Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228) ## Errors, typos, something to say ? - If you want to add a link, comment or send it to me - Feel free to report any mistake directly below in the comment or in DM on Twitter [@SwitHak](https://twitter.com/SwitHak) # Other great resources - Royce Williams list is different, listed by vendors responses: - https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/ - Very detailed list [NCSC-NL](https://github.com/NCSC-NL/log4shell/blob/main/software/README.md#software-overview) [A](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#a) **[B](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#b)** [C](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#c) [D](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#d) [E](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#e) [F](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#f) [G](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#g) [H](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#h) [I](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#i) [J](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#j) [K](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#k) [L](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#l) [M](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#m) [N](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#n) [O](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#o) [P](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#p) [Q](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#q) [R](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#r) [S](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#s) [T](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#t) [U](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#u) [V](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#v) [W](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#w) [X](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#x) [Y](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#y) [Z](https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=03#z) # 0-9 ## 3CX : https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911 ## 7-Zip : https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1/ # A ## Acquia : https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 ## Acronis : https://security-advisory.acronis.com/advisories/SEC-3859 ## Addigy : https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ ## Adeptia : https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- ## Adobe ColdFusion : https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html ## ADP : https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx ## Agenda : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995221 ## Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability ## Alcatel : https://dokuwiki.alu4u.com/doku.php?id=log4j ## Alertus : https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US ## AlgoSec UNOFICIAl : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3994072 ## AlienVault UNOFICIAL : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3994150 ## Altaro : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995170 ## Apache Druid : https://github.com/apache/druid/pull/12051 ## Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html ## Apache Guacamole https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1474?filter=allissues ## Apache James : https://github.com/apache/james-project/pull/794 ## Apache Jena : https://lists.apache.org/thread/nc3gz7yvokc9ktkzs8078jr5t04nfmdy ## Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html ## Apache Kafka : https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv ## Apache Projects : https://blogs.apache.org/security/entry/cve-2021-44228 ## Apache Pulsar : https://pulsar.apache.org/blog/2021/12/11/Log4j-CVE/ ## Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 ## Apache Struts : https://struts.apache.org/announce-2021#a20211212-2 ## Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/ ## Apigee : https://status.apigee.com/incidents/3cgzb0q2r10p ## Apollo : https://community.apollographql.com/t/log4j-vulnerability/2214 ## Appdynamics : https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability ## AppGate : https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability ## APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 ## Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 ## Aqua Security : https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub ## Arduino : https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 ## Ariba : https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 ## Arista : https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 ## ArrayNetworks : https://twitter.com/ArraySupport/status/1470141638571745282 ## Aruba Networks: https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security ## Attivo networks : https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf ## Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html ## AudioCodes : https://services.audiocodes.com/app/answers/kbdetail/a_id/2225 ## Autopsy : https://www.autopsy.com/autopsy-and-log4j-vulnerability/ ## Auth0 : https://twitter.com/auth0/status/1470086301902721024 ## Autodesk : https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html ## Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 ## Avantra SYSLINK : https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability ## Avaya : https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 ## AVEPOINT : https://www.avepoint.com/company/java-zero-day-vulnerability-notification ## AVM UNOFICIAl : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993316 ## AvTech RoomAlert : https://avtech.com/articles/23124/java-exploit-room-alert-link/ ## AWS New : https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ ## AWS OLD: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ ## AXS Guard : https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77 ## Axways Applications : https://support.axway.com/news/1331/lang/en ## AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 # B ## BackBox : https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf ## BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838 ## Barracuda : https://blog.barracuda.com/2021/12/13/barracuda-waf-and-waf-as-a-service-protect-against-the-apache-log4j-critical-vulnerability/ ## BEC Legal Systems : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995524 ## BeyondTrust Bomgar : https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 ## BigBlueButton : https://github.com/bigbluebutton/bigbluebutton/issues/13897#issuecomment-991652632 ## BisectHosting : https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html ## BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability ## BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/ ## Blancco : https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library ## Blumira : https://www.blumira.com/cve-2021-44228-log4shell/ ## BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability ## Boomi DELL : https://community.boomi.com/s/article/Log4j-Vulnerability ## Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 ## Broadcom Automic Automation : https://knowledge.broadcom.com/external/article?articleId=230308 # C ## C4b XPHONE : https://www.c4b.com/de/news/log4j.php ## Calyptix Security : https://twitter.com/calyptix/status/1470498981147029507 ## Camunda : https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910 ## CarbonBlack : https://www.vmware.com/security/advisories/VMSA-2021-0028.html ## CAS GenesysWorld : https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446 ## Cerberus FTP : https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability ## ChaserSystems : https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected ## Checkmarx plugin : https://github.com/jenkinsci/checkmarx-plugin/pull/83 ## CheckMK : https://forum.checkmk.com/t/checkmk-not-affected-by-log4shell/28643/3 ## CheckPoint : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865 ## Ciphermail : https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html ## Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd ## Citrix : https://support.citrix.com/article/CTX335705 ## CloudFlare : https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ ## Cloudian HyperStore : https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 ## CPanel : https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ ## Code42 : https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents ## CodeBeamer : https://codebeamer.com/cb/wiki/19872365 ## CodeTwo : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995424 ## Cohesity : https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228 ## CommVault : https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html ## ConcreteCMS.com : https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit ## Confluent : https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability ## Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1 ## ConnectWise : https://www.connectwise.com/company/trust/advisories ## ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 ## ControlUp : https://status.controlup.com/incidents/qqyvh7b1dz8k ## Coralogix : https://twitter.com/Coralogix/status/1469713430659559425 ## CouchBase : https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 ## Cradlepoint : https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/ ## CrushFTP : https://www.crushftp.com/download.html ## CryptShare : https://www.cryptshare.com/en/support/cryptshare-support/#c67572 ## Cumul.io https://status.cumul.io/#incidents ## CyberArk : https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 ## Cybereason : https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 ## CyberRes : https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 # D ## DarkTrace : https://customerportal.darktrace.com/inside-the-soc/get-article/201 ## Databricks : https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub ## DataDog : https://www.datadoghq.com/log4j-vulnerability/ ## Dataminer : https://community.dataminer.services/responding-to-log4shell-vulnerability/ ## Datev : https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 ## Datto : https://www.datto.com/blog/dattos-response-to-log4shell ## Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228 ## Dell : https://www.dell.com/support/kbdoc/en-us/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability ## DELL : https://www.dell.com/support/kbdoc/en-us/000194416/additional-information-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228 ## Device42 : https://blog.device42.com/2021/12/13/log4j-zero-day/ ## Digicert : https://knowledge.digicert.com/alerts/digicert-log4j-response.html ## Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ ## Docusign : https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability ## dCache.org : https://www.dcache.org/post/log4j-vulnerability/ ## DCM4CHE.org : https://github.com/dcm4che/dcm4che/issues/1050 ## DRAW.IO : https://twitter.com/drawio/status/1470061320066277382 ## DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359 ## DSpace :https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE ## DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282 # E ## Eclipse Foundation : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992521 ## EHRBase : https://github.com/ehrbase/ehrbase/issues/700 ## Elastic : https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 ## EnterpriseDT : https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ ## ESET : https://forum.eset.com/topic/30691-log4j-vulnerability/?do=findComment&comment=143745 ## ESRI : https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ ## EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2 ## Exabeam : https://community.exabeam.com/s/discussions?t=1639379479381 ## Extreme Networks : https://extremeportal.force.com/ExtrArticleDetail?an=000100806 # F ## F5 Networks : https://support.f5.com/csp/article/K19026212 ## F-Secure https://status.f-secure.com/incidents/sk8vmr0h34pd ## Fastly : https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j ## FAST LTA : https://blog.fast-lta.de/en/log4j2-vulnerability ## FedEx : https://www.fedex.com/en-us/service-alerts.html#weatherassess ## FileCatalyst : https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability ## FileCloud : https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers ## Flexera : https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 ## FlyWheel : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995147 ## ForcePoint : https://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-Forcepoint-Security-Manager ## Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 ## ForgeRock : https://backstage.forgerock.com/knowledge/kb/article/a39102625 ## Fortinet : https://www.fortiguard.com/psirt/FG-IR-21-245 ## FTAPI : https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# ## Fujitsu : https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf ## FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ # G ## Gearset : https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 ## Genesys : https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability ## Gerrit code review : https://www.gerritcodereview.com/2021-12-13-log4j-statement.html ## GFI : https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ ## Ghidra : https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning ## GitHub : https://github.com/advisories/GHSA-jfh8-c2jp-5v3q ## GitHub Response : https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ ## GitLab : https://forum.gitlab.com/t/cve-2021-4428/62763 ## GoAnywhere : https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps ## Google Cloud Global Products coverage : https://cloud.google.com/log4j2-security-advisory ## Google Cloud Armor WAF : https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability ## Grafana : https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/ ## GratWiFi WARNING I can't confirm it: https://www.facebook.com/GratWiFi/posts/396447615600785 ## Gravitee.io : https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability ## GrayLog : https://www.graylog.org/post/graylog-update-for-log4j ## GreenShot : https://greenshot.atlassian.net/browse/BUG-2871 ## GuardedBox : https://twitter.com/GuardedBox/status/1469739834117799939 ## Guidewire : https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products # H ## HackerOne : https://twitter.com/jobertabma/status/1469490881854013444 ## HAProxy : https://www.haproxy.com/blog/december-2021-log4shell-mitigation/ ## Hashicorp : https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/33138 ## Hazelcast : https://github.com/hazelcast/hazelcast/commit/ad951d3b2fa1ff3412219c1d2e03a31ddf1b3011 ## HCL Software BIGFIX: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 ## HCL Software Notes, Domino, Verse, and Traveler : https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095516 ## Hewlett Packard Enterprise HPE : https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04215en_us ## Hewlett Packard Enterprise HPE GLOBAL : https://techhub.hpe.com/eginfolib/securityalerts/Apache%20Software%20Log4j/Apache_Software_Log4j.html ## Hitachi Vantara : https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 ## Honeywell : https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability ## HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464 ## Huawei : https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en ## Hubspot : https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 # I ## I2P : https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 ## IBA-AG : https://www.iba-ag.com/en/security ## IBM : https://www.ibm.com/support/pages/node/6525548 ## IFS : https://community.ifs.com/announcements-278/urgent-bulletin-ifs-advisory-ifs-products-services-and-log4j-cve-2021-44228-16436 ## IGEL : https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html ## Ignite Realtime : https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 ## Illuminated Cloud : https://illuminatedcloud.blogspot.com/2021/12/illuminated-cloud-2-and-log4j-security.html ## IManage : https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e ## Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ ## Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day ## InfluxData : https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/ ## Informatica : https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update ## Integrative Genomics Viewer IGV : https://github.com/igvteam/igv/commit/40aa5e0c6b5f2eac0a1528658189fd7de8f20347 ## Instructure : https://community.canvaslms.com/t5/Community-Users/Instructure-amp-the-Apache-Log4j2-Vulnerability/ba-p/501907 ## InterSystems : https://www.intersystems.com/gt/apache-log4j2/ ## iRedMail : https://forum.iredmail.org/topic18605-log4j-cve202144228.html ## Ironnet : https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability ## Ivanti : https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US # J ## Jamasoftware : https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22 ## JAMF : https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html ## Jaspersoft : https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products ## JazzSM DASH IBM : https://www.ibm.com/support/pages/node/6525552 ## Jedox : https://www.jedox.com/en/trust/ ## Jenkins : https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ ## JetBrains Global :https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ ## JetBrains Teamcity : https://youtrack.jetbrains.com/issue/TW-74298 ## JetBrains YouTrack and Hub : https://youtrack.jetbrains.com/issue/JT-67582 ## JFROG : https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ ## Jitterbit : https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability ## Jitsi : https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md ## JobRouter : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995497 ## Juniper Networks : https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 # K ## K15t : https://help.k15t.com/k15t-apps-and-log4shell-193401141.html ## Kafka Connect CosmosDB : https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md ## Karakun : https://board.karakun.com/viewtopic.php?f=21&t=8351 ## Kaseya : https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment ## Keycloak : https://github.com/keycloak/keycloak/discussions/9078 ## KEMP : https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit ## KEMP 2 : https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- ## Kofax : https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) ## Komoot Photon : https://github.com/komoot/photon/issues/620 ## Kronos UKG : https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US # L ## LabCollector : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995088 ## Lansweeper : https://www.lansweeper.com/vulnerability/critical-log4j-vulnerability-affects-millions-of-applications/ ## Laserfiche : https://answers.laserfiche.com/questions/194037/Do-any-Laserfiche-products-use-the-Apache-log4j-library#194038 ## LastPass : https://support.logmeininc.com/lastpass/help/log4j-vulnerability-faq-for-lastpass-universal-proxy ## LaunchDarkly : https://launchdarkly.com/blog/audit-shows-systems-unaffected-by-log4j/ ## Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell ## Lenovo : https://support.lenovo.com/ro/en/product_security/len-76573 ## LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914 ## LibreNMS : https://community.librenms.org/t/is-librenms-affected-by-vulnerable-to-cve-2021-25218-cve-2021-44228/17675/6 ## LifeRay : https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability ## Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 ## LiquidFiles : https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D ## LogicMonitor : https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228 ## LogRhythm : https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068 ## Looker : https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub # M ## Macchina io : https://twitter.com/macchina_io/status/1469611606569099269 ## MailCow : https://github.com/mailcow/mailcow-dockerized/issues/4375 ## ManageEngine Zoho : https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus ## ManageEngine Zoho : https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 ## MathWorks Matlab : https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time ## Matomo : https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 ## Mattermost FocalBoard : https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 ## McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091 ## MEINBERG : https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm ## Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37 ## MicroFocus : https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 ## Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ ## Microstrategy : https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US ## Mikrotik : https://forum.mikrotik.com/viewtopic.php?p=897938 ## Milestonesys : https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US ## Mimecast : https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability ## Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition ## MISP : https://twitter.com/MISPProject/status/1470051242038673412 ## Mitel : https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 ## MongoDB : https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb ## Moodle : https://moodle.org/mod/forum/discuss.php?d=429966 ## MoogSoft : https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 ## Mulesoft : https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 # N ## N-able : https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability ## Nagios : https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ ## NELSON : https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala ## NEO4J : https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856 ## NetApp : https://security.netapp.com/advisory/ntap-20211210-0007/ ## Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits ## Netgear : https://www.reddit.com/r/NETGEAR/comments/re5iqy/comment/ho9qlvb/ ## NewTek : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995403 ## NextGen Healthcare Mirth : https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526 ## Nexus Group : https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 ## Newrelic : https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-03/ ## NinjaRMM : https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- ## Nutanix : https://download.nutanix.com/alerts/Security_Advisory_0023.pdf ## Nvidia : https://nvidia.custhelp.com/app/answers/detail/a_id/5294 # O ## Octopus : https://advisories.octopus.com/adv/December.2306508680.html ## Okta : https://sec.okta.com/articles/2021/12/log4shell ## Onespan :https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 ## OnlyOffice : https://forum.onlyoffice.com/t/does-onlyoffice-documentserver-uses-log4j/841 ## Opengear : https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected ## OpenHab : https://github.com/openhab/openhab-distro/pull/1343 ## OpenNMS : https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ ## OpenMRS TALK : https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 ## OpenSearch : https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 ## OpenText XMFax : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995966 ## OpenTripPlanner : https://github.com/opentripplanner/OpenTripPlanner/issues/3785 ## Oracle : https://www.oracle.com/security-alerts/alert-cve-2021-44228.html ## OSQUERY : https://twitter.com/osquery/status/1470831336118124549 ## OxygenXML : https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html # P ## Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228 ## PaperCut : https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 ## Parse.ly : https://blog.parse.ly/parse-ly-log4shell/ ## PasswordState : https://www.reddit.com/r/passwordstate/comments/rf7d62/log4j_zeroday_log4shell_vulnerability/ ## Pebblehost : https://help.pebblehost.com/en/article/patching-the-log4j-rce-exploit-14wyvz0/ ## Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability ## Pentaho :https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- ## Phenix Id : https://support.phenixid.se/uncategorized/log4j-fix/ ## Phillips : https://www.philips.com/a-w/security/security-advisories.html ## PingIdentity : https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 ## Pitney Bowes : https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html ## Plesk : https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache ## Polycom : https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn21-08-poly-systems-apache.pdf ## PortSwigger : https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 ## Pretix : https://pretix.eu/about/de/blog/20211213-log4j/ ## PrimeKey : https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 ## Progress / IpSwitch : https://www.progress.com/security ## ProofPoint : https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 ## Prosys : https://prosysopc.com/news/important-security-release/ ## Proxmox : https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 ## PRTG Paessler : https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 ## PTC : https://www.ptc.com/en/support/alerts/log4j%20zero%20day%20vulnerability%20-%2020211211 ## PTV Group : https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information ## Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR ## Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ ## Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) ## PWM Project : https://github.com/pwm-project/pwm/issues/628 # Q ## QF-Test : https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html ## Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 ## QNAP : https://www.qnap.com/en-uk/security-advisory/qsa-21-58 ## Quest KACE : https://support.quest.com/kace-systems-management-appliance/kb/335869/is-the-kace-sma-affected-by-cve-2021-44228 # R ## Radware : https://support.radware.com/app/answers/answer_view/a_id/1029752 ## Rapid7 : https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/ ## Raritan : https://www.raritan.com/support ## Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ ## RedHat : https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 ## Redis : https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ ## Revenera / Flexera : https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 ## Riverbed : https://supportkb.riverbed.com/support/index?page=content&id=S35645 ## Rockwell Automation : https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 ## Rosetta UNOFICIAL : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993903 ## Rosette.com : https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability ## Rubrik : https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK ## Ruckus wireless : https://support.ruckuswireless.com/security_bulletins/313 ## Runecast : https://www.runecast.com/blog/runecast-6-0-1-0-covers-apache-log4j-java-vulnerability ## RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/ ## RSA SecurID: https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501 ## RSA Netwitness : https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 # S ## SAFE FME Server : https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j ## SAGE : https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 ## SailPoint : https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 ## Salesforce : https://help.salesforce.com/s/articleView?id=000363736&type=1 ## Sangoma :https://help.sangoma.com/community/s/article/Log4Shell ## SAP Advanced Platform : https://launchpad.support.sap.com/#/notes/3130698 ## SAP BusinessObjects : https://launchpad.support.sap.com/#/notes/3129956 ## SAP Global coverage : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3994039 ## SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html ## Savignano software solutions : https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify ## Schneider Electric : https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01 ## SDL worldServer : https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 ## Seafile : https://forum.seafile.com/t/urgent-zero-day-exploit-in-log4j/15575 ## Seagull Scientific : https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability ## SecurePoint : https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html ## Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html ## Seeburger : https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open ## SentinelOne : https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ ## SEP : https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 ## Server Eye : https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ ## ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 ## Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791 ## Shibboleth : http://shibboleth.net/pipermail/announce/2021-December/000253.html ## Siemens : https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf ## Signald : https://gitlab.com/signald/signald/-/issues/259 ## SingleWire : https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 ## Sitecore : https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 ## Skillable : https://skillable.com/log4shell/ ## SLF4J : http://slf4j.org/log4shell.html ## SmartBear : https://smartbear.com/security/cve-2021-44228/ ## SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 ## Snowflake : https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 ## Snyk : https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 ## Spigot : https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/ ## Software AG : https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 ## SolarWinds : https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 ## SonarSource : https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 ## Sonatype : https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild ## SonicWall : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 ## Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce ## Splashtop : https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/4412788262811-Is-Splashtop-affected-by-Apache-Log4j- ## Splunk : https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html ## Spring Boot : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot ## SOS Berlin : https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability ## StrangeBee TheHive & Cortex : https://blog.strangebee.com/apache-log4j-cve-2021-44228/ ## SumoLogic : https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 ## Superna EYEGLASS : https://manuals.supernaeyeglass.com/project-technical-advisories-all-products/HTML/technical-advisories.html#h2__1912345025 ## Suprema Inc : https://www.supremainc.com/en/ ## SUSE : https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ ## Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544 ## Storagement : https://www.storagement.de/index.php?action=topicofthemonth&site=log4j ## Sumologic : https://docs.google.com/document/d/e/2PACX-1vSdeODZ2E5k0aZgHm06OJWhDQWgtxxB0ZIrTsuQjg5xaoxlogmTVGdOWoSFtDlZBdHzY6ET6k6Sk-g1/pub ## Sweepwidget : https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 ## Swingset : https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10 ## Swyx : https://service.swyx.net/hc/de/articles/4412323539474 ## Syncplify : https://blog.syncplify.com/no-we-are-not-affected-by-log4j-vulnerability/ ## Synology : https://www.synology.com/en-global/security/advisory/Synology_SA_21_30 ## Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 ## SysAid : https://www.sysaid.com/lp/important-update-regarding-apache-log4j ## Sysdig : https://sysdig.com/blog/cve-critical-vulnerability-log4j/ # T ## Talend : https://jira.talendforge.org/browse/TCOMP-2054 ## Tanium : https://community.tanium.com/s/article/How-Tanium-Can-Help-with-CVE-2021-44228-Log4Shell#_Toc90296319 ## TealiumIQ : https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 ## Teamviewer : https://www.teamviewer.com/en/trust-center/security-bulletins/hotfix-log4j2-issue/ ## TechSmith : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995701 ## Tenable : https://www.tenable.com/log4j ## Thales : https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=02863d13db544110f0e3220805961914&sysparm_article=KB0025287 ## Thales (SafeNet) HSM : https://supportportal.thalesgroup.com/csm?id=kb_article_protected&sys_id=12acaed3dbd841105d310573f3961953 ## Threema UNOFICIAL : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3993316 ## Tibco : https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update ## TP-Link : https://community.tp-link.com/en/business/forum/topic/514452 ## TrendMicro : https://success.trendmicro.com/solution/000289940 ## Tricentis Tosca : https://support-hub.tricentis.com/open?number=NEW0001148&id=post ## Tripwire : https://www.tripwire.com/log4j # U ## Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 ## Ubuntu : https://ubuntu.com/security/CVE-2021-44228 ## Unify ATOS : https://networks.unify.com/security/advisories/OBSO-2112-01.pdf ## UniFlow : https://www.uniflow.global/en/security/security-and-maintenance/ ## Unimus : https://forum.unimus.net/viewtopic.php?f=7&t=1390#top ## USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability # V ## VArmour : https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility ## Varonis : https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 ## Veeam : https://www.veeam.com/kb4254 ## Venafi : https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice ## Veritas NetBackup : https://www.veritas.com/content/support/en_US/article.100052070 ## Vertica : https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used ## Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md ## VMware : https://www.vmware.com/security/advisories/VMSA-2021-0028.html # W ## Wallarm : https://lab.wallarm.com/cve-2021-44228-mitigation-update/ ## Wasp Barcode technologies : https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no ## WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ ## WildFlyAS : https://twitter.com/WildFlyAS/status/1469362190536818688 ## WitFoo : https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ ## Wodby Cloud : https://twitter.com/wodbycloud/status/1470125735914450950 ## World Programming WPS analytics : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995649 ## Wowza : https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve ## WSO2 : https://github.com/wso2/security-tools/pull/169 # X ## XCP-ng : https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact ## XenForo : https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ ## XPertDoc : https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727 ## Xray connector plugin : https://github.com/jenkinsci/xray-connector-plugin/issues/53 ## XWIKI : https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557 # Y ## Yandex-Cloud : https://github.com/yandex-cloud/docs/blob/6ff6c676787756e7dd6101c53b051e4cd04b3e85/ru/overview/security-bulletins/index.md#10122021--cve-2021-44228--%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5-%D0%BA%D0%BE%D0%B4%D0%B0-log4shell-apache-log4j ## Yellowbrick : https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability # Z ## Zabbix : https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/ ## ZAMMAD : https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 ## Zaproxy : https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ ## Zebra : https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html ## Zellis : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3995461 ## Zendesk : https://support.zendesk.com/hc/en-us/articles/4413583476122 ## Zenoss : https://support.zenoss.com/hc/en-us ## Zerto : https://help.zerto.com/kb/000004822 ## Zesty : https://www.zesty.io/mindshare/company-announcements/log4j-exploit/ ## Zimbra : https://bugzilla.zimbra.com/show_bug.cgi?id=109428 ## ZPE systems Inc : https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j ## Zowe : https://github.com/zowe/community/issues/1381 ## ZSCALER : https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021 ## Zyxel : https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml ## Errors, typos, something to say ? - If you want to add a link, comment or send it to me - Feel free to report any mistake directly below in the comment or in DM on Twitter [@SwitHak](https://twitter.com/SwitHak)