Skip to content

Instantly share code, notes, and snippets.

@rdewald

rdewald/20211210-TLP-WHITE_LOG4J.md

Forked from SwitHak/20211210-TLP-WHITE_LOG4J.md
Created December 14, 2021 12:50
Show Gist options
  • Save rdewald/bd23342df0ed2b8dfeb8d5ec4b65816e to your computer and use it in GitHub Desktop.
Save rdewald/bd23342df0ed2b8dfeb8d5ec4b65816e to your computer and use it in GitHub Desktop.
Download ZIP
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-14 0006 UTC
Raw
20211210-TLP-WHITE_LOG4J.md

Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great ressources

A

Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability

Apache Druid : apache/druid#12051

Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html

Apache Guacamole https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1474?filter=allissues

Apache James : apache/james-project#794

Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html

Apache Kafka : https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv

Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228

Apache Struts : https://struts.apache.org/announce-2021#a20211212-2

Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/

Apigee : https://status.apigee.com/incidents/3cgzb0q2r10p

Appdynamics : https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability

APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976

Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4

Ariba : https://connectsupport.ariba.com/sites#announcements-display&/Event/908469

Arista : https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070

ArrayNetworks : https://twitter.com/ArraySupport/status/1470141638571745282

Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10

Avantra SYSLINK : https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability

Avaya : https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609

AVM UNOFICIAl : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993316

AWS New : https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

AWS OLD: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/

AXS Guard : https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77

AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310

B

BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838

BeyondTrust Bomgar : https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542

BigBlueButton : bigbluebutton/bigbluebutton#13897 (comment)

BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability

BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/

BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability

Boomi DELL : https://community.boomi.com/s/question/0D56S00009UQkx4SAD/is-boomi-installation-moleculegateway-protected-from-cve202144228-log4j

Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793

Broadcom Automic Automation : https://knowledge.broadcom.com/external/article?articleId=230308

C

Camunda : https://forum.camunda.org/t/cve-2021-44228-log4j-2-exploit/31871/4

CarbonBlack : https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134

Cerberus FTP : https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability

ChaserSystems : https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected

CheckPoint : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS

Ciphermail : https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html

Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

Citrix : https://support.citrix.com/article/CTX335705

CloudFlare : https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/

Cloudian HyperStore : https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228

CPanel : https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/

Code42 : https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents

CodeBeamer : https://codebeamer.com/cb/wiki/19872365.

CommVault https://community.commvault.com/technical-q-a-2/log4j-been-used-in-commvault-1985?postid=11745#post11745

ConcreteCMS.com : https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit

Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1

ConnectWise : https://www.connectwise.com/company/trust/advisories

ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/4412612486548

ControlUp : https://status.controlup.com/incidents/qqyvh7b1dz8k

Coralogix : https://twitter.com/Coralogix/status/1469713430659559425

CouchBase : https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402

CryptShare : https://www.cryptshare.com/en/support/cryptshare-support/#c67572

CyberArk : https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228

Cybereason : https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228

D

Dataminer : https://community.dataminer.services/responding-to-log4shell-vulnerability/

Datto : https://www.datto.com/blog/dattos-response-to-log4shell

Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228

Dell : https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability

DELL : https://www.dell.com/support/kbdoc/en-uk/000194416/additional-information-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228

Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/

Docusign : https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability

dCache.org : https://www.dcache.org/post/log4j-vulnerability/

DCM4CHE.org : dcm4che/dcm4che#1050

DRAW.IO : https://twitter.com/drawio/status/1470061320066277382

DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359

DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282

E

Eclipse Foundation : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992521

EHRBase : ehrbase/ehrbase#700

Elastic : https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

ESET : https://forum.eset.com/topic/30691-log4j-vulnerability/?do=findComment&comment=143745

ESRI : https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/

EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2

Extreme Networks : https://extremeportal.force.com/ExtrArticleDetail?an=000100806

F

F5 Networks : https://support.f5.com/csp/article/K19026212

F-Secure https://status.f-secure.com/incidents/sk8vmr0h34pd

Fastly : https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j

FAST LTA : https://blog.fast-lta.de/en/log4j2-vulnerability

ForcePoint : https://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-Forcepoint-Security-Manager

Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228

ForgeRock : https://backstage.forgerock.com/knowledge/kb/book/b21824339

Fortinet : https://www.fortiguard.com/psirt/FG-IR-21-245

FTAPI : https://docs.ftapi.com/display/RN/4.12.2

FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/

G

Gearset : https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021

Genesys : https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability

Ghidra : https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning

GitHub : https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

GoAnywhere : https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps

Google Cloud Global Products coverage : https://cloud.google.com/log4j2-security-advisory

Google Cloud Armor WAF : https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability

GitLab : https://forum.gitlab.com/t/cve-2021-4428/62763

GrayLog : https://www.graylog.org/post/graylog-update-for-log4j

GratWiFi WARNING I can't confirm it: https://www.facebook.com/GratWiFi/posts/396447615600785

GuardedBox : https://twitter.com/GuardedBox/status/1469739834117799939

Guidewire : https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products

H

HackerOne : https://twitter.com/jobertabma/status/1469490881854013444

Hazelcast : https://github.com/hazelcast/hazelcast/commit/ad951d3b2fa1ff3412219c1d2e03a31ddf1b3011

HCL Software : https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486

Hewlett Packard Enterprise HPE : https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us

Hitachi Vantara : https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2

HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464

Huawei : https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en

I

I2P : https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228

IBM : https://www.ibm.com/support/pages/node/6525548

Ignite Realtime : https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108

Integrative Genomics Viewer IGV : https://github.com/igvteam/igv/commit/40aa5e0c6b5f2eac0a1528658189fd7de8f20347

IManage : https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e

Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/

Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day

Informatica : https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update

Ironnet : https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability

Ivanti : https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US

J

JAMF NATION : https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740

JazzSM DASH IBM : https://www.ibm.com/support/pages/node/6525552

Jenkins : https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/

JetBrains Teamcity : https://youtrack.jetbrains.com/issue/TW-74298

JFROG : https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/

Jitsi : https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md

K

Kafka Connect CosmosDB : https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md

Kaseya : https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment

Keycloak : keycloak/keycloak#9078

KEMP : https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit

Komoot Photon : komoot/photon#620

L

Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell

LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914

LifeRay : https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability

Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275

LiquidFiles : https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D

LogRhythm CISO email I can't confirmed : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992599

M

Macchina io : https://twitter.com/macchina_io/status/1469611606569099269

MailCow : mailcow/mailcow-dockerized#4375

ManageEngine Zoho : https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus

ManageEngine Zoho : https://pitstop.manageengine.com/portal/en/community/topic/log4j-security-issue

Mattermost FocalBoard : https://forum.mattermost.org/t/log4j-vulnerability-concern/12676

McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091

Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37

MicroFocus FILR : https://portal.microfocus.com/s/article/KM000003003?language=en_US

Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Microstrategy : https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US

Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition

MISP : https://twitter.com/MISPProject/status/1470051242038673412

MoogSoft : https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228

Mulesoft : https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

N

N-able : https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability

NELSON : https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala

NEO4J : https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856

NetApp : https://security.netapp.com/advisory/ntap-20211210-0007/

Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits

NextGen Healthcare Mirth : nextgenhealthcare/connect#4892 (comment)

Nexus Group : https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294

Newrelic : https://discuss.newrelic.com/t/log4j-zero-day-vulnerability-and-the-new-relic-java-agent/170322

Nutanix : https://download.nutanix.com/alerts/Security_Advisory_0023.pdf

O

Okta : https://sec.okta.com/articles/2021/12/log4shell

Opengear : https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected

OpenHab : openhab/openhab-distro#1343

OpenNMS : https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/

OpenMRS TALK : https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341

OpenSearch : https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950

Oracle : https://www.oracle.com/security-alerts/alert-cve-2021-44228.html

OxygenXML : https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html

P

Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228

PaperCut : https://www.papercut.com/support/known-issues/#PO-684

Parse.ly : https://blog.parse.ly/parse-ly-log4shell/

Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability

Phenix Id : https://support.phenixid.se/uncategorized/log4j-fix/

PingIdentity : https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228

Plesk : https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache

Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116

Pretix : https://pretix.eu/about/de/blog/20211213-log4j/

PrimeKey : https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228

Progress / IpSwitch : https://www.progress.com/security

ProofPoint : https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2

PRTG Paessler : https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228

PTV Group : https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information

Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR

Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/

Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)

PWM Project : pwm-project/pwm#628

Q

QF-Test : https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html

Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368

Quest KACE : https://support.quest.com/kace-systems-management-appliance/kb/335869/is-the-kace-sma-affected-by-cve-2021-44228

R

Radware : https://support.radware.com/app/answers/answer_view/a_id/1029752

Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/

RedHat : https://access.redhat.com/security/cve/cve-2021-44228

Revenera / Flexera : https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905

Riverbed : https://supportkb.riverbed.com/support/index?page=content&id=S35645

Roset.com : https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability

Runecast : https://www.runecast.com/blog/runecast-6-0-1-0-covers-apache-log4j-java-vulnerability

RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/

RSA : https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501

Rubrik : https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK

S

SAFE FME Server : https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j

SailPoint : https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681

Salesforce : https://help.salesforce.com/s/articleView?id=000363736&type=1

SAP BusinessObjects : https://launchpad.support.sap.com/#/notes/3129956

SAP Global coverage : https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf

SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html

SDL worldServer : https://gateway.sdl.com/apex/communityknowledge?articleName=000017707

Seafile : https://forum.seafile.com/t/urgent-zero-day-exploit-in-log4j/15575

Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html

ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959

Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791

Shibboleth : http://shibboleth.net/pipermail/announce/2021-December/000253.html

Siemens : https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Signald : https://gitlab.com/signald/signald/-/issues/259

Skillable : https://skillable.com/log4shell/

SLF4J : http://slf4j.org/log4shell.html

SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228

Software AG : https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849

SolarWinds : https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228

SonarSource : https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721

Sonatype : https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild

SonicWall : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Splunk : https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

Spring Boot : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot

SOS Berlin : https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability

SumoLogic : https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12

SUSE : https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/

Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544

Sweepwidget : https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032

Swingset : https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10

Synology : https://www.synology.com/en-global/security/advisory/Synology_SA_21_30

Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228

SysAid : https://www.sysaid.com/lp/important-update-regarding-apache-log4j

Sysdig : https://sysdig.com/blog/cve-critical-vulnerability-log4j/

T

Talend : https://jira.talendforge.org/browse/TCOMP-2054

TealiumIQ : https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824

Threema UNOFICIAL : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993316

TP-Link : https://community.tp-link.com/en/business/forum/topic/514452

TrendMicro : https://success.trendmicro.com/solution/000289940

Tricentis Tosca : https://support-hub.tricentis.com/open?number=NEW0001148&id=post

U

Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1

Ubuntu : https://ubuntu.com/security/CVE-2021-44228

USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability

V

VArmour : https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility

Varonis : https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228

Veritas NetBackup : https://www.veritas.com/content/support/en_US/article.100052058

Veeam : https://www.veeam.com/kb4254

Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md

VMware : https://www.vmware.com/security/advisories/VMSA-2021-0028.html

W

Wallarm : https://lab.wallarm.com/cve-2021-44228-mitigation-update/

WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/

WildFlyAS : https://twitter.com/WildFlyAS/status/1469362190536818688

WitFoo : https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/

Wodby Cloud : https://twitter.com/wodbycloud/status/1470125735914450950

Wowza : https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve

WSO2 : wso2/security-tools#169

X

XCP-ng : https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact

Xray connector plugin : jenkinsci/xray-connector-plugin#53

Y

Yandex-Cloud : https://github.com/yandex-cloud/docs/blob/6ff6c676787756e7dd6101c53b051e4cd04b3e85/ru/overview/security-bulletins/index.md#10122021--cve-2021-44228--%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5-%D0%BA%D0%BE%D0%B4%D0%B0-log4shell-apache-log4j

Z

ZAMMAD : https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256

Zaproxy : https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/

Zerto : https://help.zerto.com/kb/000004822

Zesty : https://www.zesty.io/mindshare/company-announcements/log4j-exploit/

Zimbra : https://forums.zimbra.org/viewtopic.php?f=15&t=70240

ZSCALER : https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment