-
-
Save MightyPixel/69b42dd7cdef40a7290046ac04a44ebe to your computer and use it in GitHub Desktop.
Revisions
-
SwitHak revised this gist
Dec 14, 2021 . 1 changed file with 22 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,6 +14,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Apache Druid : https://github.com/apache/druid/pull/12051 ## Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html ## Apache Guacamole https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1474?filter=allissues ## Apache James : https://github.com/apache/james-project/pull/794 ## Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html ## Apache Kafka : https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv ## Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 @@ -33,6 +34,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## AVM UNOFICIAl : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993316 ## AWS New : https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ ## AWS OLD: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ ## AXS Guard : https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77 ## AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 # B @@ -52,12 +54,14 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Cerberus FTP : https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability ## ChaserSystems : https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected ## CheckPoint : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS ## Ciphermail : https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html ## Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd ## Citrix : https://support.citrix.com/article/CTX335705 ## CloudFlare : https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ ## Cloudian HyperStore : https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 ## CPanel : https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ ## Code42 : https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents ## CodeBeamer : https://codebeamer.com/cb/wiki/19872365. ## CommVault https://community.commvault.com/technical-q-a-2/log4j-been-used-in-commvault-1985?postid=11745#post11745 ## ConcreteCMS.com : https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit ## Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1 @@ -97,6 +101,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## F5 Networks : https://support.f5.com/csp/article/K19026212 ## F-Secure https://status.f-secure.com/incidents/sk8vmr0h34pd ## Fastly : https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j ## FAST LTA : https://blog.fast-lta.de/en/log4j2-vulnerability ## ForcePoint : https://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-Forcepoint-Security-Manager ## Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 ## ForgeRock : https://backstage.forgerock.com/knowledge/kb/book/b21824339 @@ -112,25 +117,27 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## GoAnywhere : https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps ## Google Cloud Global Products coverage : https://cloud.google.com/log4j2-security-advisory ## Google Cloud Armor WAF : https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability ## GitLab : https://forum.gitlab.com/t/cve-2021-4428/62763 ## GrayLog : https://www.graylog.org/post/graylog-update-for-log4j ## GratWiFi WARNING I can't confirm it: https://www.facebook.com/GratWiFi/posts/396447615600785 ## GuardedBox : https://twitter.com/GuardedBox/status/1469739834117799939 ## Guidewire : https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products # H ## HackerOne : https://twitter.com/jobertabma/status/1469490881854013444 ## Hazelcast : https://github.com/hazelcast/hazelcast/commit/ad951d3b2fa1ff3412219c1d2e03a31ddf1b3011 ## HCL Software : https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 ## Hewlett Packard Enterprise HPE : https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us ## Hitachi Vantara : https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 ## HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464 ## Huawei : https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en # I ## I2P : https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 ## IBM : https://www.ibm.com/support/pages/node/6525548 ## Ignite Realtime : https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 ## Integrative Genomics Viewer IGV : https://github.com/igvteam/igv/commit/40aa5e0c6b5f2eac0a1528658189fd7de8f20347 ## IManage : https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e ## Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ ## Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day @@ -156,6 +163,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # L ## Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell ## LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914 ## LifeRay : https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability ## Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 ## LiquidFiles : https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D ## LogRhythm CISO email I can't confirmed : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992599 @@ -168,7 +176,9 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Mattermost FocalBoard : https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 ## McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091 ## Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37 ## MicroFocus FILR : https://portal.microfocus.com/s/article/KM000003003?language=en_US ## Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ ## Microstrategy : https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US ## Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition ## MISP : https://twitter.com/MISPProject/status/1470051242038673412 ## MoogSoft : https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 @@ -181,6 +191,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## NetApp : https://security.netapp.com/advisory/ntap-20211210-0007/ ## Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits ## NextGen Healthcare Mirth : https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526 ## Nexus Group : https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 ## Newrelic : https://discuss.newrelic.com/t/log4j-zero-day-vulnerability-and-the-new-relic-java-agent/170322 ## Nutanix : https://download.nutanix.com/alerts/Security_Advisory_0023.pdf @@ -203,14 +214,19 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## PingIdentity : https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 ## Plesk : https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache ## Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116 ## Pretix : https://pretix.eu/about/de/blog/20211213-log4j/ ## PrimeKey : https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 ## Progress / IpSwitch : https://www.progress.com/security ## ProofPoint : https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 ## PRTG Paessler : https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 ## PTV Group : https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information ## Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR ## Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ ## Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) ## PWM Project : https://github.com/pwm-project/pwm/issues/628 # Q ## QF-Test : https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html ## Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 ## Quest KACE : https://support.quest.com/kace-systems-management-appliance/kb/335869/is-the-kace-sma-affected-by-cve-2021-44228 @@ -221,6 +237,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Revenera / Flexera : https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 ## Riverbed : https://supportkb.riverbed.com/support/index?page=content&id=S35645 ## Roset.com : https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability ## Runecast : https://www.runecast.com/blog/runecast-6-0-1-0-covers-apache-log4j-java-vulnerability ## RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/ ## RSA : https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501 ## Rubrik : https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK @@ -251,11 +268,13 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce ## Splunk : https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html ## Spring Boot : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot ## SOS Berlin : https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability ## SumoLogic : https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 ## SUSE : https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ ## Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544 ## Sweepwidget : https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 ## Swingset : https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10 ## Synology : https://www.synology.com/en-global/security/advisory/Synology_SA_21_30 ## Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 ## SysAid : https://www.sysaid.com/lp/important-update-regarding-apache-log4j ## Sysdig : https://sysdig.com/blog/cve-critical-vulnerability-log4j/ @@ -264,6 +283,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Talend : https://jira.talendforge.org/browse/TCOMP-2054 ## TealiumIQ : https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 ## Threema UNOFICIAL : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993316 ## TP-Link : https://community.tp-link.com/en/business/forum/topic/514452 ## TrendMicro : https://success.trendmicro.com/solution/000289940 ## Tricentis Tosca : https://support-hub.tricentis.com/open?number=NEW0001148&id=post @@ -291,6 +311,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # X ## XCP-ng : https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact ## Xray connector plugin : https://github.com/jenkinsci/xray-connector-plugin/issues/53 # Y ## Yandex-Cloud : https://github.com/yandex-cloud/docs/blob/6ff6c676787756e7dd6101c53b051e4cd04b3e85/ru/overview/security-bulletins/index.md#10122021--cve-2021-44228--%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5-%D0%BA%D0%BE%D0%B4%D0%B0-log4shell-apache-log4j -
Dec 13, 2021 . 1 changed file with 20 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,9 +19,11 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 ## Apache Struts : https://struts.apache.org/announce-2021#a20211212-2 ## Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/ ## Apigee : https://status.apigee.com/incidents/3cgzb0q2r10p ## Appdynamics : https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability ## APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 ## Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 ## Ariba : https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 ## Arista : https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 ## ArrayNetworks : https://twitter.com/ArraySupport/status/1470141638571745282 ## Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html @@ -64,23 +66,27 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## ControlUp : https://status.controlup.com/incidents/qqyvh7b1dz8k ## Coralogix : https://twitter.com/Coralogix/status/1469713430659559425 ## CouchBase : https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 ## CryptShare : https://www.cryptshare.com/en/support/cryptshare-support/#c67572 ## CyberArk : https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 ## Cybereason : https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 # D ## Dataminer : https://community.dataminer.services/responding-to-log4shell-vulnerability/ ## Datto : https://www.datto.com/blog/dattos-response-to-log4shell ## Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228 ## Dell : https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability ## DELL : https://www.dell.com/support/kbdoc/en-uk/000194416/additional-information-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228 ## Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ ## Docusign : https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability ## dCache.org : https://www.dcache.org/post/log4j-vulnerability/ ## DCM4CHE.org : https://github.com/dcm4che/dcm4che/issues/1050 ## DRAW.IO : https://twitter.com/drawio/status/1470061320066277382 ## DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359 ## DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282 # E ## Eclipse Foundation : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992521 ## EHRBase : https://github.com/ehrbase/ehrbase/issues/700 ## Elastic : https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 ## ESET : https://forum.eset.com/topic/30691-log4j-vulnerability/?do=findComment&comment=143745 ## ESRI : https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ @@ -95,6 +101,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 ## ForgeRock : https://backstage.forgerock.com/knowledge/kb/book/b21824339 ## Fortinet : https://www.fortiguard.com/psirt/FG-IR-21-245 ## FTAPI : https://docs.ftapi.com/display/RN/4.12.2 ## FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ # G @@ -113,9 +120,12 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # H ## HackerOne : https://twitter.com/jobertabma/status/1469490881854013444 ## HCL Software : https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 ## Hewlett Packard Enterprise HPE : https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us ## Hitachi Vantara : https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 ## HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464 ## Huawei : https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en # I ## I2P : https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 @@ -140,7 +150,8 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Kafka Connect CosmosDB : https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md ## Kaseya : https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment ## Keycloak : https://github.com/keycloak/keycloak/discussions/9078 ## KEMP : https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit ## Komoot Photon : https://github.com/komoot/photon/issues/620 # L ## Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell @@ -152,7 +163,8 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # M ## Macchina io : https://twitter.com/macchina_io/status/1469611606569099269 ## MailCow : https://github.com/mailcow/mailcow-dockerized/issues/4375 ## ManageEngine Zoho : https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus ## ManageEngine Zoho : https://pitstop.manageengine.com/portal/en/community/topic/log4j-security-issue ## Mattermost FocalBoard : https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 ## McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091 ## Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37 @@ -193,6 +205,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116 ## Progress / IpSwitch : https://www.progress.com/security ## ProofPoint : https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 ## PTV Group : https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information ## Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR ## Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ ## Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) @@ -206,6 +219,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ ## RedHat : https://access.redhat.com/security/cve/cve-2021-44228 ## Revenera / Flexera : https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 ## Riverbed : https://supportkb.riverbed.com/support/index?page=content&id=S35645 ## Roset.com : https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability ## RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/ ## RSA : https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501 @@ -240,6 +254,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## SumoLogic : https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 ## SUSE : https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ ## Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544 ## Sweepwidget : https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 ## Swingset : https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10 ## Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 ## SysAid : https://www.sysaid.com/lp/important-update-regarding-apache-log4j @@ -261,7 +276,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## VArmour : https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility ## Varonis : https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 ## Veritas NetBackup : https://www.veritas.com/content/support/en_US/article.100052058 ## Veeam : https://www.veeam.com/kb4254 ## Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md ## VMware : https://www.vmware.com/security/advisories/VMSA-2021-0028.html -
Dec 13, 2021 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -98,6 +98,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ # G ## Gearset : https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 ## Genesys : https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability ## Ghidra : https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning ## GitHub : https://github.com/advisories/GHSA-jfh8-c2jp-5v3q @@ -132,13 +133,14 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## JazzSM DASH IBM : https://www.ibm.com/support/pages/node/6525552 ## Jenkins : https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ ## JetBrains Teamcity : https://youtrack.jetbrains.com/issue/TW-74298 ## JFROG : https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ ## Jitsi : https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md # K ## Kafka Connect CosmosDB : https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md ## Kaseya : https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment ## Keycloak : https://github.com/keycloak/keycloak/discussions/9078 ## Kommot Photon : https://github.com/komoot/photon/issues/620 # L ## Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell -
Dec 13, 2021 . 1 changed file with 23 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,11 +13,13 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability ## Apache Druid : https://github.com/apache/druid/pull/12051 ## Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html ## Apache Guacamole https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1474?filter=allissues ## Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html ## Apache Kafka : https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv ## Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 ## Apache Struts : https://struts.apache.org/announce-2021#a20211212-2 ## Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/ ## Appdynamics : https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability ## APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 ## Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 ## Arista : https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 @@ -26,13 +28,15 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 ## Avantra SYSLINK : https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability ## Avaya : https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 ## AVM UNOFICIAl : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993316 ## AWS New : https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ ## AWS OLD: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ ## AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 # B ## BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838 ## BeyondTrust Bomgar : https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 ## BigBlueButton : https://github.com/bigbluebutton/bigbluebutton/issues/13897#issuecomment-991652632 ## BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability ## BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/ ## BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability @@ -41,13 +45,15 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Broadcom Automic Automation : https://knowledge.broadcom.com/external/article?articleId=230308 # C ## Camunda : https://forum.camunda.org/t/cve-2021-44228-log4j-2-exploit/31871/4 ## CarbonBlack : https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134 ## Cerberus FTP : https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability ## ChaserSystems : https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected ## CheckPoint : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS ## Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd ## Citrix : https://support.citrix.com/article/CTX335705 ## CloudFlare : https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ ## Cloudian HyperStore : https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 ## CPanel : https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ ## Code42 : https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents ## CommVault https://community.commvault.com/technical-q-a-2/log4j-been-used-in-commvault-1985?postid=11745#post11745 @@ -65,6 +71,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Datto : https://www.datto.com/blog/dattos-response-to-log4shell ## Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228 ## Dell : https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability ## DELL : https://www.dell.com/support/kbdoc/en-uk/000194416/additional-information-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228 ## Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ ## Docusign : https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability ## DCM4CHE.org : https://github.com/dcm4che/dcm4che/issues/1050 @@ -78,6 +85,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## ESET : https://forum.eset.com/topic/30691-log4j-vulnerability/?do=findComment&comment=143745 ## ESRI : https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ ## EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2 ## Extreme Networks : https://extremeportal.force.com/ExtrArticleDetail?an=000100806 # F ## F5 Networks : https://support.f5.com/csp/article/K19026212 @@ -106,6 +114,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## HCL Software : https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 ## Huawei : https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en ## HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464 ## Hewlett Packard Enterprise HPE : https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us # I ## I2P : https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 @@ -141,11 +150,14 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # M ## Macchina io : https://twitter.com/macchina_io/status/1469611606569099269 ## MailCow : https://github.com/mailcow/mailcow-dockerized/issues/4375 ## ManageEngine : https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus ## Mattermost FocalBoard : https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 ## McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091 ## Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37 ## Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ ## Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition ## MISP : https://twitter.com/MISPProject/status/1470051242038673412 ## MoogSoft : https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 ## Mulesoft : https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 # N @@ -155,24 +167,27 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## NetApp : https://security.netapp.com/advisory/ntap-20211210-0007/ ## Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits ## NextGen Healthcare Mirth : https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526 ## Newrelic : https://discuss.newrelic.com/t/log4j-zero-day-vulnerability-and-the-new-relic-java-agent/170322 ## Nutanix : https://download.nutanix.com/alerts/Security_Advisory_0023.pdf # O ## Okta : https://sec.okta.com/articles/2021/12/log4shell ## Opengear : https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected ## OpenHab : https://github.com/openhab/openhab-distro/pull/1343 ## OpenNMS : https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ ## OpenMRS TALK : https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 ## OpenSearch : https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 ## Oracle : https://www.oracle.com/security-alerts/alert-cve-2021-44228.html ## OxygenXML : https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html # P ## Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228 ## PaperCut : https://www.papercut.com/support/known-issues/#PO-684 ## Parse.ly : https://blog.parse.ly/parse-ly-log4shell/ ## Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability ## Phenix Id : https://support.phenixid.se/uncategorized/log4j-fix/ ## PingIdentity : https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 ## Plesk : https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache ## Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116 ## Progress / IpSwitch : https://www.progress.com/security ## ProofPoint : https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 @@ -199,9 +214,10 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## SailPoint : https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 ## Salesforce : https://help.salesforce.com/s/articleView?id=000363736&type=1 ## SAP BusinessObjects : https://launchpad.support.sap.com/#/notes/3129956 ## SAP Global coverage : https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf ## SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html ## SDL worldServer : https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 ## Seafile : https://forum.seafile.com/t/urgent-zero-day-exploit-in-log4j/15575 ## Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html ## ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 ## Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791 @@ -230,6 +246,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # T ## Talend : https://jira.talendforge.org/browse/TCOMP-2054 ## TealiumIQ : https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 ## Threema UNOFICIAL : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993316 ## TrendMicro : https://success.trendmicro.com/solution/000289940 ## Tricentis Tosca : https://support-hub.tricentis.com/open?number=NEW0001148&id=post @@ -241,13 +258,15 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # V ## VArmour : https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility ## Varonis : https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 ## Veritas NetBackup : https://www.veritas.com/content/support/en_US/article.100052058 ## Veeam : https://forums.veeam.com/veeam-backup-for-azure-f59/log4j-cve-2021-44228-vulnerability-t78225.html#p438231 ## Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md ## VMware : https://www.vmware.com/security/advisories/VMSA-2021-0028.html # W ## Wallarm : https://lab.wallarm.com/cve-2021-44228-mitigation-update/ ## WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ ## WildFlyAS : https://twitter.com/WildFlyAS/status/1469362190536818688 ## WitFoo : https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ ## Wodby Cloud : https://twitter.com/wodbycloud/status/1470125735914450950 ## Wowza : https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve @@ -264,6 +283,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Zaproxy : https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ ## Zerto : https://help.zerto.com/kb/000004822 ## Zesty : https://www.zesty.io/mindshare/company-announcements/log4j-exploit/ ## Zimbra : https://forums.zimbra.org/viewtopic.php?f=15&t=70240 ## ZSCALER : https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021 ## Errors, typos, something to say ? -
Dec 13, 2021 . No changes.There are no files selected for viewing
-
Dec 13, 2021 . 1 changed file with 20 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -20,6 +20,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/ ## APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 ## Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 ## Arista : https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 ## ArrayNetworks : https://twitter.com/ArraySupport/status/1470141638571745282 ## Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html ## Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 @@ -31,20 +32,24 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # B ## BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838 ## BeyondTrust Bomgar : https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 ## BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability ## BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/ ## BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability ## Boomi DELL : https://community.boomi.com/s/question/0D56S00009UQkx4SAD/is-boomi-installation-moleculegateway-protected-from-cve202144228-log4j ## Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 ## Broadcom Automic Automation : https://knowledge.broadcom.com/external/article?articleId=230308 # C ## CarbonBlack : https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134 ## Cerberus FTP : https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability ## ChaserSystems : https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected ## CheckPoint : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS ## Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd ## Citrix : https://support.citrix.com/article/CTX335705 ## CloudFlare : https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ ## CPanel : https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ ## Code42 : https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents ## CommVault https://community.commvault.com/technical-q-a-2/log4j-been-used-in-commvault-1985?postid=11745#post11745 ## ConcreteCMS.com : https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit ## Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1 @@ -62,6 +67,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Dell : https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability ## Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ ## Docusign : https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability ## DCM4CHE.org : https://github.com/dcm4che/dcm4che/issues/1050 ## DRAW.IO : https://twitter.com/drawio/status/1470061320066277382 ## DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359 ## DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282 @@ -103,10 +109,13 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # I ## I2P : https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 ## IBM : https://www.ibm.com/support/pages/node/6525548 ## Ignite Realtime : https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 ## IManage : https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e ## Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ ## Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day ## Informatica : https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update ## Ironnet : https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability ## Ivanti : https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US # J @@ -126,6 +135,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell ## LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914 ## Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 ## LiquidFiles : https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D ## LogRhythm CISO email I can't confirmed : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992599 # M @@ -165,6 +175,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## PingIdentity : https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 ## Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116 ## Progress / IpSwitch : https://www.progress.com/security ## ProofPoint : https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 ## Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR ## Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ ## Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) @@ -178,6 +189,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ ## RedHat : https://access.redhat.com/security/cve/cve-2021-44228 ## Revenera / Flexera : https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 ## Roset.com : https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability ## RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/ ## RSA : https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501 ## Rubrik : https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK @@ -189,10 +201,12 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## SAP BusinessObjects : https://launchpad.support.sap.com/#/notes/3129956 ## SAP Global coverage : https://launchpad.support.sap.com/#/notes/3129930 ## SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html ## SDL worldServer : https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 ## Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html ## ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 ## Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791 ## Shibboleth : http://shibboleth.net/pipermail/announce/2021-December/000253.html ## Siemens : https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf ## Signald : https://gitlab.com/signald/signald/-/issues/259 ## Skillable : https://skillable.com/log4shell/ ## SLF4J : http://slf4j.org/log4shell.html @@ -205,22 +219,27 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce ## Splunk : https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html ## Spring Boot : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot ## SumoLogic : https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 ## SUSE : https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ ## Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544 ## Swingset : https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10 ## Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 ## SysAid : https://www.sysaid.com/lp/important-update-regarding-apache-log4j ## Sysdig : https://sysdig.com/blog/cve-critical-vulnerability-log4j/ # T ## Talend : https://jira.talendforge.org/browse/TCOMP-2054 ## TealiumIQ : https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 ## TrendMicro : https://success.trendmicro.com/solution/000289940 ## Tricentis Tosca : https://support-hub.tricentis.com/open?number=NEW0001148&id=post # U ## Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 ## Ubuntu : https://ubuntu.com/security/CVE-2021-44228 ## USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability # V ## VArmour : https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility ## Varonis : https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 ## Veeam : https://forums.veeam.com/veeam-backup-for-azure-f59/log4j-cve-2021-44228-vulnerability-t78225.html#p438231 ## Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md -
Dec 13, 2021 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -20,6 +20,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/ ## APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 ## Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 ## ArrayNetworks : https://twitter.com/ArraySupport/status/1470141638571745282 ## Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html ## Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 ## Avantra SYSLINK : https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability @@ -229,6 +230,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Wallarm : https://lab.wallarm.com/cve-2021-44228-mitigation-update/ ## WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ ## WitFoo : https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ ## Wodby Cloud : https://twitter.com/wodbycloud/status/1470125735914450950 ## Wowza : https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve ## WSO2 : https://github.com/wso2/security-tools/pull/169 -
Dec 12, 2021 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,6 +4,11 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) - If you want to add a link, comment or send it to me - Feel free to report any mistake directly below in the comment or in DM on Twitter [@SwitHak](https://twitter.com/SwitHak) # Other great ressources - Royce Williams list is different, listed by vendors responses: - https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/ - TBD # A ## Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability ## Apache Druid : https://github.com/apache/druid/pull/12051 -
Dec 12, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -74,6 +74,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## ForcePoint : https://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-Forcepoint-Security-Manager ## Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 ## ForgeRock : https://backstage.forgerock.com/knowledge/kb/book/b21824339 ## Fortinet : https://www.fortiguard.com/psirt/FG-IR-21-245 ## FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ # G -
Dec 12, 2021 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,6 +11,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html ## Apache Kafka : https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv ## Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 ## Apache Struts : https://struts.apache.org/announce-2021#a20211212-2 ## Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/ ## APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 ## Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 @@ -55,6 +56,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Dell : https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability ## Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ ## Docusign : https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability ## DRAW.IO : https://twitter.com/drawio/status/1470061320066277382 ## DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359 ## DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282 @@ -93,6 +95,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464 # I ## I2P : https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 ## Ignite Realtime : https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 ## Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ ## Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day -
Dec 12, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -131,6 +131,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # N ## N-able : https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability ## NELSON : https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala ## NEO4J : https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856 ## NetApp : https://security.netapp.com/advisory/ntap-20211210-0007/ ## Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits ## NextGen Healthcare Mirth : https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526 -
Dec 12, 2021 . 1 changed file with 0 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -201,7 +201,6 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # T ## Talend : https://jira.talendforge.org/browse/TCOMP-2054 ## TealiumIQ : https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 ## TrendMicro : https://success.trendmicro.com/solution/000289940 -
Dec 12, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -207,6 +207,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # U ## Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 ## Ubuntu : https://ubuntu.com/security/CVE-2021-44228 ## USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability # V -
Dec 12, 2021 . 1 changed file with 7 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -62,6 +62,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Eclipse Foundation : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992521 ## Elastic : https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 ## ESET : https://forum.eset.com/topic/30691-log4j-vulnerability/?do=findComment&comment=143745 ## ESRI : https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ ## EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2 # F @@ -70,6 +71,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Fastly : https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j ## ForcePoint : https://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-Forcepoint-Security-Manager ## Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 ## ForgeRock : https://backstage.forgerock.com/knowledge/kb/book/b21824339 ## FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ # G @@ -82,6 +84,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## GrayLog : https://www.graylog.org/post/graylog-update-for-log4j ## GratWiFi WARNING I can't confirm it: https://www.facebook.com/GratWiFi/posts/396447615600785 ## GuardedBox : https://twitter.com/GuardedBox/status/1469739834117799939 ## Guidewire : https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products # H ## HackerOne : https://twitter.com/jobertabma/status/1469490881854013444 @@ -90,6 +93,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464 # I ## Ignite Realtime : https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 ## Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ ## Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day ## Informatica : https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update @@ -183,9 +187,11 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## SLF4J : http://slf4j.org/log4shell.html ## SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 ## Software AG : https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 ## SolarWinds : https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 ## SonarSource : https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 ## Sonatype : https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild ## SonicWall : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 ## Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce ## Splunk : https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html ## Spring Boot : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot ## SUSE : https://www.suse.com/security/cve/CVE-2021-44228.html -
Dec 12, 2021 . 1 changed file with 15 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -16,8 +16,10 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 ## Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html ## Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 ## Avantra SYSLINK : https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability ## Avaya : https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 ## AWS New : https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ ## AWS OLD: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ ## AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 # B @@ -41,6 +43,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1 ## ConnectWise : https://www.connectwise.com/company/trust/advisories ## ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 ## ControlUp : https://status.controlup.com/incidents/qqyvh7b1dz8k ## Coralogix : https://twitter.com/Coralogix/status/1469713430659559425 ## CouchBase : https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 ## CyberArk : https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 @@ -74,8 +77,10 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Ghidra : https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning ## GitHub : https://github.com/advisories/GHSA-jfh8-c2jp-5v3q ## GoAnywhere : https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps ## Google Cloud Global Products coverage : https://cloud.google.com/log4j2-security-advisory ## Google Cloud Armor WAF : https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability ## GrayLog : https://www.graylog.org/post/graylog-update-for-log4j ## GratWiFi WARNING I can't confirm it: https://www.facebook.com/GratWiFi/posts/396447615600785 ## GuardedBox : https://twitter.com/GuardedBox/status/1469739834117799939 # H @@ -107,6 +112,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell ## LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914 ## Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 ## LogRhythm CISO email I can't confirmed : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992599 # M ## Macchina io : https://twitter.com/macchina_io/status/1469611606569099269 @@ -115,7 +121,8 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37 ## Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ ## Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition ## MISP : https://twitter.com/MISPProject/status/1470051242038673412 ## Mulesoft : https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 # N ## N-able : https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability @@ -124,6 +131,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits ## NextGen Healthcare Mirth : https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526 ## Newrelic : https://github.com/newrelic/newrelic-java-agent/issues/605 ## Nutanix : https://download.nutanix.com/alerts/Security_Advisory_0023.pdf # O ## Okta : https://sec.okta.com/articles/2021/12/log4shell @@ -151,6 +159,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Quest KACE : https://support.quest.com/kace-systems-management-appliance/kb/335869/is-the-kace-sma-affected-by-cve-2021-44228 # R ## Radware : https://support.radware.com/app/answers/answer_view/a_id/1029752 ## Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ ## RedHat : https://access.redhat.com/security/cve/cve-2021-44228 ## Revenera / Flexera : https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 @@ -162,6 +171,8 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## SAFE FME Server : https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j ## SailPoint : https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 ## Salesforce : https://help.salesforce.com/s/articleView?id=000363736&type=1 ## SAP BusinessObjects : https://launchpad.support.sap.com/#/notes/3129956 ## SAP Global coverage : https://launchpad.support.sap.com/#/notes/3129930 ## SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html ## Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html ## ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 @@ -193,6 +204,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability # V ## Varonis : https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 ## Veeam : https://forums.veeam.com/veeam-backup-for-azure-f59/log4j-cve-2021-44228-vulnerability-t78225.html#p438231 ## Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md ## VMware : https://www.vmware.com/security/advisories/VMSA-2021-0028.html @@ -213,6 +225,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # Z ## ZAMMAD : https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 ## Zaproxy : https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ ## Zerto : https://help.zerto.com/kb/000004822 ## Zesty : https://www.zesty.io/mindshare/company-announcements/log4j-exploit/ ## ZSCALER : https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021 -
Dec 12, 2021 . No changes.There are no files selected for viewing
-
Dec 12, 2021 . 1 changed file with 6 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -43,6 +43,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 ## Coralogix : https://twitter.com/Coralogix/status/1469713430659559425 ## CouchBase : https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 ## CyberArk : https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 ## Cybereason : https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 # D @@ -55,7 +56,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282 # E ## Eclipse Foundation : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992521 ## Elastic : https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 ## ESET : https://forum.eset.com/topic/30691-log4j-vulnerability/?do=findComment&comment=143745 ## EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2 @@ -114,6 +115,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37 ## Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ ## Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition ## MISp : https://twitter.com/MISPProject/status/1470051242038673412 # N ## N-able : https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability @@ -137,6 +139,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## PaperCut : https://www.papercut.com/support/known-issues/#PO-684 ## Parse.ly : https://blog.parse.ly/parse-ly-log4shell/ ## Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability ## PingIdentity : https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 ## Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116 ## Progress / IpSwitch : https://www.progress.com/security ## Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR @@ -156,13 +159,15 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Rubrik : https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK # S ## SAFE FME Server : https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j ## SailPoint : https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 ## Salesforce : https://help.salesforce.com/s/articleView?id=000363736&type=1 ## SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html ## Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html ## ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 ## Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791 ## Shibboleth : http://shibboleth.net/pipermail/announce/2021-December/000253.html ## Signald : https://gitlab.com/signald/signald/-/issues/259 ## Skillable : https://skillable.com/log4shell/ ## SLF4J : http://slf4j.org/log4shell.html ## SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 -
Dec 12, 2021 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,6 +25,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability ## BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/ ## BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability ## Boomi DELL : https://community.boomi.com/s/question/0D56S00009UQkx4SAD/is-boomi-installation-moleculegateway-protected-from-cve202144228-log4j ## Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 # C @@ -56,6 +57,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # E ## Eclipse Foundation : https://git.eclipse.org/r/c/tracecompass/org.eclipse.tracecompass/+/188751 ## Elastic : https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 ## ESET : https://forum.eset.com/topic/30691-log4j-vulnerability/?do=findComment&comment=143745 ## EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2 # F @@ -107,6 +109,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # M ## Macchina io : https://twitter.com/macchina_io/status/1469611606569099269 ## MailCow : https://github.com/mailcow/mailcow-dockerized/issues/4375 ## McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091 ## Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37 ## Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ @@ -163,6 +166,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Skillable : https://skillable.com/log4shell/ ## SLF4J : http://slf4j.org/log4shell.html ## SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 ## Software AG : https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 ## Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce ## SonarSource : https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 ## SonicWall : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 -
Dec 12, 2021 . 1 changed file with 10 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,9 +12,11 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Apache Kafka : https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv ## Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 ## Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/ ## APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 ## Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 ## Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html ## Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 ## Avaya : https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 ## AWS : https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ ## AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 @@ -47,6 +49,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228 ## Dell : https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability ## Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ ## Docusign : https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability ## DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359 ## DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282 @@ -74,6 +77,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # H ## HackerOne : https://twitter.com/jobertabma/status/1469490881854013444 ## HCL Software : https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 ## Huawei : https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en ## HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464 @@ -128,6 +132,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # P ## Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228 ## PaperCut : https://www.papercut.com/support/known-issues/#PO-684 ## Parse.ly : https://blog.parse.ly/parse-ly-log4shell/ ## Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability ## Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116 ## Progress / IpSwitch : https://www.progress.com/security @@ -142,6 +147,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # R ## Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ ## RedHat : https://access.redhat.com/security/cve/cve-2021-44228 ## Revenera / Flexera : https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 ## RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/ ## RSA : https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501 ## Rubrik : https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK @@ -154,6 +160,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 ## Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791 ## Shibboleth : http://shibboleth.net/pipermail/announce/2021-December/000253.html ## Skillable : https://skillable.com/log4shell/ ## SLF4J : http://slf4j.org/log4shell.html ## SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 ## Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce @@ -169,19 +176,22 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # T ## Talend : https://jira.talendforge.org/browse/TCOMP-2054 ## Tanium : https://community.tanium.com/s/article/How-Tanium-Can-Help-with-CVE-2021-44228-Log4Shell ## TealiumIQ : https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 ## TrendMicro : https://success.trendmicro.com/solution/000289940 # U ## Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 ## USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability # V ## Veeam : https://forums.veeam.com/veeam-backup-for-azure-f59/log4j-cve-2021-44228-vulnerability-t78225.html#p438231 ## Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md ## VMware : https://www.vmware.com/security/advisories/VMSA-2021-0028.html # W ## Wallarm : https://lab.wallarm.com/cve-2021-44228-mitigation-update/ ## WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ ## WitFoo : https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ ## Wowza : https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve ## WSO2 : https://github.com/wso2/security-tools/pull/169 -
Dec 12, 2021 . 1 changed file with 11 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -20,6 +20,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # B ## BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838 ## BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability ## BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/ ## BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability ## Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 @@ -33,6 +34,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## CloudFlare : https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ ## CPanel : https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ ## CommVault https://community.commvault.com/technical-q-a-2/log4j-been-used-in-commvault-1985?postid=11745#post11745 ## ConcreteCMS.com : https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit ## Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1 ## ConnectWise : https://www.connectwise.com/company/trust/advisories ## ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 @@ -62,6 +64,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ # G ## Genesys : https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability ## Ghidra : https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning ## GitHub : https://github.com/advisories/GHSA-jfh8-c2jp-5v3q ## GoAnywhere : https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps @@ -94,6 +97,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Keycloak : https://github.com/keycloak/keycloak/discussions/9078 # L ## Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell ## LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914 ## Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 @@ -119,6 +123,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## OpenMRS TALK : https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 ## OpenSearch : https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 ## Oracle : https://www.oracle.com/security-alerts/alert-cve-2021-44228.html ## OxygenXML : https://www.oxygenxml.com/security/advisory/CVE-2019-17571.html # P ## Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228 @@ -132,8 +137,10 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # Q ## Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 ## Quest KACE : https://support.quest.com/kace-systems-management-appliance/kb/335869/is-the-kace-sma-affected-by-cve-2021-44228 # R ## Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ ## RedHat : https://access.redhat.com/security/cve/cve-2021-44228 ## RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/ ## RSA : https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501 @@ -166,6 +173,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # U ## Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 ## USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability # V ## Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md @@ -178,12 +186,15 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## WSO2 : https://github.com/wso2/security-tools/pull/169 # X ## XCP-ng : https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact # Y ## Yandex-Cloud : https://github.com/yandex-cloud/docs/blob/6ff6c676787756e7dd6101c53b051e4cd04b3e85/ru/overview/security-bulletins/index.md#10122021--cve-2021-44228--%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5-%D0%BA%D0%BE%D0%B4%D0%B0-log4shell-apache-log4j # Z ## ZAMMAD : https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 ## Zaproxy : https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ ## Zesty : https://www.zesty.io/mindshare/company-announcements/log4j-exploit/ ## ZSCALER : https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021 ## Errors, typos, something to say ? -
Dec 12, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -125,7 +125,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## PaperCut : https://www.papercut.com/support/known-issues/#PO-684 ## Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability ## Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116 ## Progress / IpSwitch : https://www.progress.com/security ## Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR ## Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ ## Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) -
Dec 12, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,7 +21,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # B ## BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838 ## BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/ ## BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability ## Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 # C -
Dec 12, 2021 . 1 changed file with 17 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,6 +21,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # B ## BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838 ## BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/ ## BMC : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability ## Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 # C @@ -55,6 +56,8 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # F ## F5 Networks : https://support.f5.com/csp/article/K19026212 ## F-Secure https://status.f-secure.com/incidents/sk8vmr0h34pd ## Fastly : https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j ## ForcePoint : https://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-Forcepoint-Security-Manager ## Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 ## FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ @@ -72,20 +75,23 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464 # I ## Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ ## Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day ## Informatica : https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update ## Ivanti : https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US # J ## JAMF NATION : https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740 ## JazzSM DASH IBM : https://www.ibm.com/support/pages/node/6525552 ## Jenkins : https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ ## JetBrains Teamcity : https://youtrack.jetbrains.com/issue/TW-74298 ## JFROG : https://twitter.com/jfrog/status/1469385793823199240 ## Jitsi : https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md # K ## Kafka Connect CosmosDB : https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md ## Kaseya : https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment ## Keycloak : https://github.com/keycloak/keycloak/discussions/9078 # L ## LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914 @@ -95,6 +101,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Macchina io : https://twitter.com/macchina_io/status/1469611606569099269 ## McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091 ## Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37 ## Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ ## Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition # N @@ -109,13 +116,16 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Okta : https://sec.okta.com/articles/2021/12/log4shell ## OpenHab : https://github.com/openhab/openhab-distro/pull/1343 ## OpenNMS : https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ ## OpenMRS TALK : https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 ## OpenSearch : https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 ## Oracle : https://www.oracle.com/security-alerts/alert-cve-2021-44228.html # P ## Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228 ## PaperCut : https://www.papercut.com/support/known-issues/#PO-684 ## Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability ## Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116 ## Progress / IpSwitch MoveIt : https://knowledgebase.progress.com/articles/Knowledge/Is-MOVEit-vulnerable-to-CVE-2021-44228-Log4j ## Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR ## Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ ## Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) @@ -132,6 +142,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # S ## SailPoint : https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 ## Salesforce : https://help.salesforce.com/s/articleView?id=000363736&type=1 ## SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html ## Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html ## ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 ## Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791 @@ -141,10 +152,12 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce ## SonarSource : https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 ## SonicWall : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 ## Splunk : https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html ## Spring Boot : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot ## SUSE : https://www.suse.com/security/cve/CVE-2021-44228.html ## Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544 ## Swingset : https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10 ## Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 # T ## Talend : https://jira.talendforge.org/browse/TCOMP-2054 @@ -160,7 +173,9 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # W ## Wallarm : https://lab.wallarm.com/cve-2021-44228-mitigation-update/ ## WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ ## Wowza : https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve ## WSO2 : https://github.com/wso2/security-tools/pull/169 # X # Y -
Dec 12, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -135,6 +135,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html ## ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 ## Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791 ## Shibboleth : http://shibboleth.net/pipermail/announce/2021-December/000253.html ## SLF4J : http://slf4j.org/log4shell.html ## SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 ## Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce -
Dec 12, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -42,6 +42,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # D ## Datto : https://www.datto.com/blog/dattos-response-to-log4shell ## Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228 ## Dell : https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability ## Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ ## DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359 ## DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282 -
Dec 11, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -134,6 +134,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html ## ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 ## Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791 ## SLF4J : http://slf4j.org/log4shell.html ## SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 ## Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce ## SonarSource : https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 -
Dec 11, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -60,6 +60,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # G ## Ghidra : https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning ## GitHub : https://github.com/advisories/GHSA-jfh8-c2jp-5v3q ## GoAnywhere : https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps ## Google Cloud Armor WAF : https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability ## GrayLog : https://www.graylog.org/post/graylog-update-for-log4j ## GuardedBox : https://twitter.com/GuardedBox/status/1469739834117799939 -
Dec 11, 2021 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -87,6 +87,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # L ## LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914 ## Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 # M ## Macchina io : https://twitter.com/macchina_io/status/1469611606569099269 @@ -99,6 +100,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## NELSON : https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala ## NetApp : https://security.netapp.com/advisory/ntap-20211210-0007/ ## Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits ## NextGen Healthcare Mirth : https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526 ## Newrelic : https://github.com/newrelic/newrelic-java-agent/issues/605 # O @@ -117,6 +119,8 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) ## Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) # Q ## Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 # R ## RedHat : https://access.redhat.com/security/cve/cve-2021-44228 ## RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/ @@ -161,6 +165,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # Z ## ZAMMAD : https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 ## Zaproxy : https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ ## ZSCALER : https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021 ## Errors, typos, something to say ? - If you want to add a link, comment or send it to me -
Dec 11, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -42,7 +42,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) # D ## Datto : https://www.datto.com/blog/dattos-response-to-log4shell ## Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228 ## Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ ## DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359 ## DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282 -
Dec 11, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,6 +5,7 @@ Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) - Feel free to report any mistake directly below in the comment or in DM on Twitter [@SwitHak](https://twitter.com/SwitHak) # A ## Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability ## Apache Druid : https://github.com/apache/druid/pull/12051 ## Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html ## Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html
NewerOlder