Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)

## Errors, typos, something to say ?
  - If you want to add a link, comment or send it to me
  - Feel free to report any mistake directly below in the comment or in DM on Twitter [@SwitHak](https://twitter.com/SwitHak)

# A
## Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability
## Apache Druid : https://github.com/apache/druid/pull/12051
## Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html
## Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html
## Apache Kafka : https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv
## Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
## Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/
## Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4
## Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html 
## Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10
## AWS : https://aws.amazon.com/security/security-bulletins/AWS-2021-005/
## AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310

# B
## BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838
## BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability
## BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/
## BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability
## Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793

# C
## CarbonBlack : https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134
## Cerberus FTP : https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability 
## CheckPoint : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS
## Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
## Citrix : https://support.citrix.com/article/CTX335705
## CloudFlare : https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/
## CPanel : https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/
## CommVault https://community.commvault.com/technical-q-a-2/log4j-been-used-in-commvault-1985?postid=11745#post11745
## ConcreteCMS.com : https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit
## Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1
## ConnectWise : https://www.connectwise.com/company/trust/advisories 
## ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/4412612486548
## Coralogix : https://twitter.com/Coralogix/status/1469713430659559425
## CouchBase : https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402
## Cybereason : https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228

# D
## Datto : https://www.datto.com/blog/dattos-response-to-log4shell
## Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228
## Dell : https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability
## Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/
## DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359
## DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282

# E
## Eclipse Foundation : https://git.eclipse.org/r/c/tracecompass/org.eclipse.tracecompass/+/188751
## Elastic : https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
## EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2

# F
## F5 Networks : https://support.f5.com/csp/article/K19026212
## F-Secure https://status.f-secure.com/incidents/sk8vmr0h34pd
## Fastly : https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j
## ForcePoint : https://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-Forcepoint-Security-Manager
## Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228
## FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/

# G
## Genesys : https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability
## Ghidra : https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning
## GitHub : https://github.com/advisories/GHSA-jfh8-c2jp-5v3q 
## GoAnywhere : https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps
## Google Cloud Armor WAF : https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability
## GrayLog : https://www.graylog.org/post/graylog-update-for-log4j
## GuardedBox : https://twitter.com/GuardedBox/status/1469739834117799939

# H
## HackerOne : https://twitter.com/jobertabma/status/1469490881854013444
## Huawei : https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en
## HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464

# I
## Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/
## Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day
## Informatica : https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update
## Ivanti : https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US

# J
## JAMF NATION : https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740 
## JazzSM DASH IBM : https://www.ibm.com/support/pages/node/6525552
## Jenkins : https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ 
## JetBrains Teamcity : https://youtrack.jetbrains.com/issue/TW-74298
## JFROG : https://twitter.com/jfrog/status/1469385793823199240
## Jitsi : https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md

# K
## Kafka Connect CosmosDB : https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md
## Kaseya : https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment
## Keycloak : https://github.com/keycloak/keycloak/discussions/9078

# L
## Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell
## LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914
## Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275

# M
## Macchina io : https://twitter.com/macchina_io/status/1469611606569099269
## McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091
## Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37
## Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
## Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition

# N
## N-able : https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability
## NELSON : https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala
## NetApp : https://security.netapp.com/advisory/ntap-20211210-0007/
## Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits
## NextGen Healthcare Mirth : https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526
## Newrelic : https://github.com/newrelic/newrelic-java-agent/issues/605

# O
## Okta : https://sec.okta.com/articles/2021/12/log4shell
## OpenHab : https://github.com/openhab/openhab-distro/pull/1343
## OpenNMS : https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/
## OpenMRS TALK : https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341
## OpenSearch : https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950
## Oracle : https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
## OxygenXML : https://www.oxygenxml.com/security/advisory/CVE-2019-17571.html

# P
## Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228
## PaperCut : https://www.papercut.com/support/known-issues/#PO-684 
## Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability
## Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116
## Progress / IpSwitch : https://www.progress.com/security
## Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR
## Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/
## Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)

# Q
## Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368
## Quest KACE : https://support.quest.com/kace-systems-management-appliance/kb/335869/is-the-kace-sma-affected-by-cve-2021-44228

# R
## Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/
## RedHat : https://access.redhat.com/security/cve/cve-2021-44228
## RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/
## RSA : https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501
## Rubrik : https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK

# S
## SailPoint : https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681
## Salesforce : https://help.salesforce.com/s/articleView?id=000363736&type=1
## SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html
## Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html 
## ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959
## Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791
## Shibboleth : http://shibboleth.net/pipermail/announce/2021-December/000253.html
## SLF4J : http://slf4j.org/log4shell.html
## SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228
## Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce
## SonarSource : https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721
## SonicWall : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
## Splunk : https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html
## Spring Boot : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot
## SUSE : https://www.suse.com/security/cve/CVE-2021-44228.html
## Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544
## Swingset : https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10
## Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228

# T
## Talend : https://jira.talendforge.org/browse/TCOMP-2054
## Tanium : https://community.tanium.com/s/article/How-Tanium-Can-Help-with-CVE-2021-44228-Log4Shell
## TrendMicro : https://success.trendmicro.com/solution/000289940

# U
## Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1
## USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability

# V
## Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md 
## VMware : https://www.vmware.com/security/advisories/VMSA-2021-0028.html

# W
## Wallarm : https://lab.wallarm.com/cve-2021-44228-mitigation-update/
## WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/
## Wowza : https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve
## WSO2 : https://github.com/wso2/security-tools/pull/169

# X
## XCP-ng : https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact

# Y
## Yandex-Cloud : https://github.com/yandex-cloud/docs/blob/6ff6c676787756e7dd6101c53b051e4cd04b3e85/ru/overview/security-bulletins/index.md#10122021--cve-2021-44228--%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5-%D0%BA%D0%BE%D0%B4%D0%B0-log4shell-apache-log4j

# Z
## ZAMMAD : https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256
## Zaproxy : https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ 
## Zesty : https://www.zesty.io/mindshare/company-announcements/log4j-exploit/
## ZSCALER : https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021

## Errors, typos, something to say ?
  - If you want to add a link, comment or send it to me
  - Feel free to report any mistake directly below in the comment or in DM on Twitter [@SwitHak](https://twitter.com/SwitHak)