warnmeldung.html

ChaserSystems : https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected

Checkmarx plugin : jenkinsci/checkmarx-plugin#83

CheckMK : https://forum.checkmk.com/t/checkmk-not-affected-by-log4shell/28643/3

CheckPoint : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865

Ciphermail : https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html

CIS : https://cisecurity.atlassian.net/servicedesk/customer/portal/15/article/2434301961

Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

Citrix : https://support.citrix.com/article/CTX335705

Claris : https://community.claris.com/en/s/article/Q-A-Claris-products-and-the-Apache-Log4j-vulnerability

Cloudera : https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019

CloudFlare : https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/

CloudFoundry : https://www.cloudfoundry.org/blog/log4j-vulnerability-cve-2021-44228-impact-on-cloud-foundry-products/

Cloudian HyperStore : https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228

Cloudogu : https://community.cloudogu.com/t/security-vulnerability-log4shell-cve-2021-44228/417

Cloudron : https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US

Clover : https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html

CMND.io : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-4002005

CPanel : https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/

Code42 : https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents

CodeBeamer : https://codebeamer.com/cb/wiki/19872365

Codesys : https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html

CodeTwo : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995424

Cohesity : https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228

CommVault : https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html

Comrex : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3996774

ConcreteCMS.com : https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit

Confluent : https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability

Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1

ConnectWise : https://www.connectwise.com/company/trust/advisories

ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/4412612486548

ControlUp : https://status.controlup.com/incidents/qqyvh7b1dz8k

COPADATA : https://www.copadata.com/en/support-services/knowledge-base-faq/pare-products-in-the-zenon-product-family-affect-4921/

Coralogix : https://twitter.com/Coralogix/status/1469713430659559425

CouchBase : https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402

Cradlepoint : https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/

Crate CrateDB : crate/crate#11968 (comment)

Crestron : https://www.crestron.com/Security/Security_Advisories/Apache-Log4j

CrushFTP : https://www.crushftp.com/download.html

CryptShare : https://www.cryptshare.com/en/support/cryptshare-support/#c67572

Cumul.io https://status.cumul.io/#incidents

CURL libcurl : https://twitter.com/bagder/status/1470879113116360706

CyberArk : https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228

Cybereason : https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228

CyberRes : https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228

Cytoscape : https://cytoscape.org/common_issues.html#log4shell

D

DarkTrace : https://customerportal.darktrace.com/inside-the-soc/get-article/201

Dashlane : https://twitter.com/DashlaneSupport/status/1470933847932030976

Dassault Systèmes : https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e

Databricks : https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub

DataDog : https://www.datadoghq.com/log4j-vulnerability/

Dataminer : https://community.dataminer.services/responding-to-log4shell-vulnerability/

Datev : https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308

Datto : https://www.datto.com/blog/dattos-response-to-log4shell

dCache.org : https://www.dcache.org/post/log4j-vulnerability/

DCM4CHE.org : dcm4che/dcm4che#1050

Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228

Deepinstinct : https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know

Dell : https://www.dell.com/support/kbdoc/en-us/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability

DELL : https://www.dell.com/support/kbdoc/en-us/000194416/additional-information-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228

Denequa : https://denequa.de/log4j-information.html

Device42 : https://blog.device42.com/2021/12/13/log4j-zero-day/

Devolutions : https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/

Diebold Nixdorf : https://www.dieboldnixdorf.com/en-us/apache

Digicert : https://knowledge.digicert.com/alerts/digicert-log4j-response.html

Digilent waveforms : https://forum.digilentinc.com/topic/22531-has-waveforms-been-affected-by-the-log4j-vulnerability-cve-2021-44228/

Digital AI : https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1

DNSFilter : https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability

Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/

Docusign : https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability

DRAW.IO : https://twitter.com/drawio/status/1470061320066277382

DrayTek : https://www.draytek.co.uk/support/security-advisories/kb-advisory-dec2021-log4j

DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359

DSpace :https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE

DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282

E

EasyRedmine : https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228

EclecticIQ : https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2

Eclipse Foundation : https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228)

EFI : https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US

EGroupware : https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430

EHRBase : ehrbase/ehrbase#700

Elastic : https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

Ellucian (Banner and Colleague Higher Education SIS) : https://www.ellucian.com/news/ellucian-response-apache-log4j-issue

Emerson : https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf

EnterpriseDT : https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/

EPICOR : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3996932

ERICOM : https://blog.ericom.com/ericom-software-products-and-the-log4shell-exploit-cve-2021-44228/

ESA SNAP Toolbox : https://forum.step.esa.int/t/snap-not-affected-by-log4j-vulnerability/34167

ESET : https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability

ESI Group : https://myesi.esi-group.com/support/apache-log4j-vulnerability.

ESRI : https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/

Estos : https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen

Eurolinux : https://en.euro-linux.com/blog/critical-vulnerability-cve-2021-44228-in-apache-log4j/

EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2

Evolveum Midpoint : https://evolveum.com/midpoint-not-vulnerable-to-log4shell/

Ewon : https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42

Exabeam : https://community.exabeam.com/s/discussions?t=1639379479381

Exact : https://www.exact.com/news/general-statement-apache-leak

Exivity : https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228

ExtraHop : https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148

eXtreme Hosting : https://extremehosting.nl/log4shell-log4j/

Extreme Networks : https://extremeportal.force.com/ExtrArticleDetail?an=000100806

Extron : https://www.extron.com/featured/Security-at-Extron/extron-security

F

F5 Networks : https://support.f5.com/csp/article/K19026212

F-Secure https://status.f-secure.com/incidents/sk8vmr0h34pd

Fastly : https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j

FAST LTA : https://blog.fast-lta.de/en/log4j2-vulnerability

FedEx : https://www.fedex.com/en-us/service-alerts.html#weatherassess

FileCatalyst : https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability

FileCap : https://mailchi.mp/3f82266e0717/filecap-update-version-511

FileCloud : https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers

FileWave : https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228

FINVI : https://finvi.com/support/

FireDaemon : https://kb.firedaemon.com/support/solutions/articles/4000178630

Flexagon : https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/

Flexera : https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934

FlyWheel : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995147

ForcePoint : https://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-Forcepoint-Security-Manager

Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228

ForgeRock : https://backstage.forgerock.com/knowledge/kb/article/a39102625

Fortinet : https://www.fortiguard.com/psirt/FG-IR-21-245

FTAPI : https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#

Fujitsu : https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf

FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/

G

Gearset : https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021

Genesys : https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability

GeoServer : http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html

Gerrit code review : https://www.gerritcodereview.com/2021-12-13-log4j-statement.html

GFI : https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/

Ghidra : https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning

Gigamon : https://community.gigamon.com/gigamoncp/s/article/Are-Gigamon-products-affected-by-CVE-2021-44228

GitHub : https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

GitHub Response : https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/

GitLab : https://forum.gitlab.com/t/cve-2021-4428/62763

Globus : https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4

GLPI Project : https://forum.glpi-project.org/viewtopic.php?pid=488631#p488631

GoAnywhere : https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps

GoCD : https://www.gocd.org/2021/12/14/log4j-vulnerability.html

Google Cloud Global Products coverage : https://cloud.google.com/log4j2-security-advisory

Google Cloud Armor WAF : https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability

Gradle : https://blog.gradle.org/log4j-vulnerability

Grafana : https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/

Grandstream : https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en

GratWiFi WARNING I can't confirm it: https://www.facebook.com/GratWiFi/posts/396447615600785

Gravitee.io : https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability

Gravwell : https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products

GrayLog : https://www.graylog.org/post/graylog-update-for-log4j

GreenShot : https://greenshot.atlassian.net/browse/BUG-2871

GuardedBox : https://twitter.com/GuardedBox/status/1469739834117799939

Guidewire : https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products

H

HackerOne : https://twitter.com/jobertabma/status/1469490881854013444

HAProxy : https://www.haproxy.com/blog/december-2021-log4shell-mitigation/

HarmanPro AMX : https://help.harmanpro.com/apache-log4j-vulnerability

Hashicorp : https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/33138

Hazelcast : https://support.hazelcast.com/s/article/Security-Advisory-for-Log4Shell

HCL Global : https://support.hcltechsw.com/csm/en?id=kb_article&sysparm_article=KB0095490

HelpSystems Clearswift : https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687

Hewlett Packard Enterprise HPE : https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04215en_us

Hewlett Packard Enterprise HPE GLOBAL : https://techhub.hpe.com/eginfolib/securityalerts/Apache%20Software%20Log4j/Apache_Software_Log4j.html

Hexagon : https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US

Hikvision : https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf

Hitachi Vantara : https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2

HomeAssistant : https://community.home-assistant.io/t/looking-for-advice-on-log4j/367250/6

Honeywell : https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability

HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464

Huawei : https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en

Hubspot : https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949

Hyte.IO : https://hyte.io/cve-2021-44228/

I

I2P : https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228

I-Net software : https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3

IBA-AG : https://www.iba-ag.com/en/security

Ibexa : https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability

IBM : https://www.ibm.com/support/pages/node/6525548

IDS : https://en.ids-imaging.com/news-article/information-log4j-vulnerability.html

IFS : https://community.ifs.com/announcements-278/urgent-bulletin-ifs-advisory-ifs-products-services-and-log4j-cve-2021-44228-16436

IGEL : https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html

Ignite Realtime OpenFire : https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108

iGrafx : https://www.igrafx.com/igrafx-thwarts-log4j-vulnerability/

Illumina : https://support.illumina.com/bulletins/2021/121/investigation-of-log4j-vulnerability-with-clarity-lims.html

Illuminated Cloud : https://illuminatedcloud.blogspot.com/2021/12/illuminated-cloud-2-and-log4j-security.html

Illumio : https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html

IManage : https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e

Impero Software : https://www.imperosoftware.com/us/impero-software-and-the-log4j-vulnerability/

Imperva : https://docs.imperva.com/howto/9111b8a5/

Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day

IndustrialDefender : https://www.industrialdefender.com/cve-2021-44228-log4j/

infinidat : https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228

InfluxData : https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/

Infoblox : https://support.infoblox.com/articles/Knowledge/Infoblox-NIOS-and-BloxOne-products-not-vulnerable-to-CVE-2021-44228

Informatica : https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update

Inovonics Broadcast : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3996774

Instana : https://status.instana.io/incidents/4zgcd2gzf4jw

Instructure : https://community.canvaslms.com/t5/Community-Users/Instructure-amp-the-Apache-Log4j2-Vulnerability/ba-p/501907

Integrative Genomics Viewer IGV : https://github.com/igvteam/igv/commit/40aa5e0c6b5f2eac0a1528658189fd7de8f20347

Intel : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html

InterSystems : https://www.intersystems.com/gt/apache-log4j2/

Interworks : https://interworks.com/blog/2021/12/14/log4j-vulnerability-cve-2021-44228-information/

Intuiface : https://twitter.com/Intuiface/status/1471095195664015363

Intuit Quickbooks : https://quickbooks.intuit.com/learn-support/en-us/quickbooks-time/0-day-log4j-exploit/00/990291

iRedMail : https://forum.iredmail.org/topic18605-log4j-cve202144228.html

IronCore Labs : https://twitter.com/IronCoreLabs/status/1469359583147659269

Ironnet : https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability

ISLONLINE : https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/

ISPNext : https://github.com/NCSC-NL/log4shell/blob/main/software/vendor-statements/ISPNext.png

Ivanti : https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US

IVPN : https://www.reddit.com/r/IVPN/comments/rgw3nd/comment/homt79k/?utm_source=share&utm_medium=web2x&context=3

J

Jamasoftware : https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22

Jam Software : https://knowledgebase.jam-software.de/7577

JAMF : https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html

Jaspersoft : https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products

JazzSM DASH IBM : https://www.ibm.com/support/pages/node/6525552

Jedox : https://www.jedox.com/en/trust/

Jenkins : https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/

JetBrains Global :https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/

JetBrains Teamcity : https://youtrack.jetbrains.com/issue/TW-74298

JetBrains YouTrack and Hub : https://youtrack.jetbrains.com/issue/JT-67582

JFROG : https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/

Jitterbit : https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability

Jitsi : https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md

JPOS : https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625

JobRouter : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995497

Johnson Controls : https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2021/jci-psa-2021-23-v3.pdf?la=en&hash=1FC58B65D948E106055CA63184EFBCAB5C7DD9A1

Journyx : https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228-

Jump Desktop : https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement

Juniper Networks : https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259

Justice Systems : https://www.justicesystems.com/services/support/

K

K15t : https://help.k15t.com/k15t-apps-and-log4shell-193401141.html

K6 : https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/

Kafka Connect CosmosDB : https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md

Karakun : https://board.karakun.com/viewtopic.php?f=21&t=8351

Kaseya : https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment

Katalon : https://forum.katalon.com/t/katalon-response-to-the-log4j2-exploit-cve-2021-44228/60742/5

Keeper Security : https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/

KEMP : https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit

KEMP 2 : https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-

Keycloak : keycloak/keycloak#9078

Keypass : https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250#c0bc

KIE : https://blog.kie.org/2021/12/kie-log4j2-exploit-cve-2021-44228.html

KiteWorks : https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/

Kofax : https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228)

Komoot Photon : komoot/photon#620

Konica Minolta : https://www.konicaminolta.de/de-de/support/log4j

Kronos UKG : https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US

Kyberna : https://www.kyberna.com/detail/log4j-sicherheitsluecke

Kyocera : https://www.kyoceradocumentsolutions.de/de/support/sicherheitsluecke-Log4j.html

L

L3Harris Geospatial : https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software

L-Soft : http://www.lsoft.com/news/log4jinfo.asp

LabCollector : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995088

Lancom Systems : https://www.lancom-systems.com/service-support/instant-help/general-security-information/

Lansweeper : https://www.lansweeper.com/vulnerability/critical-log4j-vulnerability-affects-millions-of-applications/

Laserfiche : https://answers.laserfiche.com/questions/194037/Do-any-Laserfiche-products-use-the-Apache-log4j-library#194038

LastPass : https://support.logmeininc.com/lastpass/help/log4j-vulnerability-faq-for-lastpass-universal-proxy

LaunchDarkly : https://launchdarkly.com/blog/audit-shows-systems-unaffected-by-log4j/

Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell

Lenovo : https://support.lenovo.com/ro/en/product_security/len-76573

LeoStream : https://support.leostream.com/support/discussions/topics/66000507567

Lepide : https://www.lepide.com/news/lepide-statement-on-cve-2021-44228-the-apache-log4j-vulnerability/

Let's Encrypt : https://community.letsencrypt.org/t/log4j-vulnerability-cve-2021-44228/167464

LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914

LibreNMS : https://community.librenms.org/t/is-librenms-affected-by-vulnerable-to-cve-2021-25218-cve-2021-44228/17675/6

LifeRay : https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability

LifeSize : https://community.lifesize.com/s/article/Apache-Log4j2-CVE-2021-44228

Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275

Lime CRM : https://docs.lime-crm.com/security/lcsec21-01

LIONGARD : https://insights.liongard.com/faq-apache-log4j-vulnerability

LiquidFiles : https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D

LiveAction : https://documentation.liveaction.com/LiveNX/LiveNX%2021.5.1%20Release%20Notes/Release%20Notes%20LiveNX%2021.5.1.1.3

Loftware : https://help.loftware.com/lps-kb/content/log4j%20cve-2021-44228.htm?Highlight=CVE-2021-44228

LogiAnalytics : https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228-

LogicMonitor : https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228

LogMeIn : https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327

LogRhythm : https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068

Looker : https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub

LucaNet : https://www.lucanet.com/en/blog/update-vulnerability-log4j

Lucee : https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331/4

M

Macchina io : https://twitter.com/macchina_io/status/1469611606569099269

MailCow : mailcow/mailcow-dockerized#4375

MailStore : https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/

Maltego : https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/

ManageEngine Zoho : https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus

ManageEngine Zoho : https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1

MariaDB : https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/

Marin software : https://insights.marinsoftware.com/marin-software/marin-software-statement-on-log4j-vulnerability/

MathWorks Matlab : https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time

Matillion : https://documentation.matillion.com/docs/security-advisory-14th-december-2021

Matomo : https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089

Mattermost FocalBoard : https://forum.mattermost.org/t/log4j-vulnerability-concern/12676

McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091

MediathekView.de : https://mediathekview.de/changelog/13-8-1/

MediaWiki : https://www.mediawiki.org/wiki/Wikibase/Announcements/2021-12-14/en

MEINBERG : https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm

Memurai : https://www.memurai.com/blog/apache-log4j2-cve-2021-44228

Mendix :https://status.mendix.com/incidents/8j5043my610c

Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37

MicroFocus : https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228

Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Microstrategy : https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US

Midori Global : https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected

Mikrotik : https://forum.mikrotik.com/viewtopic.php?p=897938

Milestone sys : https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US

Mimecast : https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability

Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition

Mirantis : https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md

Miro : https://miro.com/trust/updates/log4j/

MISP : https://twitter.com/MISPProject/status/1470051242038673412

Mitel : https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010

MongoDB : https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

MONARC Project : https://twitter.com/MONARCproject/status/1470349937443491851

Moodle : https://moodle.org/mod/forum/discuss.php?d=429966

MoogSoft : https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228

Motorola Avigilon : https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US

Mulesoft : https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

N

N-able : https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability

Nagios : https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/

NAKIVO : https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145

NELSON : https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala

NEO4J : https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856

NetApp : https://security.netapp.com/advisory/ntap-20211210-0007/

NetBox : netbox-community/netbox#8052 (comment)

Netcup : https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/

Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits

NetGate PFSense : https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35

Netgear : https://www.reddit.com/r/NETGEAR/comments/re5iqy/comment/ho9qlvb/

Netwrix : https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html

NewTek : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995403

NextCloud : https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244

NextGen Healthcare Mirth : nextgenhealthcare/connect#4892 (comment)

Nexus Group : https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294

Newrelic : https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-03/

Nice Software (AWS) EnginFRAME : https://download.enginframe.com/

NinjaRMM : https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j-

Nomachine : https://forums.nomachine.com/topic/apache-log4j-notification

NoviFlow : https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/

NI (National Instruments) : https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html

NSFocus : https://nsfocusglobal.com/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert/

Nulab : https://nulab.com/blog/company-news/log4shell/

Nutanix : https://download.nutanix.com/alerts/Security_Advisory_0023.pdf

Nvidia : https://nvidia.custhelp.com/app/answers/detail/a_id/5294

NXLog : https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228

O

Objectif Lune : https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/

Obsidiandynamics KAFDROP : obsidiandynamics/kafdrop#315

OCLC : https://oclc.service-now.com/status

Octopus : https://advisories.octopus.com/adv/December.2306508680.html

Okta : https://sec.okta.com/articles/2021/12/log4shell

Onespan :https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776

OnlyOffice : https://forum.onlyoffice.com/t/does-onlyoffice-documentserver-uses-log4j/841

OpenCMS : https://documentation.opencms.org/opencms-documentation/server-installation/log4j-security-vulnerability/index.html

Opengear : https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected

OpenHab : openhab/openhab-distro#1343

OpenNMS : https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/

OpenMRS TALK : https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341

OpenSearch : https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950

OpenText : https://www.opentext.com/support/log4j-remote-code-execution-advisory

OpenTripPlanner : opentripplanner/OpenTripPlanner#3785

OpenVPN : https://forums.openvpn.net/viewtopic.php?f=4&p=103724#p103750

OPNsense : https://forum.opnsense.org/index.php?topic=25951.msg125111#msg125111

Oracle : https://www.oracle.com/security-alerts/alert-cve-2021-44228.html

Orgavision : https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j

OSANO : https://www.osano.com/articles/apache-log4j-vulnerability-update

OSQUERY : https://twitter.com/osquery/status/1470831336118124549

OTRS : https://portal.otrs.com/external

OVHCloud : https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/

OwnCloud : https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493

OxygenXML : https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html

P

Palissade : https://kb.palisade.com/index.php?pg=kb.printer.friendly&id=3#p1826

Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228

PandoraFMS : https://pandorafms.com/blog/es/cve-2021-44228/

Panopto : https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability

Pantheon hosting : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3996953

PaperCut : https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228

Parallels : https://kb.parallels.com/en/128696

Parse.ly : https://blog.parse.ly/parse-ly-log4shell/

PasswordSafe : https://www.passwordsafe.com/de/blog/log4j-zero-day-luecke/

PasswordState : https://www.reddit.com/r/passwordstate/comments/rf7d62/log4j_zeroday_log4shell_vulnerability/

Pebblehost : https://help.pebblehost.com/en/article/patching-the-log4j-rce-exploit-14wyvz0/

PDQ : https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/

Percona : https://www.percona.com/blog/log4jshell-vulnerability-update/

Perforce : https://www.perforce.com/support/log4j

Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability

Pentaho :https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho-

Pexip : https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability

Phenix Id : https://support.phenixid.se/uncategorized/log4j-fix/

Phillips : https://www.philips.com/a-w/security/security-advisories.html

PiHole : https://www.reddit.com/r/pihole/comments/re225u/does_pihole_use_log4j/

PingIdentity : https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228

Pitney Bowes : https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html

Planmeca : https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/

Planon Software : https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/

Platform.SH : https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/

Plesk : https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache

Polycom : https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf

Portainer : https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228

PortEx : https://github.com/katjahahn/PortEx/releases

PortSwigger : https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0

PostGreSQL : https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/

Postman : https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228-

PowerAdmin : https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/

Precisely : https://customer.precisely.com/s/article/CVE-2021-44228-Log4Shell?language=en_US

Pretix : https://pretix.eu/about/de/blog/20211213-log4j/

PrimeKey : https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228

ProDVX : https://www.prodvx.com/blog/prodvx-statement-on-the-apache-log4j-security-flaw

Progress / IpSwitch : https://www.progress.com/security

ProofPoint : https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2

ProSeS : https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/

Prosys : https://prosysopc.com/news/important-security-release/

ProtonMail : https://twitter.com/ProtonMail/status/1470377648492797953

Proxmox : https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880

PRTG Paessler : https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228

PTC : https://www.ptc.com/en/documents/log4j

PTV Group : https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information

Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR

Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/

Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)

PWM Project : pwm-project/pwm#628

Pyramid Analytics : https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid

Q

QF-Test : https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html

Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368

QMATIC : https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability

QNAP : https://www.qnap.com/en-uk/security-advisory/qsa-21-58

QOPPA : https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/

QSC Q-SYS : https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228

QT : https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability

Quest Global : https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global

R

R2ediviewer : https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html

Radfak : https://www.radfak.de/ankuendigungen-news/130-radfak-und-log4j-cve-2021-44228-sicherheitsluecke.html

Radware : https://support.radware.com/app/answers/answer_view/a_id/1029752

Rapid7 : https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/

Raritan : https://www.raritan.com/support

Ravelin : https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b

Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/

RedGate : https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement

RedHat : https://access.redhat.com/security/vulnerabilities/RHSB-2021-009

Redis : https://redis.com/security/notice-apache-log4j2-cve-2021-44228/

Reiner SCT : https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933

Remediant : https://twitter.com/Remediant/status/1470278329454366720

ReportURI : https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/

Respondus : https://support.respondus.com/support/index.php?/News/NewsItem/View/339

Revenera / Flexera : https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905

Ricoh : https://www.ricoh.com/info/2021/1215_1/

RingCentral : https://www.ringcentral.com/trust-center/security-bulletin.html

Riverbed : https://supportkb.riverbed.com/support/index?page=content&id=S35645

RocketChat : RocketChat/Rocket.Chat#23927

Rocket Software : https://community.rocketsoftware.com/forums/forum-home/digestviewer/viewthread?MessageKey=4f7520d4-ebdf-46be-ae93-60ec058d6baa&CommunityKey=dd45d00d-59db-4884-b3eb-2b0647af231b&tab=digestviewer&bm=4f7520d4-ebdf-46be-ae93-60ec058d6baa#bm4f7520d4-ebdf-46be-ae93-60ec058d6baa

Rockwell Automation : https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605

Rollbar : https://rollbar.com/blog/log4j-zero-day-2021-log4shell/

Rosetta UNOFICIAL : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993903

Rosette.com : https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability

Royal HaskoningDHV Digital : https://www.lanner.com/fr-fr/insights/news/royal-haskoningdhv-digital-and-cve-2021-44228-apache-log4j2.html

Rubrik : https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK

Ruckus wireless : https://support.ruckuswireless.com/security_bulletins/313

Runecast : https://www.runecast.com/blog/runecast-6-0-1-0-covers-apache-log4j-java-vulnerability

RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/

RSA SecurID: https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501

RSA Netwitness : https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540

S

SAE-IT : https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html

SAFE FME Server : https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j

SAGE : https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228

SailPoint : https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681

Salesforce : https://help.salesforce.com/s/articleView?id=000363736&type=1

Sangoma :https://help.sangoma.com/community/s/article/Log4Shell

SAP Advanced Platform : https://launchpad.support.sap.com/#/notes/3130698

SAP BusinessObjects : https://launchpad.support.sap.com/#/notes/3129956

SAP Global coverage : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3994039

SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html

SASSAFRAS : https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/

Savignano software solutions : https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify

ScaleComputing : https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability

ScaleFusion MobileLock Pro : https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228

Scalingo : https://scalingo.com/blog/cve-2021-44228-log4shell

Schneider Electric : https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01

SCM Manager : https://scm-manager.org/blog/posts/2021-12-13-log4shell/

ScreenBeam : https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228

SDL worldServer : https://gateway.sdl.com/apex/communityknowledge?articleName=000017707

Seafile : https://forum.seafile.com/t/urgent-zero-day-exploit-in-log4j/15575

Seagull Scientific : https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability

SecurePoint : https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html

Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html

Seeburger : https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open

SentinelOne : https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/

Sentry : https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228

SEP : https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132

Server Eye : https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/

ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959

Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791

SFIRM : https://www.sfirm.de/nc/aktuelle-meldungen/aktuelles/article//update-141221-sfirm-440-von-java-sicherheitsluecke-log4j-nicht-betroffen.html

Shibboleth : http://shibboleth.net/pipermail/announce/2021-December/000253.html

Shopify : https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625

Siebel : https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html

Siemens : https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Sierra Wireless : https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/

Signald : https://gitlab.com/signald/signald/-/issues/259

SingleWire : https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228

Sitecore : https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391

SiteGround : https://twitter.com/SiteGround/status/1470334089500798976

Skillable : https://skillable.com/log4shell/

SLF4J : http://slf4j.org/log4shell.html

SmartBear : https://smartbear.com/security/cve-2021-44228/

SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228

Sn0m : https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/

Snowflake : https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228

Snyk : https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499

Spigot : https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/

Software AG : https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849

Solace : https://solace.community/discussion/1131/solace-issue-notification-sol-61111-cve-2021-44228-cve-2021-45046-apache-log4j-jndi-vulnerability

SolarWinds : https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228

SonarSource : https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721

Sonatype : https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild

SonicWall : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

SOS Berlin : https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability

SpaceLabs Healthcare : https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/

Spambrella : https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/

Sprecher Automation : https://www.sprecher-automation.com/en/it-security/security-alerts

Splashtop : https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/4412788262811-Is-Splashtop-affected-by-Apache-Log4j-

Splunk : https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

Spring Boot : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot

StarDog : https://community.stardog.com/t/stardog-7-8-1-available/3411

StarWind : https://www.starwindsoftware.com/security/apache_log4j/

Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544

Storagement : https://www.storagement.de/index.php?action=topicofthemonth&site=log4j

StormShield : https://www.stormshield.com/news/log4shell-security-alert-stormshield-product-response/

StrangeBee TheHive & Cortex : https://blog.strangebee.com/apache-log4j-cve-2021-44228/

Stratodesk : http://cdn.stratodesk.com/repository/notouch-center/10/4.5.231/0/ReleaseNotes-Stratodesk-NoTouch_Center-4.5.231.html

Strimzi : https://strimzi.io/blog/2021/12/14/strimzi-and-log4shell/

Stripe : https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228)

Styra : https://blog.styra.com/blog/newest-log4j-security-vulnerability-cve-2021-44228-log4shell

SumoLogic : https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12

Superna EYEGLASS : https://manuals.supernaeyeglass.com/project-technical-advisories-all-products/HTML/technical-advisories.html#h2__1912345025

Suprema Inc : https://www.supremainc.com/en/

Surepoint : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3998301

SUSE : https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/

Sweepwidget : https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032

Swingset : https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10

Swisslog : https://www.swisslog.com/en-us/about-swisslog/newsroom/news-press-releases-blog-posts/2021/12/apache-cyber-attack

Swyx : https://service.swyx.net/hc/de/articles/4412323539474

Syncplify : https://blog.syncplify.com/no-we-are-not-affected-by-log4j-vulnerability/

Synchro MSP : https://community.syncromsp.com/t/log4j-rce-cve-2021-4428/1350

Synology : https://www.synology.com/en-global/security/advisory/Synology_SA_21_30

Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228

Syntevo : https://www.syntevo.com/blog/?p=5240

SysAid : https://www.sysaid.com/lp/important-update-regarding-apache-log4j

Sysdig : https://sysdig.com/blog/cve-critical-vulnerability-log4j/

T

Tableau server (Now a Salesforce company!): https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell

Talend : https://jira.talendforge.org/browse/TCOMP-2054

Tanium : https://community.tanium.com/s/article/How-Tanium-Can-Help-with-CVE-2021-44228-Log4Shell#_Toc90296319

Targit : https://github.com/NCSC-NL/log4shell/blob/main/software/vendor-statements/Targit.png

Tasktop : https://docs.tasktop.com/home/cve-2021-44228-apache-log4j-vulnerability-in-tasktop-products

TealiumIQ : https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824

TeamPasswordManager : https://teampasswordmanager.com/blog/log4j-vulnerability/

Teamviewer : https://www.teamviewer.com/en/trust-center/security-bulletins/hotfix-log4j2-issue/

TechSmith : https://support.techsmith.com/hc/en-us/articles/4416620527885?input_string=log4j

Tenable : https://www.tenable.com/log4j

Telestream : http://www.telestream.net/telestream-support/Apache-Log4j2-Bulletin.htm

Terra : https://terra.bio/terras-security-response-to-the-log4j-vulnerability/

TestOut : https://support.testout.com/hc/en-us/articles/4413081889947-Is-TestOut-LabSim-Impacted-by-the-Apache-Log4j-vulnerability-CVE-2021-44228-

Thales : https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=02863d13db544110f0e3220805961914&sysparm_article=KB0025287

Thales (SafeNet) HSM : https://supportportal.thalesgroup.com/csm?id=kb_article_protected&sys_id=12acaed3dbd841105d310573f3961953

The Access Group : https://pages.theaccessgroup.com/Response-Log4J-Dec21.html

Therefore : https://therefore.net/log4j-therefore-unaffected/

ThreatLocker : https://threatlocker.kb.help/log4j-vulnerability/

Threema UNOFICIAL : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993316

ThycoticCentrify : https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md

Tibco : https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update

TopDesk : https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=74952771dfab4b0794292e63b0409314

Top Gun Technology (TGT) : https://www.topgun-tech.com/technical-bulletin-apache-software-log4j-security-vulnerability-cve-2021-44228/

Topicus KeyHub : https://blog.topicus-keyhub.com/topicus-keyhub-is-not-vulnerable-to-cve-2021-44228/

Topix : https://www.topix.de/de/technik/systemfreigaben.html

Tosibox : https://helpdesk.tosibox.com/support/solutions/articles/2100050946-security-advisory-on-vulnerability-in-apache-log4j-library-cve-2021-44228

TP-Link : https://www.tp-link.com/jp/support/faq/3255/

TrendMicro : https://success.trendmicro.com/solution/000289940

Tricentis Tosca : https://support-hub.tricentis.com/open?number=NEW0001148&id=post

Tripwire : https://www.tripwire.com/log4j

TrueNAS : https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559

Tufin : https://portal.tufin.com/articles/SecurityAdvisories/Apache-Log4Shell-Vulnerability-12-12-2021

TYPO3 : https://typo3.org/article/typo3-psa-2021-004

U

Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e

Ubuntu : https://ubuntu.com/security/CVE-2021-44228

Umbraco : https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/

Unify ATOS : https://networks.unify.com/security/advisories/OBSO-2112-01.pdf

UniFlow : https://www.uniflow.global/en/security/security-and-maintenance/

Unimus : https://forum.unimus.net/viewtopic.php?f=7&t=1390#top

USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability

V

VArmour : https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility

Varonis : https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228

Varnish Software : https://docs.varnish-software.com/security/CVE-2021-44228-45046/

Veeam : https://www.veeam.com/kb4254

Vector : https://www.vector.com/cl/en/support-downloads/security-advisories/log4j/#c248921

VLC : https://www.videolan.org/news.html#news-2021-12-15

Venafi : https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice

Vendavo : https://www.vendavo.com/all/latest-vendavo-response-to-log4shell-vulnerability/

Veritas NetBackup : https://www.veritas.com/content/support/en_US/article.100052070

Vertica : https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used

Vertiv : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3996968

VertX : https://vertx.io/blog/CVE-2021-44228/

Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md

Vigilant Software (CyberComply : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3997784

VIPRE : https://labs.vipre.com/security-advisory-vipres-analysis-of-critical-log4j-vulnerability/

Viso Trust : https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492

VisualSVN : https://www.visualsvn.com/company/news/visualsvn-products-are-not-affected-by-CVE-2021-44228

VMware : https://www.vmware.com/security/advisories/VMSA-2021-0028.html

VTScada : https://www.vtscada.com/vtscada-unaffected-by-log4j/

W

Wallarm : https://lab.wallarm.com/cve-2021-44228-mitigation-update/

WAPT : https://www.reddit.com/r/WAPT/comments/rg38o9/wapt_is_not_affected_by_the_cve202144228_flaw/

Wasp Barcode technologies : https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no

Watcher : https://twitter.com/felix_hrn/status/1470387338001977344

WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/

Western Digital : https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis

WildFlyAS : https://twitter.com/WildFlyAS/status/1469362190536818688

WindRiver : https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191

WireShark : https://gitlab.com/wireshark/wireshark/-/issues/17783

Wistia : https://status.wistia.com/incidents/jtg0dfl5l224

WitFoo : https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/

Wodby Cloud : https://twitter.com/wodbycloud/status/1470125735914450950

VoiceThread : https://twitter.com/voicethread/status/1470498119540514821

WordPress : https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/

Workday : https://blog.workday.com/en-us/2021/workday-response-on-log4j.html

Worksphere : https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228

World Programming WPS analytics : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995649

Wowza : https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve

WSO2 : wso2/security-tools#169

X

XCP-ng : https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact

XenForo : https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/

Xerox : https://security.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-Regarding-CVE-2021-44228.pdf

Xilinx : https://support.xilinx.com/s/article/76957?language=en_US

Xmind : https://support.xmind.net/hc/en-us/community/posts/4412509904537

XPertDoc : https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727

XPLG : https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/

Xray connector plugin : jenkinsci/xray-connector-plugin#53

XWIKI : https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557

Y

Yandex-Cloud : https://github.com/yandex-cloud/docs/blob/6ff6c676787756e7dd6101c53b051e4cd04b3e85/ru/overview/security-bulletins/index.md#10122021--cve-2021-44228--%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5-%D0%BA%D0%BE%D0%B4%D0%B0-log4shell-apache-log4j

Yellowbrick : https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability

YellowFin : https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2

YSoft SAFEQ : https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf

Z

Zabbix : https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/

ZAMMAD : https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256

Zaproxy : https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/

Zebra : https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html

Zellis : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995461

Zendesk : https://support.zendesk.com/hc/en-us/articles/4413583476122

Zenoss : https://support.zenoss.com/hc/en-us

Zerto : https://help.zerto.com/kb/000004822

Zesty : https://www.zesty.io/mindshare/company-announcements/log4j-exploit/

Zimbra : https://bugzilla.zimbra.com/show_bug.cgi?id=109428

ZPE systems Inc : https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j

Zoom : https://community.zoom.com/t5/Community-Help-Center/Zoom-security-exposure/m-p/28109/highlight/true#M2059

ZoomInfo : https://engineering.zoominfo.com/zoominfo-update-on-apache-log4j-vulnerability

Zowe : zowe/community#1381

ZSCALER : https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021

Zyxel : https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
@AlexBaranowski
Copy link

AlexBaranowski commented Dec 20, 2021

EuroLinux (unaffected):
https://en.euro-linux.com/blog/critical-vulnerability-cve-2021-44228-in-apache-log4j/

Even though the base system is unaffected, we added extra steps to mitigate potential third party software on physical/virtual hosts and containers.

@keksopfer
Copy link

keksopfer commented Dec 20, 2021

@tsaalbach95
Copy link

tsaalbach95 commented Dec 20, 2021

Philips CMND.io (digital signage from Philips) released a Update.

We strongly advise you update all CMND servers with this latest release 7.3.4 which in addition to the latest features contains fixes for the log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046, see detailed changes below. Be aware that the CMND solution as been designed as on-premise solution and not as a cloud solution, any deviation from the recommended installation is not advised nor supported.

@smalm-lyrical
Copy link

smalm-lyrical commented Dec 20, 2021

Adding to the list: Intuit QuickBooks Online. Confirmed that they use log4j and as of last interaction they have no update on where they are with addressing the issue. Umm... financial data at risk. That's a bad look.

https://quickbooks.intuit.com/learn-support/en-us/quickbooks-time/0-day-log4j-exploit/00/990291

TUESDAY DEC. 14:
"Yes, you're correct. Intuit uses log4j for the online versions of QuickBooks. Currently, we haven't received any updates about the patch yet, but rest assured that our product development team is now working on it as quickly as possible."

SATURDAY DEC. 18:
"We have not receive any updates yet from our engineers with regards to this issue."

Nothing since Saturday's response.

@steve-sdit
Copy link

steve-sdit commented Dec 20, 2021

Canon's uniFLOW is already on the list (under 'U'). Please add Canon under 'C', covering all of their brands. As of Dec. 17, no products/services are vulnerable. Here is a direct link to the security advisory page; they will update as necessary:
https://www.canon.com.au/support/support-news/support-news/security-advisory-potential-apache-log4j-vulnerability

@smalm-lyrical
Copy link

smalm-lyrical commented Dec 20, 2021

Quick update (pun intended) from Intuit Quickbooks Online:
"As stewards of our customer’s data, security is a top priority for Intuit. We are aware of and understand the potential impact of the Log4j vulnerability for the industry, and Intuit.

We’ve taken immediate action to address and mitigate the Log4j vulnerability across the Intuit platform. We’ll also be working closely with our engineering supply chain and third party partners to confirm that they are remediating any concerns with their systems."

This does not confirm that they've patched -- sharing the info nonetheless.

@SwitHak
Copy link
Author

SwitHak commented Dec 20, 2021

All before this comment have been processed in the 2021-12-20 2238 UTC big update.
thanks to you all!
SwitHak.

@alexschomb
Copy link

alexschomb commented Dec 21, 2021

@raffisweb CGM Medical itself has been targeted by a ransomware attack, and some systems are offline now: https://www.cgm.com/

@TimGekev
Copy link

TimGekev commented Dec 21, 2021

Hi SwitHak,
minor Issue: Keypass --> Keepass
Thanks for your big effort helping the whole community.

@maul0r
Copy link

maul0r commented Dec 21, 2021

@ScyberSocii
Copy link

ScyberSocii commented Dec 21, 2021

Possible typos - Palisade is one 's'; Philips - one 'l'; thanks for all the work you've put into this

@Jeff-Notaro
Copy link

Jeff-Notaro commented Dec 21, 2021

@JoKeyser
Copy link

JoKeyser commented Dec 21, 2021

IBM Tivoli Storage Manager (formerly Spectrum Protect) is affected, see https://www.ibm.com/support/pages/ibm-spectrum-protect-downloads-latest-fix-packs-and-interim-fixes

@landon1013
Copy link

landon1013 commented Dec 23, 2021

@x-sheep
Copy link

x-sheep commented Dec 23, 2021

Weblate is not affected: WeblateOrg/weblate#6972 (comment)

@tidji31
Copy link

tidji31 commented Dec 30, 2021

@mkarg
Copy link

mkarg commented Jan 4, 2022

@ognalysis
Copy link

ognalysis commented Jan 5, 2022

FreeRADIUS is unaffected: https://freeradius.org/security/

@samuelscott
Copy link

samuelscott commented Apr 18, 2022

@sschukat
Copy link

sschukat commented Apr 27, 2022

@limcyrus
Copy link

limcyrus commented Oct 4, 2022

Resources from here as well: https://www.educatedautomation.com/

@Opkey12
Copy link

Opkey12 commented Nov 9, 2022

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment