README.md

Log4j overview related software

This page contains an overview of any related software regarding the Log4j vulnerability. On this page NCSC-NL will maintain a list of all known vulnerable and not vulnerable software. Futhermore any reference to the software will contain specific information regarding which version contains the security fixes, and which software still requires mitigation. Please note that this vulnerability may also occur in custom software developed within your organisation. These occurrences are not registered in this overview.

NCSC-NL will use the following status:

Status	Description
Vulnerable	Software is vulnerable for CVE-2021-44228.
Fix	Software contains a fix for CVE-2021-44228
Workaround	Software is vulnerable but mitigation steps are available
Not vuln	Software is NOT vulnerable for CVE-2021-44228.
Investigation	Software is under investigation whether it is vulnerable or not

The Version relates to the Status column. If Status is Vulnerable, Version indicates vulnerable version(s). If Status is Fix, Version indicates the fixed version(s).

NCSC-NL has published a HIGH/HIGH advisory for the Log4j vulnerability. Normally we would update the HIGH/HIGH advisory for vulnerable software packages, however due to the extensive amounts of expected updates we have created a list of known vulnerable software in the software directory.

Software overview

0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0-9

Supplier	Product	Version (see Status)	Status	Notes	Links
3CX	All		Not vuln		source
7Signal	Sapphire		Fix	Fix released 2021-12-14	Corresp. with vendor

A

Supplier	Product	Version (see Status)	Status	Notes	Links
Accellence Technologies	vimacc	All	Not vuln		source
Accellence Technologies	EBÜS	All	Workaround	EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-partie software setups, which may be affected (source will be updated soon with further information).	source
Acronis	All		Investigation	See further information below	source
Acronis	Cyber Backup	12.5	Not vuln		source
Acronis	Cyber Files	8.6.2 onwards	Not vuln		source
Acronis	Cyber Infrastrcuture	3.5 and 4.x	Not vuln		source
Acronis	Cyber Protection Home Office	2017 onwards	Not vuln		source
Adobe	Cold Fusion		Investigation		source fix
AFAS	All		Not vuln		source
AIL	AIL	all	Not vuln		source
Alexion Software	Alexion CRM	All	Not vuln		source
Akamai	Eanterprise Application Access Connector		Not vulnerable		Source: Akamai support
Akamai	Siem Splunk Connector	=>1.4.10	Not vuln		source (paywall)
Akamai	Siem Splunk Connector	<1.4.10	Workaround	Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector.	source
Alertus	Console	5.15.0	Fix		source
Alphatron	AMiSconnect		Not Vuln		source
Alphatron	Custo diagnostics	5.4 to 5.6	Vuln	Potentially vulnerable through the HL7 and DICOM communication interfaces	source
Alphatron	JiveX		Not Vuln		source
Alphatron	Zorgbericht		Not Vuln		source
Amazon	AMS		Fix	AMS services are being addresed	source
Amazon	API Gateway		Fix	Update is in progress	source
Amazon	AWS CloudHSM	3.4.1	Fix		source
Amazon	AWS Elastic Beanstalk		Not vuln	Default configuration is not vulnerable	source
Amazon	AWS Glue		Fix	See source for more info	source
Amazon	AWS Greengrass		Fix	Updates for Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available	source
Amazon	AWS Lambda		Fix	Vulnerable when using aws-lambda-java-log4j2	source
Amazon	AWS SDK		Not vuln		source
Amazon	Cloudfront		Fix	CloudFront services have been updated	source
Amazon	Connect		Fix	Connect services have been updated	source
Amazon	DynamoDB		Fix	DynamoDB and DynamoDB Accelerator have been updated	source
Amazon	EC2		Fix	Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is	source, fix
Amazon	EMR		Not vuln	Default configuration is not vulnerable	source
Amazon	Kafka		Fix	Updates are being applied	source
Amazon	Keyspaces (for Apache Cassandra)		Fix	Has been updated	source
Amazon	Kinesis Data Analytics		Fix	Updates are available. See source for more information	source
Amazon	Lake Formation		Fix	Lake Formation is being updated	source
Amazon	MQ		Fix	All required updates have been completed	source
Amazon	Neptune		Not vuln	Probably not vulnerable, but Neptune clusters will be updated	source
Amazon	NICE		Fix	Recommended to update EnginFrame or Log4j library	source
Amazon	OpenSearch		Fix	Update is being deployed	source
Amazon	RDS		Fix	RDS and Aurora are being updated	source
Amazon	S3		Fix	All S3 systems are patched	source
Apache	Archiva	<2.2.6	Fix	Fixed in 2.2.6	source, fix
Apache	Camel	all	Not vuln		source
Apache	Cassandra	all	Not vuln		source
Apache	Druid	0.22.1	Fix		source
Apache	Dubbo	All versions	Fix		source
Apache	Flink	1.15.0, 1.14.1, 1.13.4	Fix		source
Apache	Fortress	< 2.0.7	Fix	Fixed in 2.0.7	source
Apache	Geode	1.14.0	Fix	Fixed in 1.12.6, 1.13.5, 1.14.1	source
Apache	Hadoop	3.3.1	Vulnerable	Assumed vulnerable, log4j is used.	source
Apache	James	3.6.0	Vulnerable		source
Apache	Jena	< 4.3.1	Fix	Fixed in 4.3.1	source
Apache	Kafka	All versions	Not vuln	Uses log4j 1.x	source
Apache	Karaf	Unknown	Vulnerable	Depends on PAX logging which is affected	source
Apache	Log4j	2.16.0	Fix		source
Apache	Maven	All Versions	Not Vuln		source
Apache	OFBiz	< 18.12.03	Fix	Fixed in 18.12.03	source
Apache	Ozone	< 1.2.1	Fix	Fixed in 1.2.1	source
Apache	SkyWalking	< 8.9.1	Fix	Fixed in 8.9.1	source
Apache	SOLR	7.4.0 to 7.7.3, 8.0.0 to 8.11.0	Fix	Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations	source
Apache	Spark	All versions	Not vuln	Uses log4j 1.x	source
Apache	Struts	2.5.28	Vulnerable		source
Apache	Tapestry	5.7.3	Vulnerable	Uses Log4j	source
Apache	Tika	2.0.0 and up	Vulnerable		source
Apache	Tomcat		Not vuln		source
Apache	TrafficControl		Vulnerable		source
Apache	Zookeeper		Not vuln	Zookeeper uses Log4j 1.2 version	source
APC	PowerChute Business Edition	Unknow to 10.0.2.301	Vulnerable
APC	PowerChute Network Shutdown	Unknow to 4.2.0	Vulnerable
Apereo	CAS	6.3.x & 6.4.x	Fix	Other versions still in active maintainance might need manual inspection	source
Apereo	Opencast	< 9.10, < 10.6	Fix		source
Apigee	Edge and OPDK products	All version	Not vuln		source
Aptible	Aptible	Search 5.x	Fix		source
Arduino	Arduino IDE	1.8.17	Fix		source
Arista Networks	CloudVision Portal	>2019.1.0	Vulnerable		source
Arista Networks	CloudVision Wi-Fi, virtual appliance or physical appliance	>8.8	Vulnerable		source
Arista Networks	Analytics Node for DANZ Monitoring Fabric (formerly Big Monitoring Fabric)	>7.0.0	Vulnerable		source
Arista Networks	Analytics Node for Converged Cloud Fabric (formerly Big Cloud Fabric)	>7.0.0	Vulnerable		source
Arista Networks	Embedded Analytics for Converged Cloud Fabric (formerly Big Cloud Fabric)	>5.3.0	Vulnerable		source
Arista Networks	CloudVision Portal	>2019.1.0	Vulnerable		source
Arista Networks	CloudVision Wi-Fi, virtual appliance or physical appliance	>8.8	Vulnerable		source
Atlassian	Bamboo Server & Data Center	On prem	Vulnerable	Only vulnerable when using non-default config, cloud version fixed	source
Atlassian	BitBucket Server	On prem	Workaround	source
Atlassian	Confluence Server & Data Center	On prem	Vulnerable	Only vulnerable when using non-default config, cloud version fixed	source
Atlassian	Crowd Server & Data Center	On prem	Vulnerable	Only vulnerable when using non-default config, cloud version fixed	source
Atlassian	Crucible	On prem	Vulnerable	Only vulnerable when using non-default config, cloud version fixed	source
Atlassian	Fisheye	On prem	Vulnerable	Only vulnerable when using non-default config, cloud version fixed	source
Atlassian	Jira Server & Data Center	On prem	Vulnerable	Only vulnerable when using non-default config, cloud version fixed	source
Avaya				source
Azure	Data lake store java	< 2.3.10	Not vuln	Fix has been made to upgrade log4j-core. But this dependency has scope 'test' meaning it is not part of the final product/artifact. So there's no risk for end users here.	source

B

Supplier	Product	Version (see Status)	Status	Notes	Links
Backblaze	Cloud	N/A (SaaS)	Fix	Cloud service patched	source
B. Braun	All		Not vuln		source
BD	Arctic Sun Analytics		Not vuln		source
BD	Diabetes Care App Cloud		Not vuln		source
BD	HealthSight Clinical Advisor		Not vuln		source
BD	HealthSight Data Manager		Not vuln		source
BD	HealthSight Diversion Management		Not vuln		source
BD	HealthSight Infection Advisor		Not vuln		source
BD	HealthSight Inventory Optimization Analytics		Not vuln		source
BD	HealthSight Medication Safety		Not vuln		source
BD	Knowledge Portal for Infusion Technologies		Not vuln		source
BD	Knowledge Portal for Medication Technologies		Not vuln		source
BD	Knowledge Portal for BD Pyxis Supply		Not vuln		source
BD	Synapsys Informatics Solution		Not vuln		source
BD	Veritor COVID At Home Solution Cloud		Not vuln		source
BeyondTrust	Privilege Management Cloud	Unknown	Not vuln		source
BeyondTrust	Privilege Management Reporting	Unknown	Not vuln		source
BigBlueButton	BigBlueButton	Unknown	Not vuln		source
Bitdefender	GravityZone On-Premises	Unknown	Not vuln		source
Bitnami	Unknown	Unknown	Fix		source
BMC Software	3270 SUPEROPTIMIZER/CICS		Not vuln		source
BMC Software	Application Restart Control for Db2		Not vuln		source
BMC Software	Application Restart Control for IMS		Not vuln		source
BMC Software	Application Restart Control for VSAM		Not vuln		source
BMC Software	Bladelogic Database Automation		Vulnerable	Fix expected on Dec 15th	source
BMC Software	BMC AMI Batch Optimizer		Not vuln		source
BMC Software	BMC AMI Capacity Management		Not vuln		source
BMC Software	BMC AMI Command Center for Security		Not vuln		source
BMC Software	BMC AMI Console management		Not vuln		source
BMC Software	BMC AMI Cost Management		Not vuln		source
BMC Software	BMC AMI Datastream for Ops		Not vuln		source
BMC Software	BMC AMI Defender for Db2		Not vuln		source
BMC Software	BMC AMI Defender for Ops Insight		Not vuln		source
BMC Software	BMC AMI Defender for z/Linux		Not vuln		source
BMC Software	BMC AMI Defender for z/OS		Not vuln		source
BMC Software	BMC AMI Defender for z/VM		Not vuln		source
BMC Software	BMC AMI Defender TCP/IP Receiver		Not vuln		source
BMC Software	BMC AMI Enterprise Connector		Not vuln		source
BMC Software	BMC AMI Ops Automation for Capping		Not vuln		source
BMC Software	BMC AMI Ops Common Rest API (CRA)		Vulnerable	Fix expected on Dec 14th	source
BMC Software	BMC AMI Ops for Networks		Not vuln		source
BMC Software	BMC AMI Ops Infrastructure (MVI) - CRA component		Vulnerable	Fix expected on Dec 14th	source
BMC Software	BMC AMI Ops Insight		Vulnerable	Fix expected on Dec 14th	source
BMC Software	BMC AMI Ops Monitor for CMF		Not vuln		source
BMC Software	BMC AMI Ops Monitor for IMS Offline		Not vuln		source
BMC Software	BMC AMI Ops Monitor for IMS Online		Not vuln		source
BMC Software	BMC AMI Ops Monitor for USS		Not vuln		source
BMC Software	BMC AMI Ops Monitor for z/OS		Not vuln		source
BMC Software	BMC AMI Ops Monitor SYSPROG Services		Not vuln		source
BMC Software	BMC AMI Ops UI		Vulnerable	Fix expected on Dec 14th	source
BMC Software	BMC AMI Recovery for VSAM		Not vuln		source
BMC Software	BMC AMI Security Administrator		Not vuln		source
BMC Software	BMC AMI Security Policy Manager		Not vuln		source
BMC Software	BMC AMI Security Privileged Access Manager (also called BMC AMI Security Breakglass)		Not vuln		source
BMC Software	BMC AMI Security Self Service Password Reset		Not vuln		source
BMC Software	BMC AMI Storage		Not vuln		source
BMC Software	BMC AMI Utilities		Not vuln		source
BMC Software	BMC Client Management		Vulnerable	Fix expected on Dec 14th	source
BMC Software	BMC Compuware Abend-Aid		Not vuln		source
BMC Software	BMC Compuware Application Audit		Not vuln		source
BMC Software	BMC Compuware DevEnterprise		Not vuln		source
BMC Software	BMC Compuware Enterprise Common Components (ECC)		Not vuln		source
BMC Software	BMC Compuware Enterprise Services (CES)		Not vuln		source
BMC Software	BMC Compuware Enterprise Services		Not vuln		source
BMC Software	BMC Compuware File-AID Data Privacy		Not vuln		source
BMC Software	BMC Compuware File-AID Data Solutions		Not vuln		source
BMC Software	BMC Compuware File-AID for DB2		Not vuln		source
BMC Software	BMC Compuware File-AID for IMS		Not vuln		source
BMC Software	BMC Compuware File-AID/MVS		Not vuln		source
BMC Software	BMC Compuware File-AID/RDX		Not vuln		source
BMC Software	BMC Compuware Hiperstation ALL Product Offerings		Not vuln		source
BMC Software	BMC Compuware ISPW		Not vuln		source
BMC Software	BMC Compuware iStrobe		Not vuln		source
BMC Software	BMC Compuware Program Analyzer		Not vuln		source
BMC Software	BMC Compuware Storage Backup and Recovery		Not vuln		source
BMC Software	BMC Compuware Storage Migration		Not vuln		source
BMC Software	BMC Compuware Storage Performance		Not vuln		source
BMC Software	BMC Compuware ThruPut Manager		Not vuln		source
BMC Software	BMC Compuware Topaz Enterprise Data		Not vuln		source
BMC Software	BMC Compuware Topaz for Java Performance		Not vuln		source
BMC Software	BMC Compuware Topaz for Total Test		Not vuln		source
BMC Software	BMC Compuware Topaz Program Analysis		Not vuln		source
BMC Software	BMC Compuware Topaz Workbench		Not vuln		source
BMC Software	BMC Compuware Xpediter/CICS		Not vuln		source
BMC Software	BMC Compuware Xpediter/Code Coverage		Not vuln		source
BMC Software	BMC Compuware Xpediter/TSO and IMS		Not vuln		source
BMC Software	BMC Compuware Xpediter/Xchange		Not vuln		source
BMC Software	BMC Compuware zAdviser		Not vuln		source
BMC Software	BMC Db2 Admin		Not vuln		source
BMC Software	BMC Db2 SQL Performance		Not vuln		source
BMC Software	BMC Defender Agent Configuration Manager		Not vuln		source
BMC Software	BMC Defender Agent for SAP		Not vuln		source
BMC Software	BMC Defender Agent for Unix/Linux		Not vuln		source
BMC Software	BMC Defender Agent for Windows		Not vuln		source
BMC Software	BMC Defender App for Splunk		Not vuln		source
BMC Software	BMC Defender SIEM Correlation Server		Not vuln		source
BMC Software	BMC Defender SIEM for Motorola		Not vuln		source
BMC Software	BMC Defender SIEM for NNT		Not vuln		source
BMC Software	BMC Defender SyslogDefender		Not vuln		source
BMC Software	BMC Defender Windows Agent for Splunk		Not vuln		source
BMC Software	BMC Discovery		Fix	Fix available in BMC’s Electronic Product Download site (EPD)	source
BMC Software	BMC Helix Continuous Optimization – Agents		Not vuln		source
BMC Software	BMC Helix Continuous Optimization		Vulnerable	Fix expected on Dec 15th	source
BMC Software	BMC Helix Knowledge Management		Not vuln		source
BMC Software	BMC License Usage Collection Utility		Vulnerable	Fix expected on Dec 14th	source
BMC Software	BMC Plus Utilities		Not vuln		source
BMC Software	BMC Recovery Management – BMC AMI LogMaster, Recovery Manager, Copy, Recover		Not vuln		source
BMC Software	Cloud Lifecycle Management		Not vuln		source
BMC Software	CMDB		Vulnerable		source
BMC Software	Common Components: Next Generation Logger (NGL), Runtime Component System (RTCS), User Interface Middleware (UIM)		Not vuln		source
BMC Software	Control-M		Vulnerable		source
BMC Software	ExceptionReporter		Not vuln		source
BMC Software	Footprints		Not vuln		source
BMC Software	Helix Data Manager		Vulnerable		source
BMC Software	KMs - Sybase KM & Linux (RHEV)		Fix	Fix available in BMC’s Electronic Product Download site (EPD)	source
BMC Software	MainView Explorer		Not vuln		source
BMC Software	MainView Middleware Administrator		Not vuln		source
BMC Software	MainView Middleware Monitor		Vulnerable	Fix expected on Dec 20th	source
BMC Software	MainView Transaction Analyzer		Not vuln		source
BMC Software	PATROL Agent		Not vuln		source
BMC Software	Release Process Management		Not vuln		source
BMC Software	Remedy ITSM (IT Service Management)		Not vuln		source
BMC Software	Remedy Smart Reporting		Vulnerable		source
BMC Software	Resident Security Server		Not vuln		source
BMC Software	Track-It!		Not vuln		source
BMC Software	TrueSight App Visibility Manager		Vulnerable	Fix expected on Dec 15th	source
BMC Software	TrueSight Automation Console		Vulnerable	Fix expected on Dec 17th	source
BMC Software	TrueSight Automation for Networks		Vulnerable	Fix expected on Dec 13th	source
BMC Software	TrueSight Automation for Servers - Data Warehouse		Vulnerable	Fix expected on Dec 17th	source
BMC Software	TrueSight Automation for Servers		Vulnerable	Fix expected on Dec 17th	source
BMC Software	TrueSight Capacity Optimization – Agents		Not vuln		source
BMC Software	TrueSight Capacity Optimization		Not vuln		source
BMC Software	TrueSight Infrastructure Management		Vulnerable		source
BMC Software	TrueSight IT Data Analytics		Vulnerable	Fix expected on Dec 15th	source
BMC Software	TrueSight Operations Management		Vulnerable	Fix expected on Dec 16th	source
BMC Software	TrueSight Orchestration		Not vuln		source
BMC Software	TrueSight Smart Reporting		Vulnerable	Fix expected on Dec 14th	source
BMC Software	TSCO For Mainframes		Not vuln		source
BMC Software	TSOM Smart Reporting		Vulnerable	Fix expected on Dec 14th	source
BMC Software	ULTRAOPT/CICS		Not vuln		source
BMC Software	ULTRAOPT/IMS		Not vuln		source
BMC Software	zDetect		Not vuln		source
Brian Pangburn	SwingSet	< 4.0.6	Fix		source
Broadcom	Advanced Secure Gateway (ASG)	Unknown	Investigation		source
Broadcom	BCAAA	Unknown	Investigation		source
Broadcom	CA Advanced Authentication	9.1 & 9.1.01 & 9.1.02	Workaround		source
Broadcom	CloudSOC Cloud Access Security Broker (CASB)	Unknown	Not vuln		source
Broadcom	Cloud Workload Assurance (CWA)	Unknown	Not vuln		source
Broadcom	Cloud Workload Protection (CWP)	Unknown	Investigation		source
Broadcom	Cloud Workload Protection for Storage (CWP:S)	Unknown	Not vuln		source
Broadcom	Cloud Workload Protection for Storage (CWP:S)	Unknown	Not vuln		source
Broadcom	Content Analysis (CA)(SEPM)	Unknown	Investigation		source
Broadcom	Critical System Protection (CSP)	Unknown	Not vuln		source
Broadcom	Data Center Security (DCS)	Unknown	Not vuln		source
Broadcom	Data Loss Prevention (DLP)	Unknown	Not vuln		source
Broadcom	Email Security Service (ESS)	Unknown	Investigation		source
Broadcom	Ghost Solution Suite (GSS)	Unknown	Not vuln		source
Broadcom	HSM Agent	Unknown	Investigation		source
Broadcom	Industrial Control System Protection (ICSP)	Unknown	Not vuln		source
Broadcom	Information Centric Analytics (ICA)	Unknown	Not vuln		source
Broadcom	Integrated Cyber Defense Exchange (ICDx)	Unknown	Investigation		source
Broadcom	Integrated Cyber Defense Manager (ICDm)	Unknown	Investigation		source
Broadcom	Integrated Secure Gateway (ISG)	Unknown	Investigation		source
Broadcom	IT Analytics (ITA)	Unknown	Not vuln		source
Broadcom	IT Management Suite	Unknown	Not vuln		source
Broadcom	IT Management Suite	Unknown	Not vuln		source
Broadcom	Layer7 API Developer Portal	Unknown	Investigation		source
Broadcom	Layer7 API Gateway	Unknown	Not vuln		source
Broadcom	Layer7 API Gateway	Unknown	Not vuln		source
Broadcom	Layer7 Mobile API Gateway	Unknown	Not vuln		source
Broadcom	Layer7 Mobile API Gateway	Unknown	Not vuln		source
Broadcom	LiveUpdate Administrator (LUA)	Unknown	Investigation		source
Broadcom	Management Center (MC)	Unknown	Investigation		source
Broadcom	PacketShaper (PS) S-Series	Unknown	Not vuln		source
Broadcom	PolicyCenter (PC) S-Series	Unknown	Not vuln		source
Broadcom	Privileged Access Manager Server Control	Unknown	Investigation		source
Broadcom	Privileged Access Manager	Unknown	Investigation		source
Broadcom	Privileged Identity Manager	Unknown	Investigation		source
Broadcom	ProxySG	Unknown	Not vuln		source
Broadcom	ProxySG	Unknown	Not vuln		source
Broadcom	Reporter	Unknown	Investigation		source
Broadcom	Secure Access Cloud (SAC)	Unknown	Investigation		source
Broadcom	Security Analytics (SA)	Unknown	Not vuln		source
Broadcom	Security Analytics (SA)	Unknown	Not vuln		source
Broadcom	ServiceDesk	Unknown	Not vuln		source
Broadcom	SiteMinder (CA Single Sign-On)	12.8.x Policy Server, 12.8.04 or later Administrative UI, 12.8.x Access Gateway, 12.8.x SDK, 12.7 and 12.8 ASA Agents	Fix, Workaround		source
Broadcom	SSL Visibility (SSLV)	Unknown	Investigation		source
Broadcom	Symantec Control Compliance Suite (CCS)	Unknown	Not vuln		source
Broadcom	Symantec Control Compliance Suite (CCS)	Unknown	Not vuln		source
Broadcom	Symantec Directory	Unknown	Not vuln		source
Broadcom	Symantec Directory	Unknown	Not vuln		source
Broadcom	Symantec Endpoint Detection and Response (EDR)	Unknown	Investigation		source
Broadcom	Symantec Endpoint Encryption (SEE)	Unknown	Not vuln		source
Broadcom	Symantec Endpoint Protection Manager (SEPM)	14.3	Workaround		source
Broadcom	Symantec Endpoint Protection (SEP) Agent	Unknown	Not vuln		source
Broadcom	Symantec Endpoint Protection (SEP) for Mobile	Unknown	Investigation		source
Broadcom	Symantec Endpoint Protection (SEP)	Unknown	Investigation		source
Broadcom	Symantec Identity Governance and Administration (IGA)	Unknown	Not vuln		source
Broadcom	Symantec Mail Security for Microsoft Exchange (SMSMSE)	Unknown	Not vuln		source
Broadcom	Symantec Messaging Gateway (SMG)	Unknown	Not vuln		source
Broadcom	Symantec PGP Solutions	Unknown	Not vuln		source
Broadcom	Symantec Protection Engine (SPE)	Unknown	Not vuln		source
Broadcom	Symantec Protection for SharePoint Servers (SPSS)	Unknown	Not vuln		source
Broadcom	VIP Authentication Hub	Unknown	Investigation		source
Broadcom	VIP	Unknown	Not vuln		source
Broadcom	Web Isolation (WI)	Unknown	Investigation		source
Broadcom	WebPulse	Unknown	Investigation		source
Broadcom	Web Security Service (WSS))	Unknown	Investigation		source

C

Supplier	Product	Version (see Status)	Status	Notes	Links
Carbon Black	Cloud Workload Appliance	Unknown	Mitigation	More information on pages linked bottom of blogpost (behind login)	source
Carbon Black	EDR Servers	Unknown	Mitigation	More information on pages linked bottom of blogpost (behind login)	source
Cerebro	Cerebro Elasticsearch Web Admin	All	Not vuln	Uses logback for logging	source
Cerberus	FTP	Unknown	Not vuln		source
Cerebrate	Cerebrate	All	Not vuln		source
Check Point	Quantum Security Gateway	All	Not vuln		source
Check Point	Quantum Security Management	All	Not vuln		source
Check Point	CloudGuard	All	Not vuln		source
Check Point	Infinity Portal	All	Not vuln		source
Check Point	Harmony Endpoint & Harmony Mobile	All	Not vuln		source
Check Point	SMB	All	Not vuln		source
Check Point	ThreatCloud	All	Not vuln		source
Chef	Infra Server	All	Not vuln		source
Chef	Automate	All	Not vuln		source
Chef	Backend	All	Not vuln		source
Cisco	General Cisco Disclaimer	Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly
Cisco	ACI Multi-Site Orchestrator	Unknown	Not vuln		source
Cisco	ACI Virtual Edge	Unknown	Investigation		source
Cisco	Adaptive Security Appliance (ASA) Software	Unknown	Not vuln		source
Cisco	Adaptive Security Device Manager	Unknown	Not vuln		source
Cisco	Advanced Web Security Reporting Application	Unknown	Vulnerable		source
Cisco	Aironet 1560 Series Access Points	Unknown	Not vuln		source
Cisco	Aironet 1810 Series OfficeExtend Access Points	Unknown	Not vuln		source
Cisco	Aironet 1810w Series Access Points	Unknown	Not vuln		source
Cisco	Aironet 1815 Series Access Points	Unknown	Not vuln		source
Cisco	Aironet 1830 Series Access Points	Unknown	Not vuln		source
Cisco	Aironet 1850 Series Access Points	Unknown	Not vuln		source
Cisco	Aironet 2800 Series Access Points	Unknown	Not vuln		source
Cisco	Aironet 3800 Series Access Points	Unknown	Not vuln		source
Cisco	AMP Virtual Private Cloud Appliance	Unknown	Investigation		source
Cisco	AnyConnect Secure Mobility Client	All versions	Not vuln		source
Cisco	AppDynamics	<21.12.0	Fix		source
Cisco	Application Policy Infrastructure Controller (APIC)	Unknown	Not vuln		source
Cisco	ASR 5000 Series Routers	Unknown	Not vuln		source
Cisco	Broadcloud Calling	Unknown	Investigation		source
Cisco	BroadWorks	Unknown	Vulnerable		source
Cisco	Business Process Automation	Unknown	Not vuln		source
Cisco	Catalyst 9800 Series Wireless Controllers	Unknown	Not vuln		source
Cisco	CloudCenter Action Orchestrator	Unknown	Not vuln		source
Cisco	CloudCenter Suite Admin	Unknown	Vulnerable		source
Cisco	CloudCenter Workload Manager	Unknown	Investigation		source
Cisco	Cloud Email Security	Unknown	Investigation		source
Cisco	Cloud Services Platform 2100	All versions	Not vuln		source
Cisco	Cloud Services Platform 5000 Series	All versions	Not vuln		source
Cisco	Cognitive Intelligence	Unknown	Investigation		source
Cisco	Common Services Platform Collector	Unknown	Not vuln		source
Cisco	Computer Telephony Integration Object Server (CTIOS)	Unknown	Vulnerable		source
Cisco	ConfD	Unknown	Not vuln		source
Cisco	Connected Grid Device Manager	Unknown	Not vuln		source
Cisco	Connected Mobile Experiences	Unknown	Not vuln		source
Cisco	Connectivity	Unknown	Investigation		source
Cisco	Contact Center Domain Manager (CCDM)	Unknown	Vulnerable		source
Cisco	Contact Center Management Portal (CCMP)	Unknown	Vulnerable		source
Cisco	Container Platform	Unknown	Not vuln		source
Cisco	Content Security Management Appliance (SMA)	Unknown	Not vuln		source
Cisco	Crosswork Change Automation	Unknown	Vulnerable		source
Cisco	CX Cloud Agent Software	Unknown	Not vuln		source
Cisco	Data Center Network Manager (DCNM)	Unknown	Vulnerable		source
Cisco	Defense Orchestrator	Unknown	Investigation		source
Cisco	DNA Assurance	Unknown	Investigation		source
Cisco	DNA Center	Unknown	Vulnerable		source
Cisco	DNA Spaces	Unknown	Investigation		source
Cisco	Duo	Unknown	Fix		source
Cisco	Elastic Services Controller (ESC)	Unknown	Not vuln		source
Cisco	Email Security Appliance (ESA)	Unknown	Not vuln		source
Cisco	Emergency Responder	Unknown	Vulnerable		source
Cisco	Enterprise Chat and Email	Unknown	Vulnerable		source
Cisco	Enterprise NFV Infrastructure Software (NFVIS)	Unknown	Investigation		source
Cisco	Evolved Programmable Network Manager	Unknown	Vulnerable		source
Cisco	Exony Virtualized Interaction Manager (VIM)	Unknown	Investigation		source
Cisco	Expressway Series	Unknown	Not vuln		source
Cisco	Extensible Network Controller (XNC)	Unknown	Not vuln		source
Cisco	Finesse	Unknown	Vulnerable		source
Cisco	Firepower 4100 Series	Unknown	Not vuln		source
Cisco	Firepower 9300 Security Appliances	Unknown	Investigation		source
Cisco	Firepower Management Center	Unknown	Not vuln		source
Cisco	Firepower Threat Defense (FTD)	Unknown	Vulnerable		source
Cisco	GGSN Gateway GPRS Support Node	Unknown	Not vuln		source
Cisco	Hosted Collaboration Mediation Fulfillment	Unknown	Not vuln		source
Cisco	HyperFlex System	Unknown	Not vuln		source
Cisco	Identity Services Engine (ISE)	Unknown	Vulnerable		source
Cisco	Integrated Management Controller (IMC) Supervisor	Unknown	Vulnerable		source
Cisco	Intersight	Unknown	Investigation		source
Cisco	Intersight Virtual Appliance	Unknown	Vulnerable		source
Cisco	IOS and IOS XE Software	Unknown	Not vuln		source
Cisco	IOS XR Software	Unknown	Not vuln		source
Cisco	IoT Field Network Director (formerly Cisco Connected Grid Network Management System)	Unknown	Not vuln		source
Cisco	IoT Operations Dashboard	Unknown	Investigation		source
Cisco	IOx Fog Director	Unknown	Investigation		source
Cisco	IP Services Gateway (IPSG)	Unknown	Not vuln		source
Cisco	Jabber Guest	All versions	Not vuln		source
Cisco	Kinetic for Cities	Unknown	Investigation		source
Cisco	Managed Services Accelerator (MSX) Network Access Control Service	Unknown	Investigation		source
Cisco	MDS 9000 Series Multilayer Switches	Unknown	Not vuln		source
Cisco	Meeting Server	Unknown	Not vuln		source
Cisco	Meraki GO	Unknown	Not vuln		source
Cisco	Meraki MR	Unknown	Not vuln		source
Cisco	Meraki MS	Unknown	Not vuln		source
Cisco	Meraki MT	Unknown	Not vuln		source
Cisco	Meraki MV	Unknown	Not vuln		source
Cisco	Meraki MX	Unknown	Not vuln		source
Cisco	Meraki System Manager	Unknown	Not vuln		source
Cisco	Meraki Z-Series	Unknown	Not vuln		source
Cisco	MME Mobility Management Entity	Unknown	Not vuln		source
Cisco	Mobility Services Engine	Unknown	Not vuln		source
Cisco	Mobility Unified Reporting and Analytics System	Unknown	Not vuln		source
Cisco	Modeling Labs	Unknown	Not vuln		source
Cisco	Network Assessment (CNA) Tool	Unknown	Investigation		source
Cisco	Network Assurance Engine	Unknown	Vulnerable		source
Cisco	Network Convergence System 2000 Series	Unknown	Investigation		source
Cisco	Network Planner	Unknown	Investigation		source
Cisco	Network Services Orchestrator (NSO)	< nso-5.3.5.1, nso-5.4.5.2, nso-5.5.4.1, nso-5.6.3.1	Vulnerable	Fixes expected 17-Dec	source
Cisco	Nexus 3000 Series Switches	Unknown	Not vuln		source
Cisco	Nexus 5500 Platform Switches	Unknown	Not vuln		source
Cisco	Nexus 5600 Platform Switches	Unknown	Not vuln		source
Cisco	Nexus 6000 Series Switches	Unknown	Not vuln		source
Cisco	Nexus 7000 Series Switches	Unknown	Not vuln		source
Cisco	Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode	Unknown	Not vuln		source
Cisco	Nexus 9000 Series Switches in standalone NX-OS mode	Unknown	Not vuln		source
Cisco	Nexus Dashboard (formerly Cisco Application Services Engine)	<2.1.2	Vulnerable	Fixes expected 7-Jan-2022	source
Cisco	Nexus Data Broker	Unknown	Not vuln		source
Cisco	Nexus Insights	Unknown	Investigation		source
Cisco	Optical Network Planner	Unknown	Investigation		source
Cisco	Packaged Contact Center Enterprise	Unknown	Vulnerable		source
Cisco	Paging Server (InformaCast)	Unknown	Investigation		source
Cisco	Paging Server	Unknown	Investigation		source
Cisco	PDSN/HA Packet Data Serving Node and Home Agent	Unknown	Not vuln		source
Cisco	PGW Packet Data Network Gateway	Unknown	Not vuln		source
Cisco	Policy Suite	Unknown	Not vuln		source
Cisco	Prime Access Registrar	Unknown	Not vuln		source
Cisco	Prime Cable Provisioning	Unknown	Not vuln		source
Cisco	Prime Central for Service Providers	Unknown	Investigation		source
Cisco	Prime Collaboration Assurance	Unknown	Not vuln		source
Cisco	Prime Collaboration Deployment	Unknown	Not vuln		source
Cisco	Prime Collaboration Manager	Unknown	Investigation		source
Cisco	Prime Collaboration Provisioning	Unknown	Not vuln		source
Cisco	Prime Infrastructure	Unknown	Investigation		source
Cisco	Prime IP Express	Unknown	Not vuln		source
Cisco	Prime License Manager	Unknown	Not vuln		source
Cisco	Prime Network	Unknown	Not vuln		source
Cisco	Prime Network Registrar	Unknown	Not vuln		source
Cisco	Prime Optical for Service Providers	Unknown	Not vuln		source
Cisco	Prime Performance Manager	Unknown	Not vuln		source
Cisco	Prime Provisioning	Unknown	Not vuln		source
Cisco	Prime Service Catalog	Unknown	Investigation		source
Cisco	Registered Envelope Service	Unknown	Not vuln		source
Cisco	SD-WAN vEdge 1000 Series Routers	Unknown	Not vuln		source
Cisco	SD-WAN vEdge 2000 Series Routers	Unknown	Not vuln		source
Cisco	SD-WAN vEdge 5000 Series Routers	Unknown	Not vuln		source
Cisco	SD-WAN vEdge Cloud Router Platform	Unknown	Not vuln		source
Cisco	SD-WAN vManage	Unknown	Vulnerable		source
Cisco	Secure Network Analytics (SNA), formerly Stealthwatch	Unknown	Investigation		source
Cisco	Security Manager	Unknown	Not vuln		source
Cisco	Smart Software Manager On-Prem	Unknown	Not vuln		source
Cisco	SocialMiner	All versions	Not vuln		source
Cisco	System Architecture Evolution Gateway (SAEGW)	Unknown	Not vuln		source
Cisco	TelePresence Management Suite	Unknown	Not vuln		source
Cisco	TelePresence Video Communication Server (VCS)	Unknown	Not vuln		source
Cisco	Tetration Analytics	All versions	Not vuln		source
Cisco	UCS Central Software	Unknown	Not vuln		source
Cisco	UCS C-Series Rack Servers - Integrated Management Controller	Unknown	Not vuln		source
Cisco	UCS Director	Unknown	Vulnerable		source
Cisco	UCS Manager	Unknown	Not vuln		source
Cisco	UCS Performance Manager	Unknown	Investigation		source
Cisco	Ultra Packet Core	Unknown	Not vuln		source
Cisco	Umbrella	Unknown	Investigation		source
Cisco	Unified Attendant Console Advanced	Unknown	Not vuln		source
Cisco	Unified Attendant Console Business Edition	Unknown	Not vuln		source
Cisco	Unified Attendant Console Department Edition	Unknown	Not vuln		source
Cisco	Unified Attendant Console Enterprise Edition	Unknown	Not vuln		source
Cisco	Unified Attendant Console Premium Edition	Unknown	Not vuln		source
Cisco	Unified Communications Domain Manager	Unknown	Not vuln		source
Cisco	Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition	Unknown	Vulnerable		source
Cisco	Unified Communications Manager Cloud	Unknown	Vulnerable		source
Cisco	Unified Communications Manager IM & Presence Service (formerly CUPS)	Unknown	Vulnerable		source
Cisco	Unified Contact Center Enterprise - Live Data server	Unknown	Vulnerable		source
Cisco	Unified Contact Center Enterprise	Unknown	Vulnerable		source
Cisco	Unified Contact Center Express	Unknown	Vulnerable		source
Cisco	Unified Customer Voice Portal	Unknown	Not vuln		source
Cisco	Unified Intelligence Center	Unknown	Not vuln		source
Cisco	Unified Intelligent Contact Management Enterprise	Unknown	Vulnerable		source
Cisco	Unified SIP Proxy Software	Unknown	Vulnerable		source
Cisco	Unity Connection	Unknown	Vulnerable		source
Cisco	Unity Express	Unknown	Not vuln		source
Cisco	Video Surveillance Media Server	Unknown	Not vuln		source
Cisco	Video Surveillance Operations Manager	<7.14.4	Vulnerable	Fixes expected 16-Dec-2021	source
Cisco	Virtualized Voice Browser	Unknown	Investigation		source
Cisco	Virtual Topology System - Virtual Topology Controller (VTC) VM	Unknown	Investigation		source
Cisco	Vision Dynamic Signage Director	Unknown	Not vuln		source
Cisco	WAN Automation Engine (WAE)	Unknown	Vulnerable		source
Cisco	Webex App	Unknown	Not vuln		source
Cisco	Webex Cloud-Connected UC (CCUC)	Unknown	Vulnerable		source
Cisco	Webex Meetings Server	CWMS-3.0MR4SP2, CWMS-4.0MR4SP2	Vulnerable	Fixes expcteded 14-Dec-2021	source
Cisco	Webex Room Phone	Unknown	Not vuln		source
Cisco	Web Security Appliance (WSA)	Unknown	Not vuln		source
Cisco	Wide Area Application Services (WAAS)	All versions	Not vuln		source
Cisco	Cisco Wireless LAN Controller	Unknown	Not vuln		source
CIS-CAT	CSAT Pro	< 1.7.1	Vulnerable	Upgrade to v1.7.1 to be released 16/12	source
CIS-CAT	CIS-CAT Pro Assessor v4	< 4.13.0	Vulnerable	Upgrade to v4.13.0 to be released 16/12	source
CIS-CAT	CIS-CAT Pro Assessor Service v4	< 1.13.0	Vulnerable	Upgrade to v1.13.0 to be released 16/12	source
CIS-CAT	CIS-CAT Pro Assessor v3	< 3.0.77	Vulnerable	Upgrade to v3.0.77 to be released 16/12	source
CIS-CAT	CIS-CAT Pro Dashboard	All	Not vuln		source
Citrix	Analytics	Unknown	Investigation		source
Citrix	Application Delivery Management (NetScaler MAS)	All versions	Not vuln		source
Citrix	Endpoint Management (XenMobile Server)	Unknown	Investigation		source
Citrix	Hypervisor (XenServer)	Unknown	Not Vuln		source
Citrix	NetScaler ADC	All versions	Not vuln		source
Citrix	NetScaler Gateway	All versions	Not vuln		source
Citrix	SD-WAN	All versions	Not vuln		source
Citrix	Sharefile	Unknown	Not vuln		source
Citrix	Virtual Apps and Desktops (XenApp & XenDesktop)	Unknown	Investigation	Not vulnerable: App Layering, Delivery Controller, Director, FAS, HDX, Profile Management, PVS, Session Recording, Storefront, Studio, Windows VDA, WEM	source
Citrix	Workspace App	All versions	Not vuln		source
Citrix	Workspace	Unknown	Not vuln		source
Clavister	EasyAccess	<= 4.1.2	Workaround		source
Clavister	InCenter	<= 1.68.03, 2.0.0 and 2.1.0	Workaround		source
CODESYS	all	all	Not vuln		source
Commvault	Cloud Apps & Oracle & MS-SQL	All supported versions	Fix		source
Connect2id	Connect2id server	< 12.5.1	Fix		source
Connectwise	Global search capability of Manage Cloud	Unknown	Mitigation		source
Connectwise	Manage on-premise's Global Search	Unknown	Mitigation		source
Connectwise	Marketplace	Unknown	Mitigation		source
Connectwise	Perch	Unknown	Fix		source
Connectwise	StratoZen	Unknown	Mitigation	Urgent action for self-hosted versions	source
Contrast	Hosted SaaS Enviroments	All	Fix		source
Contrast	Java Agent	All	Not vuln		source
Contrast	On-premises (EOP) Environments	All	Fix/Mitigation		source
Contrast	Scan	All	Fix		source
ControlUp	All products	All versions	Fix		source
Copadata	Zenon product family	All	Not vuln		source
Coralogix	Coralogix	Unknown	Fix		source
Couchbase	Couchbase ElasticSearch connector	< 4.3.3 & < 4.2.13	Fix		source
cPanel	cPanel	Unknown	Mitigation		source
Cryptshare	Cryptshare for Notes	All	Not vuln		source
Cryptshare	Cryptshare for NTA 7516	All	Not vuln		source
Cryptshare	Cryptshare for Outlook	All	Not vuln		source
Cryptshare	Cryptshare Java API	All	Not vuln		source
Cryptshare	Cryptshare .NET API	All	Not vuln		source
Cryptshare	Cryptshare Robot	All	Not vuln		source
Cryptshare	Cryptshare Server	All	Not vuln		source
Cyberark	Cloud Entitlements Manager		Not Vuln		source
Cyberark	Endpoint Privilege Manager (EPM) - Agents		Not Vuln		source
Cyberark	Endpoint Privilege Manager (EPM) - EPM Server (On-Premise)		Not Vuln		source
Cyberark	Endpoint Privilege Manager (EPM) - Service (SaaS)		Not Vuln		source
Cyberark	HTML5 Gateway		Not Vuln		source
Cyberark	Identity - Mobile App		Not vuln		source
Cyberark	Identity - On-Premise Components		Not vuln		source
Cyberark	Identity - Secure Web Sessions (SWS)		Fix		source
Cyberark	Identity - Service (SaaS)		Not vuln		source
Cyberark	Legacy Sensitive Information Management (SIM)		Not vuln		source
Cyberark	Marketplace components - Certified and Trusted Marketplace Components		Not vuln		source
Cyberark	Marketplace components - CPM Plugins		Not vuln		source
Cyberark	Marketplace components - PSM Connection Components		Not vuln		source
Cyberark	On-Demand Privileges Manager (OPM)		Not Vuln		source
Cyberark	PAS Self Hosted (Vault, PVWA, CPM, PSM, PSMP)		Not Vuln		source
Cyberark	Privilege Cloud - On-Premise Components		Not Vuln		source
Cyberark	Privilege Cloud - Service (SaaS)		Fix	Mitigation applied. No further action required by customers	source
Cyberark	Privileged Threat Analytics (PTA)		Workaround		source, workaround
Cyberark	Remote Access (Alero) - Connector		Fix		source
Cyberark	Remote Access (Alero) - Mobile App		Not vuln		source
Cyberark	Remote Access (Alero) - Service (SaaS)		Fix	Mitigation applied. No further action required by customers	source
Cyberark	Secrets Manager Conjur Enterprise		Not vuln		source
Cyberark	Secrets Manager Credential Providers		Not vuln		source
Cybereason	All Cybereason products	Unknown	Not vuln		source

D

Supplier	Product	Version (see Status)	Status	Notes	Links
DatadogHQ	Datadog Agent	6 < 6.32.2, 7 < 7.32.2	Fix/workaround	JMX monitoring component leverages an impacted version of log4j	source
DataNet Quality Systems	WinSPC		Not vuln	Note: this is not WinSCP. This is a Statistical Process Control software.	Email from customer support. See vendor-statements folder.
Datev	All Datev products	Unknown	Vulnerable	german source	source
Dataverse	The Dataverse Project		Vulnerable		source
Datto	All Datto products	Unknown	Not vuln		source
Debian	Apache-log4j.1.2	stretch, buster, bullseye	Fix		source
Debian	Apache-log4j2	stretch, buster, bullseye	Fix		source
Dell	Alienware Command Center	Unknown	Not vuln		source
Dell	Alienware OC Controls	Unknown	Not vuln		source
Dell	Alienware On Screen Display	Unknown	Not vuln		source
Dell	Alienware Update	Unknown	Not vuln		source
Dell	APEX Console	Unknown	Vulnerable	Cloud environment patch in progress	source
Dell	APEX Data Storage Services	Unknown	Vulnerable	Cloud environment patch in progress	source
Dell	Atmos	Unknown	Not vuln		source
Dell	Cloud IQ	Unknown	Vulnerable	Cloud environment patch in progress	source
Dell	BSAFE Crypto-C Micro Edition	Unknown	Not vuln		source
Dell	BSAFE Crypto-J	Unknown	Not vuln		source
Dell	BSAFE Micro Edition Suite	Unknown	Not vuln		source
Dell	Centera	Unknown	Not vuln		source
Dell	Chassis Management Controller (CMC)	Unknown	Not vuln		source
Dell	Cloud Mobility for Dell EMC Storage	Unknown	Not vuln		source
Dell	Cloudlink	Unknown	Not vuln		source
Dell	Data Domain OS	Unknown	Vulnerable	Workaround expected 12/15	source
Dell	Disk Library for Mainframe	Unknown	Not vuln		source
Dell	Embedded NAS	Unknown	Not vuln		source
Dell	EMC Avamar	Unknown	Vulnerable	See DSA-2021-277	source
Dell	EMC Cloud Disaster Recovery	Unknown	Vulnerable	Workaround expected 12/15	source
Dell	EMC DataIQ	Unknown	Not vuln		source
Dell	EMC Data Protection Central	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	EMC Data Protection Search	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	EMC ECS	Unknown	Vulnerable	Patch expected 12/17	source
Dell	EMC Enterprise Storage Analytics for vRealize Operations	Unknown	Fix	See DSA-2021-278	source
Dell	EMC Integrated System for Microsoft Azure Stack Hub	Unknown	Not vuln		source
Dell	EMC License Manager	Unknown	Not vuln		source
Dell	EMC NetWorker	Unknown	Vulnerable	Workaround expected 12/15	source
Dell	EMC NetWorker VE	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	EMC Networking Onie	Unknown	Not vuln		source
Dell	EMC ObjectScale	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	EMC PowerFlex Appliance	Unknown	Vulnerable	Workaround expected 12/15	source
Dell	EMC PowerFlex Manager	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	EMC PowerFlex Rack	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	EMC PowerMax	Unknown	Not vuln		source
Dell	EMC PowerPath	Unknown	Not vuln		source
Dell	EMC PowerPath Management Appliance	Unknown	Not vuln		source
Dell	EMC PowerProtect Cyber Recovery	Unknown	Not vuln		source
Dell	EMC PowerProtect Data Manager	Unknown	Vulnerable	Workaround expected 12/15	source
Dell	EMC PowerProtect DP Series Appliance (iDPA)	Unknown	Vulnerable	Workaround expected 12/15	source
Dell	EMC PowerScale OneFS	Unknown	Not vuln		source
Dell	EMC PowerShell for PowerMax	Unknown	Not vuln		source
Dell	EMC PowerShell for Powerstore	Unknown	Not vuln		source
Dell	EMC PowerShell for Unity	Unknown	Not vuln		source
Dell	EMC PowerStore	Unknown	Vulnerable	Patch expected 12/31	source
Dell	EMC RecoverPoint	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	EMC Repository Manager (DRM)	Unknown	Not vuln		source
Dell	EMC SourceOne	Unknown	Not vuln		source
Dell	EMC SRM vApp	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	EMC Streaming Data Platform	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	EMC Systems Update (DSU)	Unknown	Not vuln		source
Dell	EMC Unity	Unknown	Vulnerable	Patch expected 12/31	source
Dell	EMC Virtual Storage Integrator	Unknown	Not vuln		source
Dell	EMC VPLEX	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	EMC VxRail	Unknown	Vulnerable	See DSA-2021-265	source
Dell	EMC XtremIO	Unknown	Not vuln		source
Dell	Enterprise Hybrid Cloud	Unknown	Vulnerable	See DSA-2021-270	source
Dell	GeoDrive	Unknown	Not vuln		source
Dell	Hybrid Client (DHC)	Unknown	Not vuln		source
Dell	ImageAssist	Unknown	Not vuln		source
Dell	Insight IQ	Unknown	Not vuln		source
Dell	Integrated Dell Remote Access Controller (iDRAC)	Unknown	Not vuln		source
Dell	IsilonSD Management Server	Unknown	Not vuln		source
Dell	Mainframe Enablers	Unknown	Not vuln		source
Dell	MyDell Mobile	Unknown	Not vuln		source
Dell	NetWorker Management Console	Unknown	Not vuln		source
Dell	Networking N-Series	Unknown	Not vuln		source
Dell	Networking OS 10	Unknown	Not vuln		source
Dell	Networking OS 9	Unknown	Not vuln		source
Dell	Networking SD-WAN Edge	Unknown	Investigation		source
Dell	Networking W-Series	Unknown	Not vuln		source
Dell	Networking X-Series	Unknown	Not vuln		source
Dell	OMIMSSC (OpenManage Integration for Microsoft System Center)	Unknown	Not vuln		source
Dell	Open Manage Mobile	Unknown	Not vuln		source
Dell	Open Manage Server Administrator	Unknown	Not vuln		source
Dell	Open Management Enterprise - Modular	Unknown	Vulnerable	Patch expected 12/17	source
Dell	OpenManage Change Management	Unknown	Not vuln		source
Dell	OpenManage Enterprise	Unknown	Vulnerable	Patch expected 12/17	source
Dell	OpenManage Enterprise Services	Unknown	Vulnerable	Patch expected 12/17	source
Dell	OpenManage Integration for Microsoft System Center for System Center Operations Manager	Unknown	Not vuln		source
Dell	OpenManage Integration with Microsoft Windows Admin Center	Unknown	Not vuln		source
Dell	OpenManage Network Integration	Unknown	Not vuln		source
Dell	PowerEdge BIOS	Unknown	Not vuln		source
Dell	Remotely Anywhere	Unknown	Not vuln		source
Dell	Secure Connect Gateway (SCG) 5.0 Appliance	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	Smart Fabric Storage Software	Unknown	Not vuln		source
Dell	Solutions Enabler	Unknown	Not vuln		source
Dell	Sonic	Unknown	Not vuln		source
Dell	SRS Policy Manager	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	SRS VE	Unknown	Not vuln		source
Dell	SupportAssist Client Commercial	Unknown	Not vuln		source
Dell	SupportAssist Client Consumer	Unknown	Not vuln		source
Dell	SupportAssist Enterprise	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	Unisphere Central	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	Unisphere for PowerMax	Unknown	Not vuln		source
Dell	Vblock	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	ViPR Controller	Unknown	Not vuln		source
Dell	VNX Control Station	Unknown	Not vuln		source
Dell	VNX1	Unknown	Not vuln		source
Dell	VNX2	Unknown	Not vuln		source
Dell	VNXe 1600	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	VNXe 3200	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	Vsan Ready Nodes	Unknown	Not vuln		source
Dell	VxBlock	Unknown	Vulnerable	Fix Release Timeline TBD	source
Dell	VxFlex Ready Nodes	Unknown	Vulnerable	Workaround expected 12/15	source
Dell	Wyse Management Suite	Unknown	Vulnerable	See DSA-2021-267	source
Dell	Wyse Management Suite Import Tool	Unknown	Not vuln		source
Dell	Wyse Proprietary OS (ThinOS)	Unknown	Not vuln		source
Dell	Wyse Windows Embedded	Unknown	Vulnerable	Fix Release Timeline TBD	source
Devolutions	All products		Not vuln		source
Docker	Docker infrastructure	Unknown	Not vuln	Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source.	source
Dropwizard	Dropwizard	Unknown	Not vuln	Only vulnerable if you manually added Log4j	source
Dynatrace	ActiveGates	1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926	Fix		source
Dynatrace	Dynatrace Cloud Services	Unknown	Fix		source

E

Supplier	Product	Version (see Status)	Status	Notes	Links
EAL	ATS Classic	All Versions	Not Vuln		See vendor-statements
EclecticIQ	TIP	< 2.11	Vulnerable	The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation. see link in their own fix for Logstash (Support account needed, ongoing investigation)	source/fix
Elastic	APM Java Agent	1.17.0-1.28.0	Workaround	Only vulnerable with specific configuration	source
Elastic	APM Server		Not Vuln		source
Elastic	Beats		Not Vuln		source
Elastic	Cmd		Not Vuln		source
Elastic	Elastic Agent		Not Vuln		source
Elastic	Elastic Cloud Enterprise		Not Vuln		source
Elastic	Elastic Cloud		Not Vuln		source
Elastic	Elastic Cloud on Kubernetes		Not Vuln		source
Elastic	Elastic Endgame		Not Vuln		source
Elastic	Elastic Maps Service		Not Vuln		source
Elastic	Elasticsearch	< 6.8.9, 7 - 7.8	Fix	Information leakage vulnerability, Fixed in 7.16.1 and 6.8.21	source
Elastic	Endpoint Security		Not Vuln		source
Elastic	Enterprise Search		Not Vuln		source
Elastic	Fleet Server		Not Vuln		source
Elastic	Kibana		Not Vuln		source
Elastic	Logstash	< 6.8.21, < 7.16.1	Fix	No known remote code execution exposure, Fixed in 6.8.21, 7.16.1	source
Elastic	Machine Learning		Not Vuln		source
Elastic	Swiftype		Investigation		source
ELO	Digital Office		Not Vuln		source
ESET	All products	Unknown	Not vuln		source
Esri	ArcGIS Enterprise and related products	< 10.8.0	Vulnerable		source
estos	All products	Unknown	Not vuln		source
EVL Labs	JGAAP	<8.0.2	Fix		source
Exivity	Exivity On-Premise	All version	Not Vuln		source
Exact	All Products		Not vuln		source NL, source EN
Evolveum	midPoint		Not vuln		source
eXtreme Hosting	All products	Unknown	Not vuln		source
Extreme Networks	200-series		Investigation		source
Extreme Networks	BOSS		Not vuln		source
Extreme Networks	EXOS		Not vuln		source
Extreme Networks	Extreme AirDefense		Not vuln		source
Extreme Networks	Extreme Campus Controller (ExtremeCloud Appliance)		Not vuln		source
Extreme Networks	Extreme Fabric Automation (EFA)		Not vuln		source
Extreme Networks	Extreme Management Center (XMC)		Not vuln		source
Extreme Networks	Extreme Visibility Manager (XVM)		Not vuln		source
Extreme Networks	ExtremeAnalytics		Not vuln		source
Extreme Networks	ExtremeCloud A3		Investigation		source
Extreme Networks	ExtremeCloud IQ		Not vuln		source
Extreme Networks	ExtremeConnect		Not vuln		source
Extreme Networks	ExtremeControl		Not vuln		source
Extreme Networks	ExtremeGuest		Investigation		source
Extreme Networks	ExtremeLocation		Not vuln		source
Extreme Networks	ExtremeWireless (Identifi)		Not vuln		source
Extreme Networks	Fabric Manager		Not vuln		source
Extreme Networks	HiveManager Classic On-Premises		Not vuln		source
Extreme Networks	HiveManager Classic Online		Not vuln		source
Extreme Networks	IQEngine (HiveOS)		Not vuln		source
Extreme Networks	IQVA		Vulnerable		source
Extreme Networks	ISW		Investigation		source
Extreme Networks	NetIron OS		Investigation		source
Extreme Networks	Network OS		Investigation		source
Extreme Networks	SLX-OS		Investigation		source
Extreme Networks	Traffic Sensor		Not vuln		source
Extreme Networks	VOSS		Not vuln		source
Extreme Networks	WiNG		Not vuln		source
Extreme Networks	XIQ-SE		Not vuln		source
Ewon	eCatcher	6.7.6	Fix		source

F

Supplier	Product	Version (see Status)	Status	Notes	Links
F5	All products		Not Vuln	F5 products themselves are not vulnerable, but F5 published guidance on mitigating through BIG-IP ASM/Advanced WAF and NGINX App Protect	source
Fiix	CMMS core	V5	Fix		source
FileCap	All products	<5.1.0	Vulnerable	Fix: 5.1.1	source
Forcepoint	Advanced Malware Detection		Not vuln	source
Forcepoint	Behavioral Analytics		Investigation	source
Forcepoint	Bitglass SSE		Not vuln	source
Forcepoint	CASB		Investigation	source
Forcepoint	Content Gateway		Not vuln	source
Forcepoint	DDP/DUP/DPS		Investigation	source
Forcepoint	Directory Synchronization Client		Not vuln	source
Forcepoint	DLP Manager		Workaround	source
Forcepoint	Email Security		Not vuln	source
Forcepoint	Forcepoint Cloud Security Gateway (CSG)		Not vuln	source
Forcepoint	Insider Threat		Not vuln	source
Forcepoint	Next Generation Firewall (NGFW)		Not vuln	source
Forcepoint	Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder		Not vuln	source
Forcepoint	Next Generation Firewall Security Management Center, and virtual SMC appliances (NGFW)		Workaround	source
Forcepoint	One Endpoint		Not vuln	source
Forcepoint	Private Access		Not vuln	source
Forcepoint	Remote Browser Isolation		Not vuln	source
Forcepoint	Security Manager (Web, Email and DLP)		Workaround	source
Forcepoint	Web Security		Investigation	source
Forescout			Investigation		source
ForgeRock	Autonomous Identity		Workaround	all other ForgeRock products not vuln	source
Fortinet	FortiAIOps		Vulnerable		source
Fortinet	FortiAnalyzer Cloud		Not Vuln		source
Fortinet	FortiAnalyzer		Not Vuln		source
Fortinet	FortiAP		Not Vuln		source
Fortinet	FortiAuthenticator		Not Vuln		source
Fortinet	FortiCASB		Vulnerable		source
Fortinet	FortiConvertor		Vulnerable		source
Fortinet	FortiDeceptor		Not Vuln		source
Fortinet	FortiEDR Agent		Not Vuln		source
Fortinet	FortiEDR Cloud		Vulnerable		source
Fortinet	FortiGate Cloud		Not Vuln		source
Fortinet	FortiGSLB Cloud		Not Vuln		source
Fortinet	FortiMail		Not Vuln		source
Fortinet	FortiManager Cloud		Not Vuln		source
Fortinet	FortiManager		Not Vuln		source
Fortinet	FortiNAC		Vulnerable		source
Fortinet	FortiNAC		Vulnerable		source
Fortinet	FortiOS (includes FortiGate & FortiWiFi)		Not Vuln		source
Fortinet	FortiPhish Cloud		Not Vuln		source
Fortinet	FortiPolicy		Vulnerable		source
Fortinet	FortiPortal		Vulnerable		source
Fortinet	FortiRecorder		Not Vuln		source
Fortinet	FortiSIEM		Vulnerable		source
Fortinet	FortiSOAR		Vulnerable		source
Fortinet	FortiSwitch Cloud in FortiLANCloud		Not Vuln		source
Fortinet	FortiSwitch & FortiSwitchManager		Not Vuln		source
Fortinet	FortiToken Cloud		Not Vuln		source
Fortinet	FortiVoice		Not Vuln		source
Fortinet	FortiWeb Cloud		Not Vuln		source
Fortinet	ShieldX		Vulnerable		source
F-Secure	Endpoint Proxy	13-15	Fix		source
F-Secure	Policy Manager	13-15	Fix		source
F-Secure	Policy Manager Proxy	13-15	Fix		source
FusionAuth	FusionAuth	1.32	Not Vuln		source

G

Supplier	Product	Version (see Status)	Status	Notes	Links
Genesys	All products		Investigation		source
GeoSolutions	GeoServer	All versions	Not vuln		source
GeoSolutions	Geonetwork	All versions	Workaround		source
GFI Software	Kerio Connect		Vulnerable		source
GitHub	Github Enterprise Server	3.3.1, 3.2.6, 3.1.14, 3.0.22	Fix		source
GitLab	GitLab		Not vuln		source
GoAnywhere	Agents	Unknown	Workaround		source
GoAnywhere	Gateway	Unknown	Workaround		source
GoAnywhere	MFT	Unknown	Workaround		source
Gradle	Gradle		Not vuln	Gradle Scala Compiler Plugin depends upon log4j-core but it is not used.	source
Gradle	Gradle Enterprise	2021.3.6	Fix		source
Gradle	Gradle Enterprise Test Distribution Agent	1.6.2	Fix		source
Gradle	Gradle Enterprise Build Cache Node	10.1	Fix		source
Grafana	All products		Not vuln		source
Gravwell	All products		Not vuln	Gravwell products do not use Java	source
Graylog	Graylog	< 3.3.15,<4.0.14,<4.1.9,<4.2.3	Fix	The vulnerable Log4j library is used to record GrayLog's own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system.	source
GuardedBox	GuardedBox	<3.1.2	Fix		source

H

Supplier	Product	Version (see Status)	Status	Notes	Links
HackerOne	Unknown	Unknown	Fix		source
Hashicorp	All products		Not Vuln		source
HCL Software	BigFix Insights	Unknown	Not vuln		source
HCL Software	BigFix Insights for Vulnerability Remediation	Unknown	Not vuln		source
HCL Software	BigFix Compliance	Unknown	Investigation		source
HCL Software	BigFix Compliance	Unknown	Investigation		source
HCL Software	BigFix Compliance	Unknown	Workaround		source
HCL Software	BigFix Inventory	Unknown	Workaround		source
Helpsystems	Clearswift Secure Email Gateway	5.4.0 ,5.3.0	Vulnerable	Investigation	source
Helpsystems	Clearswift Secure Exchange Gateway	5.4.0 ,5.3.0	Vulnerable	Investigation	source
Helpsystems	Clearswift Secure Web Gateway	5.4.0 ,5.3.0	Vulnerable	Investigation	source
Helpsystems	Clearswift Secure ICAP Gateway	5.4.0 ,5.3.0	Vulnerable	Investigation	source
HCL Software	BigFix Compliance	> 2.0.1 ; < 2.0.4	Workaround		source
HCL Software	BigFix Inventory	< 10.0.7	Workaround		source
HCL Software	BigFix Lifecycle	Unknown	Not vuln		source
HCL Software	BigFix Mobile	Unknown	Not vuln		source
HCL Software	BigFix Patch	Unknown	Not vuln		source
Hexagon	ERDAS APOLLO Advantage & Professional	Unknown	Investigation		source
Hexagon	ERDAS APOLLO Essentials	Unknown	Not vuln		source
Hexagon	GeoMedia SmartClient	Unknown	Not vuln		source
Hexagon	GeoMedia	Unknown	Not vuln		source
Hexagon	GeoMedia WebMap	Unknown	Not vuln		source
Hexagon	Geospatial Portal	Unknown	Not vuln		source
Hexagon	Geospatial SDI	Unknown	Not vuln		source
Hexagon	ImageStation	Unknown	Not vuln		source
Hexagon	IMAGINE	Unknown	Not vuln		source
Hexagon	Luciad Fusion	Unknown	Not vuln	The only risk is if Log4J was implemented outside of the default product install	source
Hexagon	Luciad Lightspeed	Unknown	Not vuln	The only risk is if Log4J was implemented outside of the default product install	source
Hexagon	M.App Enterprise standalone or with Luciad Fusion	Unknown	Not vuln		source
Hexagon	M.App Enterprise	Unknown	Investigation	Might be vulnerable only when used with Geoprocessing Server	source
Hitachi Energy			Investigation		source
Hitachi Vantara	Pentaho	v8.3.x, v9.2.x	Not vuln		source
HostiFi	Unifi hosting	Unknown	Fix	Hosted Unifi solution	source
HPE	3PAR StoreServ Arrays		Not vuln		source
HPE	AirWave Management Platform		Not vuln		source
HPE	Alletra 6000		Not vuln		source
HPE	Alletra 9k		Not vuln		source
HPE	Aruba Central		Not vuln		source
HPE	Aruba ClearPass Policy Manager		Not vuln		source
HPE	Aruba ClearPass Policy Manager		Not vuln		source
HPE	Aruba Instant (IAP)		Not vuln		source
HPE	Aruba Location Services		Not vuln		source
HPE	Aruba NetEdit		Not vuln		source
HPE	ArubaOS-CX switches		Not vuln		source
HPE	ArubaOS SD-WAN Controllers and Gateways		Not vuln		source
HPE	ArubaOS-S switches		Not vuln		source
HPE	ArubaOS Wi-Fi Controllers and Gateways		Not vuln		source
HPE	Aruba PVOS Switches		Not vuln		source
HPE	Aruba SDN VAN Controller		Not vuln		source
HPE	Aruba User Experience Insight (UXI)		Not vuln		source
HPE	Aruba VIA Client		Not vuln		source
HPE	BladeSystem Onboard Administrator		Not vuln		source
HPE	Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy		Not vuln		source
HPE	Brocade 16Gb SAN Switch for HPE BladeSystem c-Class		Not vuln		source
HPE	Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy		Not vuln		source
HPE	Brocade Network Advisor		Not vuln		source
HPE	CloudAuth		Not vuln		source
HPE	CloudPhysics		Not vuln		source
HPE	Compute Cloud Console		Not vuln		source
HPE	Compute operations manager- FW UPDATE SERVICE (internal name olive)		Not vuln		source
HPE	COS (Cray Operating System)		Not vuln		source
HPE	Cray Systems Management (CSM)		Not vuln		source
HPE	Custom SPP Portal (https://spp.hpe.com/custom)		Not vuln		source
HPE	Data Services Cloud Console		Not vuln		source
HPE	General information HPE		Investigation	Security bulletins for affected products will be posted on HPE Support Center, as the results of the investigation become available in the near future. HPE products not listed below are either vulnerable or undergoing investigation.	source
HPE	Harmony Data Platform		Not vuln		source
HPE	HOP public services (grafana, vault, rancher, Jenkins)		Not vuln		source
HPE	HPE B-series SN2600B SAN Extension Switch		Not vuln		source
HPE	HPE B-series SN4000B SAN Extension Switch		Not vuln		source
HPE	HPE B-series SN6000B Fibre Channel Switch		Not vuln		source
HPE	HPE B-series SN6500B Fibre Channel Switch		Not vuln		source
HPE	HPE B-series SN6600B Fibre Channel Switch		Not vuln		source
HPE	HPE B-series SN6650B Fibre Channel Switch		Not vuln		source
HPE	HPE B-series SN6700B Fibre Channel Switch		Not vuln		source
HPE	HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager		Not vuln		source
HPE	HPE Infosight for Servers		Not vuln		source
HPE	HPE OneView for VMware vRealize Operations (vROps)		Not vuln		source
HPE	HPE OneView Global Dashboard		Not vuln		source
HPE	HPE OneView		Not vuln		source
HPE	HPE Performance Cluster Manager (HPCM)		Not vuln		source
HPE	HPE Slingshot		Not vuln		source
HPE	HPE SN3000B Fibre Channel Switch		Not vuln		source
HPE	HPE SN8000B 4-Slot SAN Director Switch		Not vuln		source
HPE	HPE SN8000B 8-Slot SAN Backbone Director Switch		Not vuln		source
HPE	HPE SN8600B 4-Slot SAN Director Switch		Not vuln		source
HPE	HPE SN8600B 8-Slot SAN Director Switch		Not vuln		source
HPE	HPE SN8700B 4-Slot Director Switch		Not vuln		source
HPE	HPE SN8700B 8-Slot Director Switch		Not vuln		source
HPE	HPE Synergy Image Streamer		Not vuln		source
HPE	HPE Systems Insight Manager (SIM)		Not vuln		source
HPE	HPE Virtual Connect Enterprise Manager (VCEM)		Not vuln		source
HPE	HPE Virtual Connect		Not vuln		source
HPE	HPE Virtual Server Environment (VSE)		Not vuln		source
HPE	Insight Cluster Management Utility (CMU)		Not vuln		source
HPE	Integrated Lights-Out 4 (iLO 4)		Not vuln		source
HPE	Integrated Lights-Out 5 (iLO 5)		Not vuln		source
HPE	Integrated Lights-Out (iLO) Amplifier Pack		Not vuln		source
HPE	Integrity BL860c, BL870c, BL890c		Not vuln		source
HPE	Integrity Superdome 2		Not vuln		source
HPE	Integrity Superdome X		Not vuln		source
HPE	Intelligent Provisioning		Not vuln		source
HPE	iSUT integrated smart update tool		Not vuln		source
HPE	Maven Artifacts (Atlas)		Not vuln		source
HPE	MSA		Not vuln		source
HPE	NetEdit		Not vuln		source
HPE	Nimble Storage		Not vuln		source
HPE	NS-T0634-OSM CONSOLE TOOLS		Not vuln		source
HPE	NS-T0977-SCHEMA VALIDATOR		Not vuln		source
HPE	ntegrity Rx2800/Rx2900		Not vuln		source
HPE	OfficeConnect		Not vuln		source
HPE	Primera Storage		Not vuln		source
HPE	RepoServer part of OPA (on Premises aggregator)		Not vuln		source
HPE	Resource Aggregator for Open Distributed Infrastructure Management		Not vuln		source
HPE	RESTful Interface Tool (iLOREST)		Not vuln		source
HPE	SAT (System Admin Toolkit)		Not vuln		source
HPE	Scripting Tools for Windows PowerShell (HPEiLOCmdlets)		Not vuln		source
HPE	SGI MC990 X Server		Not vuln		source
HPE	SGI UV 2000 Server		Not vuln		source
HPE	SGI UV 3000 Server		Not vuln		source
HPE	SGI UV 300, 300H, 300RL, 30EX		Not vuln		source
HPE	Silver Peak Orchestrator		Workaround		source, workaround
HPE	SN8700B 8-Slot Director Switch		Not vuln		source
HPE	StoreEasy		Not vuln		source
HPE	StoreEver CVTL		Not vuln		source
HPE	StoreEver LTO Tape Drives		Not vuln		source
HPE	StoreEver MSL Tape Libraries		Not vuln		source
HPE	StoreOnce		Not vuln		source
HPE	SUM (Smart Update Manager)		Not vuln		source
HPE	Superdome Flex 280		Not vuln		source
HPE	Superdome Flex Server		Not vuln		source
HPE	UAN (User Access Node)		Not vuln		source
Huawei	All products		Investigation		source

I

Supplier	Product	Version (see Status)	Status	Notes	Links
IBM	All products		Investigation		source
IBM	Curam SPM	8.0.0, 7.0.11	Vulnerable		source
IBM	IBM Netezza Analytics for NPS	All versions <= 11.2.21	Vulnerable	Fix should be available from 14th Dec	source
IBM	IBM Netezza Analytics	All versions <= 3.3.9	Vulnerable	Fix should be available from 14th Dec	source
IBM	IBM Security Access Manager	9.0.7-ISS-ISAM-FP0002	Fix		source
IBM	IBM Security Access Manager	10.0.2-ISS-ISVA-FP0000	Fix		source
IBM	IBM MQ	iFix 9.2-IBM-MQ-LinuxX64-LAIT39386	Fix		source
IBM	Sterling Fulfillment Optimizer	Unknown	Vulnerable		source
IBM	Sterling Inventory Visibility	Unknown	Vulnerable		source
IBM	Sterling Order Management	Unknown	Not vuln		source
IBM	VM Manager Tool (part of License Metric Tool)	>9.2.21,<9.2.26	Vulnerable		source
IBM	Websphere	8.5	Vulnerable	fix: PH42728	source
IBM	Websphere	9.0	Vulnerable	fix: PH42728	source
IGEL	Universal Management Suite		Workaround		source
iGrafix	All	Latest	Fix		source
Illumio	C-VEN		Not vuln		source
Illumio	CLI		Not vuln		source
Illumio	CloudSecure		Not vuln		source
Illumio	Core on-premise PCE		Not vuln		source
Illumio	Core SaaS PCE		Not vuln		source
Illumio	Edge SaaS PCE		Not vuln		source
Illumio	Edge-CrowdStrike		Not vuln		source
Illumio	Flowlink		Not vuln		source
Illumio	Kubelink		Not vuln		source
Illumio	NEN		Not vuln		source
Illumio	QRadar App		Not vuln		source
Illumio	Splunk App		Not vuln		source
Illumio	VEN		Not vuln		source
Inductive Automation	Ignition	All versions	Not Vuln		source
Informatica	Axon	7.2.x	Workaround		source
Informatica	Data Privacy Management	10.5, 10.5.1	Workaround		source
Informatica	Information Deployment Manager		Fix		source
Informatica	Metadata Manager	10.4, 10.4.1, 10.5, 10.5.1	Workaround		source
Informatica	PowerCenter	10.5.1	Workaround		source
Informatica	PowerExchange for CDC (Publisher) and Mainframe	10.5.1	Workaround		source
Informatica	Product 360	All versions	Workaround		source
Informatica	Secure Agents (Cloud hosted)	Unknown	Fix	Fixed agents may need to be restarted	source
Infoblox	All products	All versions	Not Vuln		source
IronNet	All products	All verisons	Investigation		source
ISL Online	All products	All versions	Not Vuln		source
ISPNext	All products	All versions	Not Vuln		source
Ivanti	Avalache	6.3.[0-3]	Fix	Information behind login	source
Ivanti	Core Connector	All versions	Workaround	Information behind login	source
Ivanti	File Director	All versions	Workaround	Information behind login	source
Ivanti	MobileIron Core	All versions	Workaround	Information behind login	source
Ivanti	MobileIron Sentry	9.13, 9.14	Workaround	Information behind login	source

J

Supplier	Product	Version (see Status)	Status	Notes	Links
JFrog	all products		Not Vuln		source
Jamf Nation	Jamf Cloud	Unknown	Fix		source
Jamf Nation	Jamf Pro (hosted on-prem)	< 10.34.1	See notes	<10.14 vulnerable, 10.14-10.34 patch, >= 10.34.1 fix	source
Jamf Nation	Health Care Listener	Unknown	Not Vuln		source
Jamf Nation	Jamf Connect	Unknown	Not Vuln		source
Jamf Nation	Jamf Data Policy	Unknown	Not Vuln		source
Jamf Nation	Jamf Infrastructure Manager	Unknown	Not Vuln		source
Jamf Nation	Jamf Now	Unknown	Not Vuln		source
Jamf Nation	Jamf Private Access	Unknown	Not Vuln		source
Jamf Nation	Jamf Protect	Unknown	Not Vuln		source
Jamf Nation	Jamf School	Unknown	Not Vuln		source
Jamf Nation	Jamf Threat Defense	Unknown	Not Vuln		source
Jazz/IBM	JazzSM DASH	Unknown	See notes	DASH on WebSphere Application Server requires mitigations	source
Jenkins	Jenkins CI	Unknown	Not Vuln	Invidivual plugins not developed as part of Jenkins core may be vulnerable.	source
JetBrains	IntelliJ IDEA and other IntelliJ platform based IDEs	Unknown	Not vuln		source
JetBrains	All .NET tools	Unknown	Not vuln		source
JetBrains	ToolBox	Unknown	Not vuln		source
JetBrains	TeamCity	Unknown	Not vuln		source
JetBrains	Hub	2021.1.14080	Fix		source
JetBrains	YouTrack Standalone	2021.4.35970	Fix		source
JetBrains	YouTrack InCloud	Unknown	Fix		source
JetBrains	Datalore	Unknown	Not vuln		source
JetBrains	Space	Unknown	Not vuln		source
JetBrains	Code With Me	Unknown	Fix		source
JetBrains	Gateway	Unknown	Not vuln		source
JetBrains	Kotlin	Unknown	Not vuln		source
JetBrains	Ktor	Unknown	Not vuln		source
JetBrains	MPS	Unknown	Not vuln		source
JetBrains	Floating license server	30211	Fix		source
JetBrains	UpSource	2020.1.1952	Fix		source
JGraph	DrawIO	All	Not vuln		source
Jitsi	jitsi-videobridge	v2.1-595-g3637fda42	Fix		source
jPOS	(ISO-8583) bridge	Unknown	Not Vuln		source
Juniper Networks	Cross Provisioning Platform	Unspecified	Under investigation		source
Juniper Networks	JSA Series	Unspecified	Under investigation		source
Juniper Networks	Juniper Networks Advanced Threat Prevention (JATP)	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks AppFormix	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Apstra System	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks CTPOS and CTPView	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Connectivity Services Director	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Contrail products: Contrail Analytics, Contrail Cloud, Contrail Networking or Contrail Service Orchestration	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks ICEAAA Manager	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks JATP Cloud	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Juniper Identity Management Services (JIMS)	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Juniper Mist Edge	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Juniper Sky Enterprise	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Junos OS Evolved	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Junos OS	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Mist Access Points	Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63.	Not Vuln		source
Juniper Networks	Juniper Networks Network Director	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Policy Enforcer	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks ScreenOS	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks SecIntel	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Security Director Insights	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Security Director	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Session Smart Router (Formerly 128T)	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Space SDK	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks Standalone Log Collector 20.1 (as also used by Space Security Director)	Unspecified	Not Vuln		source
Juniper Networks	Juniper Networks products using Wind River Linux in Junos OS and Junos OS Evolved	Unspecified	Not Vuln		source
Juniper Networks	Junos Space Network Management Platform	Unspecified	Vulnerable	Only when OpenNMS has been enabled.	source
Juniper Networks	MIST: Juniper Networks Marvis Virtual Network Assistant (VNA)	Unspecified	Not Vuln		source
Juniper Networks	MIST: Juniper Networks Mist AI	Unspecified	Not Vuln		source
Juniper Networks	MIST: Juniper Networks Paragon Active Assurance	Unspecified	Not Vuln		source
Juniper Networks	MIST: Juniper Networks WAN Assurance	Unspecified	Not Vuln		source
Juniper Networks	MIST: Juniper Networks Wi-Fi Assurance	Unspecified	Not Vuln		source
Juniper Networks	MIST: Juniper Networks Wired Assurance	Unspecified	Not Vuln		source
Juniper Networks	Northstar Controller	Unspecified	Vulnerable		source
Juniper Networks	Northstar Planner	Unspecified	Under investigation		source
Juniper Networks	Paragon Insights	>= 21 version 21.1 ; >= 22 version 22.2	Vulnerable		source
Juniper Networks	Paragon Pathfinder	>= 21 version 21.1 ; >= 22 version 22.2	Vulnerable		source
Juniper Networks	Paragon Planner	>= 21 version 21.1 ; >= 22 version 22.2	Vulnerable		source
Juniper Networks	Secure Analytics	Unspecified	Under investigation		source
Juniper Networks	User Engagement Virtual BLE	Unspecified	Not Vuln		source

K

Supplier	Product	Version (see Status)	Status	Notes	Links
Kaseya	AuthAnvil	Unknown	Not Vuln		source
Kaseya	BMS	Unknown	Not Vuln		source
Kaseya	ID Agent DarkWeb ID and BullPhish ID	Unknown	Not Vuln		source
Kaseya	IT Glue	Unknown	Not Vuln		source
Kaseya	MyGlue	Unknown	Not Vuln		source
Kaseya	Network Glue	Unknown	Not Vuln		source
Kaseya	Passly	Unknown	Not Vuln		source
Kaseya	RocketCyber	Unknown	Not Vuln		source
Kaseya	Spannign Salesforce Backup	Unknown	Not Vuln		source
Kaseya	Spanning O365 Backup	Unknown	Not Vuln		source
Kaseya	Unitrends	Unknown	Not Vuln		source
Kaseya	VSA SaaS and VSA On-Premises	Unknown	Not Vuln		source
Kaseya	Vorex	Unknown	Not Vuln		source
Kaseya	products not listed above	Unknown	Investigation		source
Keycloak	Keycloak	all version	Not Vuln		source
Kofax	Robotic Process Automation (RPA)	11.1	Workaround		source
Kofax	Robotic Process Automation (RPA)	11.2	Workaround		source
Kofax	Robot File System (RFS)	>=10.7	Workaround		source

L

Supplier	Product	Version (see Status)	Status	Notes	Links
Lancom Systems	All products	All versions	Not Vuln		source
Lansweeper	All products	All versions	Not Vuln		source
LeanIX	All products	All versions	Fix		source
Lightbend	Akka	Unknown	Not Vuln		source
Lightbend	Akka Serverless	Unknown	Not Vuln		source
Lightbend	Lagom Framework	Unknown	Not Vuln by default	Users that switched from logback to log4j are affected	source
Lightbend	Play Framework	Unknown	Not Vuln by default	Users that switched from logback to log4j are affected	source
Liongard	All products	Unknown	Investigation		source
LiquidFiles	LiquidFiles	All versions	Not vuln		source
LiveAction	LiveNX	<21.5.1	Fix	source
LiveAction	LiveNA	<21.5.1	Fix	source
LogZilla	NEO	All versions	Not vuln	LogZilla's engine is C++
LogicMonitor	LogicMonitor SaaS Platform	Unknown	Fix	Automatic update before 13th December source
Lyrasis	DSpace	7.x	Fix/Workaround		source
The Linux Foundation	XCP-ng	All versions	Not vuln		source
LucaNet	LucaNet	12 LTS - 1911.0.191+3 13 LTS - 2011.0.110+6 22 LTS - 2111.0.9+17	Fix		source

M

Supplier	Product	Version (see Status)	Status	Notes	Links
MISP	MISP	All	Not vuln		source
MONARC	MONARC	All	Not vuln		source
MailStore	MailStore	all	Not Vuln		source
Mailcow	Mailcow Solr Docker	< 1.8	Fix		source
ManageEngine	ADAudit Plus	Unknown	Investigation	Workaround	source
ManageEngine	ADManager Plus	Unknown	Investigation	Mitigation: set -Dlog4j2.formatMsgNoLookups=true in jvm.options.	source
ManageEngine	Desktop Central	Unknown	Not Vuln		source
ManageEngine	EventLog Analyzer	Unknown	Workaround		source
McAfee	Data Exchange Layer (DXL)	Unknown	Not Vuln		source
McAfee	Enterprise Security Manager (ESM)	11.x	Workaround		source
McAfee	McAfee Active Response (MAR)	Unknown	Not Vuln	Standalone MAR not vulnerable, for MAR included in bundle see TIE	source
McAfee	Network Security Manager (NSM)	Unknown	Not Vuln		source
McAfee	Network Security Platform (NSP)	Unknown	Not Vuln		source
McAfee	Threat Intelligence Exchange (TIE)	2.2, 2.3, 3.0	Workaround		source
McAfee	ePolicy Orchestrator Agent Handlers (ePO-AH)	Unknown	Not Vuln		source
McAfee	ePolicy Orchestrator Application Server (ePO)	5.10 CU11	Workaround		source
McAfee	ePolicy Orchestrator Application Server (ePO)	<= 5.10 CU10	Not Vuln		source
Meinberg	LANTIME	all	Not Vuln		source
Meinberg	microSync	all	Not Vuln		source
Memurai	All products		Not Vuln		source
messageconcept	PeopleSync	All	Not vuln		source
Metabase	Metabase	<0.41.4	Fix	Mitigations available for earlier versions	source
Micro Focus	ArcSight ESM	7.2, 7.5	Vulnerable		source
Micro Focus	ArcSight Logger	7.2 and above	Vulnerable		source
Micro Focus	ArcSight Recon	All Versions	Vulnerable		source
Micro Focus	ArcSight Intelligence	All Versions	Vulnerable		source
Micro Focus	ArcSight Connectors	8.2 and above	Vulnerable		source
Micro Focus	ArcSight Transformation Hub	All Versions	Vulnerable		source
Microsoft	Azure AD	Unknown	Not Vuln	ADFS itself is not vulnerable, federation providers may be	source
Microsoft	Azure App Service	Unknown	Not Vuln	This product itself is not vulnerable, Microsoft provides guidance on remediation for hosted applications	source
Microsoft	Azure Application Gateway	Unknown	Not Vuln		source
Microsoft	Azure DevOps		Not Vuln		source
Microsoft	Azure DevOps Server	2019-2020.1	Vulnerable	When Azure DevOps Server Search is configured. Uses Elasticsearch OSS 6.2.4 (vulnerable) see Elasticsearch above for mitigation	source
Microsoft	Azure Front Door	Unknown	Not Vuln		source
Microsoft	Azure WAF	Unknown	Not Vuln		source
Microsoft	Kafka Connect for Azure Cosmo DB	< 1.2.1	Fix		source
Microsoft	Team Foundation Server	2018.2+	Vulnerable	When Team Foundation Server Search is configured. Uses Elasticsearch OSS 5.4.1 (vulnerable) see Elasticsearch above for mitigation	source
Milestone	VMS	Unknown	Not vuln		source
Minecraft	Java edition	<1.18.1	Fix	Mitigations available for earlier versions	source
Mirantis	Mirantis Container Runtime	All	Not vuln		source
Mirantis	Mirantis Kubernetes Engine	All	Not vuln		source
Mirantis	Mirantis Secure Registry	All	Not vuln		source
Mirantis	Mirantis Container Cloud	All	Not vuln		source
Mirantis	Mirantis OpenStack	All	Not vuln		source
Mirantis	Lens	All	Not vuln		source
Mirantis	K0s	All	Not vuln		source
Mitel	MiCollab	All	Investigation		source
Mitel	MiContact Center Enterprise	All	Not vuln		source
Mitel	MiContact Center Business	All	Not vuln		source
Mitel	MiVoice 5000	All	Not vuln		source
Mitel	MiVoice Border Gateway	All	Not vuln		source
Mitel	MiVoice Connect	All	Not vuln		source
Mitel	MiVoice Office 400	All	Not vuln		source
Mitel	Mitel Interaction Recording (MIR)	6.3 to 6.7	Fix	see SA211213-17	source
Mitel	Mitel MiVoice Business	All	Investigation		source
Mitel	Mitel Performance Analytics Server and Probe	All	Investigation		source
Mitel	Mitel Standard Linux (MSL)	All	Not vuln		source
Mitel	Open Integration Gateway (OIG)	All	Investigation		source
Mitel	Mitel MiVoice MX-ONE	All	Investigation		source
MongoDB	Atlas Search	Unknown	Fix	Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered.	source
MongoDB	Atlas	Unknown	Not vuln	Including Atlas Database, Data Lake, Charts	source
MongoDB	Community Edition	Unknown	Not vuln	Including Community Server, Cloud Manager, Community Kubernetes Operators.	source
MongoDB	Drivers	Unknown	Not vuln		source
MongoDB	Enterprise Advanced	Unknown	Not vuln	Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators.	source
MongoDB	Realm	Unknown	Not vuln	including Realm Database, Sync, Functions, APIs	source
MongoDB	Tools	Unknown	Not vuln	Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors	source
Moodle	Moodle	All	Not vuln		source

N

Supplier	Product	Version (See Status)	Status	Notes	Links
N-able	Backup	Unknown	Not Vuln		source
N-able	Mail Assure	Unknown	Not Vuln		source
N-able	MSP Manager	Unknown	Not Vuln		source
N-able	N-central	Unknown	Not Vuln		source
N-able	Passportal	Unknown	Not Vuln		source
N-able	Risk Intelligence	Unknown	Vulnerable		source
N-able	RMM	Unknown	Fix		source
N-able	Take Control	Unknown	Not Vuln		source
Nelson	Nelson	0.16.185	Vulnerable	Workaround is available, but not released yet.	source
Neo4j	Neo4j	> 4.2	Vulnerable	Workaround is available, but not released yet.	source
NetApp	Brocade SAN Naviator	Unknown	Vulnerable		source
NetApp	Cloud Insights Acquisition Unit	Unknown	Vulnerable		source
NetApp	Cloud Manager	Unknown	Vulnerable		source
NetApp	Cloud Secure	Unknown	Vulnerable		source
NetApp	Element Plug-in for vCenter Server	Unknown	Not Vuln		source
NetApp	Management Services for Element Software and NetApp HCI	Unknown	Not Vuln		source
NetApp	NetApp HCI Compute Node	Unknown	Not Vuln		source
NetApp	NetApp SolidFire, Enterprise SDS & HCI Storage	Unknown	Not Vuln		source
NetApp	NetApp SolidFire & HCI Management Node	Unknown	Not Vuln		source
NetApp	NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)	Unknown	Not Vuln		source
NetApp	NetApp SolidFireStorage Replication Adapter	Unknown	Not Vuln		source
NetApp	ONTAP Tools for VMware vSphere	Unknown	Vulnerable		source
NetApp	OnCommand Insight	Unknown	Vulnerable		source
NetApp	SnapCenter Plug-in for VMware vSphere	Unknown	Vulnerable		source
Netflix	atlas	1.6.6	Workaround		source
Netflix	dgs-framework	< 4.9.11	Fix		fix
Netflix	spectator	< 1.0.9	Fix		fix
Netflix	zuul	Unknown	Workaround		source
Netgate	pfSense	All	Not vuln		source
NetIQ	Access Manager	>= 4.5.x & >= 5.0.x	Workaround		source
NetIQ	Advanced Authentication	>= 6.x	Workaround		source
NetIQ	eDirectory	>= 9.2.x	Not vuln		source
NetIQ	Identity Manager	>= 4.7.x & >= 4.8.x	Not vuln		source
NetIQ	iManager	>= 3.2.x	Not vuln		source
Netwrix	Netwrix Auditor		Not vuln		source
New Relic	Containerized Private Minion (CPM)	3.0.55	Fix		source
New Relic	Java Agent	6.5.1 & 7.4.1	Fix		source
NextGen Healthcare	Mirth	Unknown	Not Vuln		source
Nomachine	All products	All versions	Not vuln		source
NSA	Ghidra	< 10.1	Fix		source, fix
Nutanix	General Guidance	Nutanix updating Security Advisory #23 multiple times per day, please check source link for absolute latest status			source
Nutanix	AHV	All supported versions	Not vuln		source
Nutanix	AOS (CE)	All supported versions	Not vuln		source
Nutanix	AOS (LTS)	All supported versions	Not vuln		source
Nutanix	AOS (STS)	All supported versions	Workaround	Non exploitable dormant code present, Patch 6.0.2.4 will remove dormant code	source
Nutanix	Beam	SaaS	Not vuln	WAF updated to block exploit, backend patch pending	source
Nutanix	Calm	On-Prem	Investigation		source
Nutanix	Calm	SaaS	Not vuln	WAF updated to block exploit, backend patch pending	source
Nutanix	Data Lens	SaaS	Not vuln	WAF updated to block exploit, backend not vuln	source
Nutanix	Era	All supported versions	Not vuln		source
Nutanix	File Analytics	All supported versions	Investigation		source
Nutanix	Files	All supported versions	Not vuln		source
Nutanix	Flow	All supported versions	Not vuln		source
Nutanix	Flow Security Central	SaaS	Fix	WAF updated to block exploit, backend production patched	source
Nutanix	Foundation	All supported versions	Not vuln		source
Nutanix	Frame	SaaS GovCloud	Not vuln	WAF updated to block exploit, backend patch pending	source
Nutanix	Frame	SaaS Public	Fix	WAF updated to block exploit, backend production patched	source
Nutanix	Insights	SaaS	Not vuln	WAF updated to block exploit, backend patch pending	source
Nutanix	Karbon	On-Prem	Investigation		source
Nutanix	Karbon	SaaS	Not vuln	WAF updated to block exploit, backend patch pending	source
Nutanix	LCM	All supported versions	Not vuln		source
Nutanix	Leap	SaaS	Not vuln	WAF updated to block exploit, backend patch pending	source
Nutanix	Mine	All supported versions	Investigation		source
Nutanix	Move	All supported versions	Not vuln		source
Nutanix	MSP	All supported versions	Investigation		source
Nutanix	NCC	All supported versions	Not vuln		source
Nutanix	Objects	All supported versions	Investigation		source
Nutanix	Prism Central	All supported versions	Vulnerable	Patch 2021.9.0.3 pending	source
Nutanix	Sizer	SaaS	Fix	WAF updated to block exploit, backend production patched	source
Nutanix	Volumes	All supported versions	Not vuln		source
Nutanix	X-Ray	All supported versions	Not vuln		source
NXLog	NXLog Manager	5.x	Not Vuln		source

O

Supplier	Product	Version (see Status)	Status	Notes	Links
Obsidian Dynamics	kafdrop	all	Investigation		source
OCLC	all	all	Fix		source
Okta	Access Gateway	Unknown	Not Vuln		source
Okta	AD Agent	Unknown	Not Vuln		source
Okta	Advanced Server Access	Unknown	Not Vuln		source
Okta	Browser Plugin	Unknown	Not Vuln		source
Okta	IWA Web Agent	Unknown	Not Vuln		source
Okta	LDAP Agent	Unknown	Not Vuln		source
Okta	Mobile	Unknown	Not Vuln		source
Okta	On-Prem MFA Agent	<1.4.6	Fix		source, fix
Okta	Radius Server Agent	2.17.0	Fix		source/fix
Okta	Verify	Unknown	Not Vuln		source
Okta	Workflow	Unknown	Not Vuln		source
OneSpan	Authentication Appliance	Unknown	Vulnerable	Fix availability will be announced soon	source
OneSpan	Authentication Server	Unknown	Vulnerable	Fix availability will be announced soon	source
OneSpan	Digipass Gateway	Unknown	Vulnerable	Fix availability will be announced soon	source
OneSpan	OneSpan Sign	Unknown	Vulnerable	Fix availability will be announced soon	source
OneSpan	Mobile Security Suite	4.31.1	Fix		source
openHAB	openHAB	3.0.4, 3.1.1	Fix		source
OpenMRS	Talk	2.4.0-2.4.1	Vulnerable	Mitigations are available, pending a new release	source
OpenNMS	Horizon (including derived Sentinels)	< 29.0.3	Fix	Workarounds are available too for earlier versions	source
OpenNMS	Meridian (including derived Minions and Sentinels)	< 2021.1.8, 2020.1.15, 2019.1.27	Fix	Workarounds are available too for earlier versions	source
OpenNMS	Minion appliance	Unknown	Fix		source
OpenNMS	PoweredBy OpenNMS	Unknown	Workaround		source
OpenSearch	OpenSearch	< 1.2.1	Fix		source
OpenVPN	All products		Not vuln	source
Oracle	Database	Unknown	Not Vuln		source, Support note 2827611.1
Oracle	Fusion Middleware	12.2.1.3.0 to 12.2.1.4.0	Fix		source, Support note 209768.1, Support note 2827611.1, MOS note 2827793.1
Oracle	NoSQL Database	Unknown	Not Vuln		source, Support note 2827611.1
Oracle	Forms	Unknown	Not Vuln		source, Support note 2827611.1
Oracle	Golden Gate	Unknown	Not Vuln		source, Support note 2827611.1
Oracle	Oracle Access Manager	Unknown	Not Vuln		source, Support note 2827611.1
Oracle	Oracle Data Integrator (ODI)	>= 12.2.1.3.210119, Marketplace - >= 2.1.0	Workaround	Patch Available, Support Note 2827793.1	source, Support note 2827611.1, Support Note 2827793.1
Oracle	Oracle eBusiness Suite	Unknown	Workaround	MOS note 2827804.1	source, Support note 2827611.1
Oracle	Oracle Enterprise Manager	Unknown	Not Vuln		source, Support note 209768.1, Support note 2827611.1
Oracle	Oracle Enterprise Repository	Unknown	Workaround	Mitigation, Support Note 2827793.1	source, Support note 2827611.1, Support Note 2827793.1
Oracle	Oracle HTTP Server	Unknown	Not Vuln		source, Support note 209768.1, Support note 2827611.1
Oracle	Oracle Internet Directory	Unknown	Not Vuln		source, Support note 209768.1, Support note 2827611.1
Oracle	Oracle JDeveloper	Unknown	Workaround	Mitigation Available, Support Note 2827793.1	source, Support note 2827611.1, Support Note 2827793.1
Oracle	Oracle Policy Automation (OPA)	Unknown	Fix		source, Support note 2827611.1, MOS note 33660673
Oracle	Oracle SOA Suite	Unknown	Not Vuln		source, Support note 2827611.1
Oracle	Oracle VM VirtualBox	Unknown	Not Vuln		source, Support note 2827611.1
Oracle	Oracle WebCenter Portal	12.2.1.3 & 12.2.1.4	Workaround	MOS note 2827977.1 using Elasticsearch which uses Log4j 2.X jars	source, Support note 2827611.1
Oracle	Oracle WebCenter Sites	Unknown	Workaround	Mitigation Available, Support Note 2827793.1	source, Support note 2827611.1, Support Note 2827793.1
Oracle	Oracle WebLogic Server	12.2.1.3.0 to 14.1.1.0.0	Fix		source, Support note 209768.1, Support note 2827611.1, MOS Note 2827793.1
OTRS	All products		Not Vuln		source
OWASP	ZAP	< 2.11.1	Fix		source
Owncloud	All Products	Unknown	Not Vuln		source
OVHCloud	Logs Data Platform		Fix		source
OVHCloud	Hosted Private Cloud powered by VMware		Vuln	Deploying the workarounds provided by VMWare	source
OVHCloud	ML serving		Fix		source
OVHCloud	OVHcloud Internal Systems		Fix & Under Investigation		source

P

Supplier	Product	Version (see Status)	Status	Notes	Links
Paessler	PRTG		Not vuln		source
PagerDuty	Rundeck	3.3+	Fix		source, fix
Palo Alto	Bridgecrew		Not Vuln		source
Palo Alto	CloudGenix		Not Vuln		source
Palo Alto	Cortex XDR Agent		Not Vuln		source
Palo Alto	Cortex XSOAR		Not Vuln		source
Palo Alto	GlobalProtect App		Not Vuln		source
Palo Alto	PAN-OS		Not Vuln		source
Palo Alto	Prisma Cloud Compute		Not Vuln		source
Palo Alto	Prisma Cloud		Not Vuln		source
Palo Alto	WildFire Appliance		Not Vuln		source
PaperCut	PaperCut Hive		Not vuln		source
PaperCut	PaperCut MF	>= 21.0	Workaround		source
PaperCut	PaperCut MobilityPrint		Not vuln		source
PaperCut	PaperCut MultiVerse		Not vuln		source
PaperCut	PaperCut NG	>= 21.0	Workaround		source
PaperCut	PaperCut Online Services		Not vuln		source
PaperCut	PaperCut Pocket		Not vuln		source
PaperCut	PaperCut Print Logger		Not vuln		source
PaperCut	PaperCut Views		Not vuln		source
Parallels	Remote Application Server	All versions	Not Vuln		source
Pega	Pega Platform	On Prem	Fix		source
Pexip	Endpoint Activation	all	Not vuln		source
Pexip	Eptools	all	Not vuln		source
Pexip	Infinity	all	Not vuln		source
Pexip	Infinity Connect client	all	Not vuln		source
Pexip	Microsoft Teams Connector	all	Not vuln		source
Pexip	My Meeting Video	all	Not vuln		source
Pexip	Pexip Service	all	Fix		source
Pexip	Reverse Proxy and TURN Server	all	Not vuln		source
Pexip	VMR self-service portal	all	Not vuln		source
Philips	IntelliBridge Enterprise	B.13 and B.15	Vuln	Software only products with customer owned Operating Systems	source
Philips	IntelliSpace Precision Medicine		Vuln	Software only products with customer owned Operating Systems	source
Philips	ISPACS		Workaround	Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers.	source
Philips	RIS Clinic		Vuln		source
Philips	Tasy EMR		Vuln		source
Philips	VuePACS		Vuln		source
Planon Software	Planon Universe	all	Not vuln		source
Plex	Industrial IoT		Not vuln	Mitigation already applied, patch will be issued today	source
Portex	Portex	<3.0.2	Fix		source
Postgres	PostgreSQL JDBC		Not vuln		source
Progress	DataDirect Hybrid Data Pipeline		Workaround		source, mitigations
Progress	OpenEdge		Workaround		source, mitigations
Proxmox	Backup Server		Not vuln		source
Proxmox	Mail Gateway		Not vuln		source
Proxmox	VE		Not vuln		source
PTV Arrival Board / Trip Creator / EM Portal	PTV Arrival Board / Trip Creator / EM Portal	Unknown	Investigation		source
PTV Balance and PTV Epics	PTV Balance and PTV Epics	Unknown	Not vuln		source
PTV Developer	PTV Developer	Unknown	Fix		source
PTV Drive&Arrive App	PTV Drive&Arrive App	Unknown	Not vuln		source
PTV Drive&Arrive	PTV Drive&Arrive	Unknown	Investigation		source
PTV Hyperpath	PTV Hyperpath	Unknown	Not vuln		source
PTV MaaS Modeller	PTV MaaS Modeller	Unknown	Vulnerable		source
PTV Map&Guide internet	PTV Map&Guide internet	Unknown	Not vuln		source
PTV Map&Guide intranet	PTV Map&Guide intranet	Unknown	Not vuln		source
PTV Map&Market	PTV Map&Market	Unknown	Investigation		source
PTV Navigator App	PTV Navigator App	Unknown	Not vuln		source
PTV Navigator Licence Manager	PTV Navigator Licence Manager	Unknown	Not vuln		source
PTV Optima	PTV Optima	Unknown	Not vuln		source
PTV Road Editor	PTV Road Editor	Unknown	Not vuln		source
PTV Route Optimiser CL	PTV Route Optimiser CL	Unknown	Investigation		source
PTV Route Optimiser ST	PTV Route Optimiser ST	Unknown	Investigation		source
PTV Route Optimizer SaaS / Demonstrator	PTV Route Optimizer SaaS / Demonstrator	Unknown	Fix		source
PTV TLN planner internet	PTV TLN planner internet	Unknown	Fix		source
PTV TRE and PTV Tre-Addin	PTV TRE and PTV Tre-Addin	Unknown	Not vuln		source
PTV Vissim	PTV Vissim	Unknown	Not vuln		source
PTV Vistro	PTV Vistro	Unknown	Not vuln		source
PTV Visum	PTV Visum	Unknown	Not vuln		source
PTV Visum Publisher	PTV Visum Publisher	Unknown	Fix		source
PTV Viswalk	PTV Viswalk	Unknown	Not vuln		source
PTV xServer < 1.34 (on prem)	PTV xServer < 1.34 (on prem)	Unknown	Not vuln		source
PTV xServer 1.34 (on prem)	PTV xServer 1.34 (on prem)	Unknown	Vulnerable		source
PTV xServer 2.x (on prem)	PTV xServer 2.x (on prem)	Unknown	Vulnerable		source
PTV xServer internet 1 / PTV xServer internet 2	PTV xServer internet 1 / PTV xServer internet 2	Unknown	Fix		source
Pulse Secure	Ivanti Connect Secure (ICS)		Not Vuln		source
Pulse Secure	Ivanti Neurons for secure Access		Not Vuln		source
Pulse Secure	Ivanti Neurons for ZTA		Not Vuln		source
Pulse Secure	Pulse Connect Secure		Not Vuln		source
Pulse Secure	Pulse Desktop Client		Not Vuln		source
Pulse Secure	Pulse Mobile Client		Not Vuln		source
Pulse Secure	Pulse One		Not Vuln		source
Pulse Secure	Pulse Policy Secure		Not Vuln		source
Pulse Secure	Pulse Secure Services Director		Not Vuln		source
Pulse Secure	Pulse Secure Virtual Traffic Manager		Not Vuln		source
Pulse Secure	Pulse Secure Web Application Firewall		Not Vuln		source
Pulse Secure	Pulse ZTA		Not Vuln		source
Puppet	Continuous Delivery for Puppet Enterprise	3.x, < 4.10.2	Fix	Update available for version 4.x, mitigations for 3.x which is EOL	source, workaround,mitigations
Puppet	Puppet agents		Not Vuln		source
Puppet	Puppet Enterprise		Not Vuln		source
Pyramid Analytics	Pyramid Analytics	All	Not vuln		source

Q

Supplier	Product	Version (see Status)	Status	Notes	Links
QlikTech International	Compose		Investigation		source
QlikTech International	Nprinting		Not Vuln		source
QlikTech International	QEM products		Investigation		source
QlikTech International	Qlik Replicate		Investigation		source
QlikTech International	Qlik Sense Enterprise		Not Vuln		source
QlikTech International	QlikView		Not Vuln		source
QNAP	General information QNAP		Investigation	Applications maintained by a third-party are under investigation.	source
QNAP	Qsirch		Not Vuln		source
QNAP	QES Operating System		Not Vuln		source
QNAP	QTS operating system		Not Vuln		source
QNAP	QuTS hero operating system		Not Vuln		source
QOS.ch	SLF4J Simple Logging Facade for Java			SLF4J API doesn't protect against the vulnerability when using a vulnerable version of log4j	source

R

Supplier	Product	Version (see Status)	Status	Notes	Links
Red Hat	A-MQ Clients 2		Not Vuln		source
Red Hat	Red Hat build of Quarkus		Not Vuln		source
Red Hat	Red Hat CodeReady Studio 12		Vulnerable		source
Red Hat	Red Hat Data Grid 8		Vulnerable		source
Red Hat	Red Hat Descision Manager 7		Vulnerable		source
Red Hat	Red Hat Integration Camel K		Vulnerable		source
Red Hat	Red Hat Integration Camel Quarkus		Vulnerable		source
Red Hat	Red Hat JBoss A-MQ Streaming		Vulnerable		source
Red Hat	Red Hat JBoss Enterprise Application Platform 6		Not Vuln		source
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack		Vulnerable		source
Red Hat	Red Hat JBoss Fuse 7		Vulnerable		source
Red Hat	Red Hat OpenShift Application Runtimes		Vulnerable		source
Red Hat	Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5		Vulnerable		source
Red Hat	Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6		Vulnerable		source
Red Hat	Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive		Vulnerable		source
Red Hat	Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto		Vulnerable		source
Red Hat	Red Hat OpenShift Logging logging-elasticsearch6-container		Vulnerable		source
Red Hat	Red Hat OpenStack Platform 13 (Queens) opendaylight		Vulnerable		source
Red Hat	Red Hat Process Automation 7		Vulnerable		source
Red Hat	Red Hat Single Sign-On 7		Not Vuln		source
Redis	Jedis	3.7.1, 4.0.0-rc2	Fix	Jedis uses the affected library in test suites only.	source
Redis	Redis Enterprise & Open Source	all	Not Vuln	Redis Enterprise and Open Source Redis (self-managed software product) does not use Java and is therefore not impacted by this vulnerability	source
Riverbed	AppResponse11		Not Vuln		source
Riverbed	Aternity		Investigation	See source for latest updates	source
Riverbed	Client Accelerator Controllers and Client Accelerator (aka SteelCentral Controller for SteelHead Mobile and SteelHead Mobile)		Not Vuln		source
Riverbed	Flow Gateway		Not vuln		source
Riverbed	FlowTraq		Not vuln		source
Riverbed	Modeler		Investigation		source
Riverbed	NetAuditor Desktop		Investigation		source
Riverbed	NetAuditor Web		Not vuln		source
Riverbed	NetCollector		Investigation		source
Riverbed	NetExpress		Investigation		source
Riverbed	NetIM 1.x		Not vuln		source
Riverbed	NetIM 2.x		Vulnerable	Patches planned	source
Riverbed	NetIM Test Engine		Not vuln		source
Riverbed	NetPlanner		Not vuln		source
Riverbed	NetProfiler		Not vuln		source
Riverbed	Packet Analyzer		Not Vuln		source
Riverbed	Packet Trace Warehouse		Not Vuln		source
Riverbed	Portal 1.x		Vulnerable	Includes Log4j 2.2	source
Riverbed	Portal 3.x		Vulnerable	Includes Log4j 2.13	source
Riverbed	SaaS Accelerator		Not Vuln		source
Riverbed	Scon CX		Not vuln		source
Riverbed	Scon EX Analytics		Vulnerable	Patches planned	source
Riverbed	Scon EX Director		Vulnerable	Patches planned	source
Riverbed	Scon EX FlexVNF		Not vuln		source
Riverbed	SteelCentral Controller for SteelHead		Not Vuln		source
Riverbed	SteelFusionCore (appliance, virtual)		Not vuln		source
Riverbed	SteelFusion Edge		Not vuln		source
Riverbed	SteelHead CX (appliance, virtual, cloud)		Not Vuln		source
Riverbed	SteelHead Interceptor		Not Vuln		source
Riverbed	Transaction Analyzer Agents		Not vuln	Log4j not in use	source
Riverbed	Transaction Analyzer		Investigation		source
Riverbed	UCExpert		Vulnerable		source
Riverbed	WinSec Controller for SteelHead (WSC)		Not Vuln		source
RSA	NetWitness Orchestrator	>= 6.0	Workaround	Mitigation for the ThreatConnect Application server is available, no impact described	source
RSA	NetWitness Platform	11.4	Workaround	It is theoretically possible to exploit the vulnerability to gain shell access to the NetWitness Platform	source
RSA	NetWitness Platform	>= 11.5	Workaround	It is possible to leak system configuration data	source
RSA	SecurID Authentication Manager		Not Vuln	Version 8.6 Patch 1 contains a version of log4j that is vulnerable, but this vulnerability is not exploitable.	source
RSA	SecurID Authentication Manager Prime		Not Vuln		source
RSA	SecurID Authentication Manager WebTier		Not Vuln		source
RSA	SecurID Governance and Lifecycle Cloud (SecurID G&L Cloud)		Not Vuln		source
RSA	SecurID Governance and Lifecycle (SecurID G&L)		Not Vuln		source
RSA	SecurID Identity Router (On-Prem component of Cloud Authentication Service)		Not Vuln		source
Ruckus	FlexMaster		Vuln	Additional details in PDF/Text (Sign-in Required)	source
Ruckus	SmartZone 100 (SZ-100)	5.1 to 6.0	Vuln	Additional details in PDF/Text (Sign-in Required)	source
Ruckus	SmartZone 144 (SZ-144)	5.1 to 6.0	Vuln	Additional details in PDF/Text (Sign-in Required)	source
Ruckus	SmartZone 300 (SZ-300)	5.1 to 6.0	Vuln	Additional details in PDF/Text (Sign-in Required)	source
Ruckus	Unleashed		Vuln	Additional details in PDF/Text (Sign-in Required)	source
Ruckus	Virtual SmartZone (vSZ)	5.1 to 6.0	Vuln	Additional details in PDF/Text (Sign-in Required)	source

S

Supplier	Product	Version (see Status)	Status	Notes	Links
SAE IT-systems	codeIT Runtime	all	Not vuln		source
SAE IT-systems	codeIT Workbench	all	Not vuln		source
SAE IT-systems	connectIT	all	Not vuln		source
SAE IT-systems	net-line series5	all	Not vuln		source
SAE IT-systems	setIT	all	Not vuln		source
SAE IT-systems	SG-50 / Kombisafe	all	Investigation		source
SAE IT-systems	Straton Runtime	all	Investigation		source
SAE IT-systems	Straton Workbench	all	Investigation		source
SAE IT-systems	System-4	all	Not vuln		source
SAE IT-systems	T10/T7 Touch panel	all	Investigation		source
SAE IT-systems	visIT Runtime	all	Not vuln		source
SAE IT-systems	visIT Workbench	all	Not vuln		source
Safe	FME Server		Investigation		source
SailPoint	IdentityIQ	8.0 or later	Workaround		source
Salesforce	All products		Investigation		source
SAP	Customer Checkout PoS / manager	2.0 FP09, 2.0 FP10, 2.0 FP11 PL06 (or lower) and 2.0 FP12 PL04 (or lower)	Fix	SAP note 3130499	source
SAP	XS Advanced Runtime	1.0.140 or lower	Fix	SAP note 3130698	source
SAS Institute	JMP		Not vuln		source
SAS Institute	SAS Cloud Solutions		Workaround		source
SAS Institute	SAS Profile		Fix		source
Schneider Electric	All products		Investigation		source
Security Onion Solutions	Security Onion	2.3.90 20211210	Fix		source
Shibboleth	Shibboleth IdP/SP		Not Vuln		source
Siemens	Capital (and its derivatives)		Investigation		source
Siemens	Comos Desktop App		Investigation		source
Siemens	E-Car OC Cloud Application		Fix	Vulnerability fixed on central cloud service starting2021-12-13; no user actions necessary	source
Siemens	EnergyIP		Investigation		source
Siemens	EnergyIP Prepay	3.7, 3.8	Vulnerable		source
Siemens	Geolus		Investigation		source
Siemens	HCRA		Investigation		source
Siemens	HES UDIS		Investigation		source
Siemens	Industrial Edge Management App (IEM-App)	all	Vulnerable		source
Siemens	Industrial Edge Management OS (IEM-OS)	all	Vulnerable		source
Siemens	Industrial Edge Manangement Hub	all	Vulnerable		source
Siemens	LOGO! Soft Comfort	all	Vulnerable		source
Siemens	Mendix Applications	all	Vulnerable		source
Siemens	Mindsphere Cloud Application		Fix	Vulnerability fixed on central cloud service starting2021-12-11; no user actions necessary	source
Siemens	Operation Scheduler	>= V1.1.3	Vulnerable		source
Siemens	RUGGEDCOM ELAN		Investigation		source
Siemens	RUGGEDCOM MAESTRO		Investigation		source
Siemens	SIGUARD DSA	V4.2, V4.3, V4.4	Workaround		source
Siemens	SIMATIC WinCC V7.4	V7.4 SP1	Fix		source
Siemens	SINAMICS TEC - SDK		Investigation		source
Siemens	SINUMERIK Analyze MyWorkpiece / Capture		Investigation		source
Siemens	SINUMERIK Optimize MyMachine		Investigation		source
Siemens	SiPass Integrated		Investigation		source
Siemens	Siveillance Command	>= 4.16.2.1	Vulnerable		source
Siemens	Siveillance Control Pro	< V2.1	Vulnerable		source
Siemens	Siveillance Control Pro	>= V2.1	Workaround		source
Siemens	Siveillance Vantage	all	Vulnerable		source
Siemens	SIZER Design Tool for SINAMICS		Investigation		source
Siemens	Solid Edge		Investigation		source
Siemens	Solid Edge Technical Publication		Investigation		source
Siemens	Solid Edge Wiring and Harness Design		Investigation		source
Siemens	Spectrum Power		Investigation		source
Siemens	Teamcenter		Investigation		source
Siemens	XHQ		Investigation		source
Sitecore	Sitecore Content Hub		Not Vuln		source
Sitecore	Sitecore CDP		Not Vuln		source
Sitecore	Sitecore Personalize		Not Vuln		source
Sitecore	Boxever		Not Vuln		source
Sitecore	Sitecore OrderCloud		Not Vuln		source
Sitecore	Moosend		Not Vuln		source
Sitecore	Sitecore Send		Not Vuln		source
Sitecore	Sitecore Discover		Not Vuln		source
Sitecore	Sitecore XP	<= 9.1 (with SOLR as Content Search provider)	Not Vuln		source
Sitecore	Sitecore XP	>= 9.2 (with SOLR as Content Search provider)	Workaround		source
Sitecore	Sitecore XP	all (with Azure Search as Content Search provider)	Not Vuln		source
Sitecore	Sitecore Managed Cloud	customers who host Solr using SearchStax	Not Vuln		source
Sitecore	Sitecore Managed Cloud	customers who bring their own Solr	Workaround		source
Sitecore	Sitecore Managed Cloud	customers who do not use Solr	Not Vuln		source
SolarWinds	Database Performance Analyzer	2021.1.x, 2021.3.x, 2022.1.x	Workaround		source, workaround
SolarWinds	Orion Platform core		Not vuln		source
SolarWinds	Server & Application Monitor	>= 2020.2.6	Workaround		source, workaround
SonarSource	SonarCloud		Fix		source
SonarSource	SonarQube		Workaround		source
SonicWall	Access Points		Not Vuln		source
SonicWall	Analytics		Investigation		source
SonicWall	Analyzer		Investigation		source
SonicWall	Capture Client & Capture Client Portal		Not Vuln		source
SonicWall	Capture Security Appliance		Not Vuln		source
SonicWall	CAS		Investigation		source
SonicWall	Email Security	10.x	Vulnerable		source
SonicWall	Gen5 Firewalls (EOS)		Not Vuln		source
SonicWall	Gen6 Firewalls		Not Vuln		source
SonicWall	Gen7 Firewalls		Not Vuln		source
SonicWall	GMS		Investigation		source
SonicWall	MSW		Not Vuln		source
SonicWall	NSM		Not Vuln		source
SonicWall	SMA 1000	12.1.0, 12.4.1	Not Vuln		source
SonicWall	SMA 100		Not Vuln		source
SonicWall	SonicCore		Not Vuln		source
SonicWall	SonicWall Switch		Not Vuln		source
SonicWall	WAF		Investigation		source
SonicWall	WNM		Not Vuln		source
SonicWall	WXA		Not Vuln		source
Sophos	Cloud Optix		Fix		source
Sophos	Reflexion		Not Vuln		source
Sophos	SG UTM	All	Not Vuln		source
Sophos	SG UTM Manager (SUM)	All	Not Vuln		source
Sophos	Sophos Central		Not Vuln		source
Sophos	Sophos Firewall	All	Not Vuln		source
Sophos	Sophos Home		Not Vuln		source
Sophos	Sophos Mobile EAS Proxy	9.7.2	Fix		source
Sophos	Sophos Mobile		Not Vuln		source
Sophos	Sophos ZTNA		Not Vuln		source
Splunk	Add-On: Java Management Extensions	3.0.0, 2.1.0	Vulnerable		source
Splunk	Add-On: JBoss	3.0.0, 2.1.0	Vulnerable		source
Splunk	Add-On: Tomcat	3.0.0, 2.1.0	Vulnerable		source
Splunk	Admin Config Service	all	Not vuln		source
Splunk	Analytics Workspace	all	Not vuln		source
Splunk	Behavior Analytics	all	Not vuln		source
Splunk	Dashboard Studio	all	Not vuln		source
Splunk	Data Stream Processor	DSP 1.0.x, DSP 1.1.x, DSP 1.2.x	Vulnerable		source
Splunk	Developer Tools: AppInspect	all	Not vuln		source
Splunk	Enterprise Security	all	Not vuln		source
Splunk	Intelligence Management (TruSTAR)	all	Not vuln		source
Splunk	IT Service Intelligence (ITSI)	4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x	Vulnerable		source
Splunk	KV Service	all	Not vuln		source
Splunk	Mission Control	all	Not vuln		source
Splunk	MLTK	all	Not vuln		source
Splunk	Operator for Kubernetes	all	Not vuln		source
Splunk	Security Analytics for AWS	all	Not vuln		source
Splunk	SignalFx Smart Agent	all	Not vuln		source
Splunk	SOAR Cloud (Phantom)	all	Not vuln		source
Splunk	SOAR (On-Premises)	all	Not vuln		source
Splunk	Splunk Application Performance Monitoring	all	Not vuln		source
Splunk	Splunk Augmented Reality	all	Not vuln		source
Splunk	Splunk Cloud Data Manager (SCDM)	all	Not vuln		source
Splunk	Splunk Connect for Kafka	<2.0.4	Fix		source
Splunk	Splunk Connect for Kubernetes	all	Not vuln		source
Splunk	Splunk Connect for SNMP	all	Not vuln		source
Splunk	Splunk Connect for Syslog	all	Not vuln		source
Splunk	Splunk DB Connect	all	Not vuln		source
Splunk	Splunk Enterprise	All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used.	Workaround		source
Splunk	Splunk Enterprise Amazon Machine Image (AMI)	see Splunk Enterprise	Workaround		source
Splunk	Splunk Enterprise Cloud	all	Not vuln		source
Splunk	Splunk Enterprise Docker Container	see Splunk Enterprise	Workaround		source
Splunk	Splunk Heavyweight Forwarder (HWF)	all	Not vuln		source
Splunk	Splunk Infrastructure Monitoring	all	Not vuln		source
Splunk	Splunk Logging Library for Java	<1.11.1	Fix		source
Splunk	Splunk Log Observer	all	Not vuln		source
Splunk	Splunk Mint	all	Not vuln		source
Splunk	Splunk Mobile	all	Not vuln		source
Splunk	Splunk Network Performance Monitoring	all	Not vuln		source
Splunk	Splunk On-Call/Victor Ops	all	Not vuln		source
Splunk	Splunk Open Telemetry Distributions	all	Not vuln		source
Splunk	Splunk Profiling	all	Not vuln		source
Splunk	Splunk Real User Monitoring	all	Not vuln		source
Splunk	Splunk Secure Gateway (Spacebridge)	all	Not vuln		source
Splunk	Splunk Synthetics	all	Not vuln		source
Splunk	Splunk TV	all	Not vuln		source
Splunk	Splunk Universal Forwarder (UF)	all	Not vuln		source
Splunk	Splunk User Behavior Analytics (UBA)	all	Not vuln		source
Splunk	Stream Processor Service	Current	Vulnerable		source
Sprecher Automation	SPRECON-E	all	Not vuln		source
Sprecher Automation	SPRECON-EDIR	all	Not vuln		source
Sprecher Automation	SPRECON-SG	all	Not vuln		source
Sprecher Automation	SPRECON-V	all	Not vuln		source
Stardog	Stardog	<7.8.1	Fix		source
Stratodesk	NoTouch	4.5.231	Fix		http://cdn.stratodesk.com/repository/notouch-center/10/4.5.231/0/ReleaseNotes-Stratodesk-NoTouch_Center-4.5.231.html
Sumo logic	Sumu logic	19.361-12	Fix		source
SUSE	SUSE Linux Enterprise server	all	Not vuln		source
SUSE	SUSE Manager	all	Not vuln		source
SUSE	SUSE Openstack Cloud	all	Vuln	will get update	source
SUSE	SUSE Rancher	all	Not vuln		source
Synacor	Zimbra	8.8.15 and 9.x	Not vuln	Zimbra stated (in their private support portal) they're not vulnerable. Currently supported Zimbra versions ship 1.2.6	source
Syncro Soft	Oxygen Content Fusion	<= v4.1	Fix	Fix available	source
Syncro Soft	Oxygen Content Fusion	3.0.1	Fix	Fix available	source
Syncro Soft	Oxygen XML Web Author	v22.1 - v24.0.0	Fix	Fix available	source
Syncro Soft	Oxygen XML Web Author	23.1.1.2	Fix	Fix available	source
Syncro Soft	Oxygen Feedback	1.4.4	Fix	Fix available	source
Syncro Soft	Oxygen XML Publishing Engine	v22.1 - v24.0	Fix	Fix available	source
Syncro Soft	Oxygen XML WebHelp	v22.1 - v24.0	Fix	Fix available	source
Syncro Soft	Oxygen PDF Chemistry	v22.1 - v24.0	Fix	Fix available	source
Syncro Soft	Oxygen License Server	v22.1 - v24.0	Fix	Fix available	source
Syncro Soft	Oxygen XML Author	v16.1 - v24.0	Fix	Fix available	source
Syncro Soft	Oxygen XML Developer	v16.1 - v24.0	Fix	Fix available	source
Syncro Soft	Oxygen XML Editor	v16.1 - v24.0	Fix	Fix available	source
Synology	DSM		Not vuln	The base DSM is not affected. Software installed via the package manager may be vulnerable.	source
syntevo	DeepGit	>= 4.0	Fix	3.0.x and older are vulnerable	source
syntevo	SmartGit	>= 18.1	Fix	17.1.x and older are vulnerable	source
syntevo	SmartSVN	>= 9.3	Fix	9.2.x and older are vulnerable	source
syntevo	SmartSynchronize	>= 3.5	Fix	3.4.x and older are vulnerable	source
SysAid	All products		Fix		source

T

Supplier	Product	Version	Status	Notes	Links
Tableau	Tableau Desktop	2021.4	Investigation		source
Tableau	Tableau Server	2021.2.5	Investigation		source
Talend	Talend Component Kit		Fix		source
Tanium	All products	all	Not vuln		source
TARGIT	All products	all	Not vuln		source
Tealium	All products		Fix		source
Teamviewer	All products		Fix	Server-side hotfix deployed. No user interaction required	source
Tenable	All products		Not vuln		source
TheHive	Cortex	all	Not vuln		source
TheHive	TheHive	all	Not vuln		source
Topicus Security	Topicus KeyHub	all	Not vuln		source
Tosibox	All products		Fix		source
Trend Micro	5G Mobile Network Security		Not vuln		source
Trend Micro	ActiveUpdate		Not vuln		source
Trend Micro	Apex Central (including as a Service)		Not vuln		source
Trend Micro	Apex One (all versions including SaaS, Mac, and Edge Relay)		Not vuln		source
Trend Micro	Cloud App Security		fix		source
Trend Micro	Cloud Edge		Not vuln		source
Trend Micro	Cloud One - Application Security		Not vuln		source
Trend Micro	Cloud One - Common Services		Not vuln		source
Trend Micro	Cloud One - Conformity		Not vuln		source
Trend Micro	Cloud One - Container Security		Not vuln		source
Trend Micro	Cloud One - File Storage Security		Not vuln		source
Trend Micro	Cloud One - Network Security		Not vuln		source
Trend Micro	Cloud One - Workload Secuity		Not vuln		source
Trend Micro	Cloud Sandbox		Not vuln		source
Trend Micro	Deep Discovery Analyzer		Not vuln		source
Trend Micro	Deep Discovery Director		Investigation		source
Trend Micro	Deep Discovery Email Inspector		Not vuln		source
Trend Micro	Deep Discovery Inspector		Not vuln		source
Trend Micro	Deep Discovery Web Inspector		Not vuln		source
Trend Micro	Deep Security		Not vuln		source
Trend Micro	Endpoint Encryption		Not vuln		source
Trend Micro	Fraudbuster		Not vuln		source
Trend Micro	Home Network Security		Not vuln		source
Trend Micro	Housecall		Not vuln		source
Trend Micro	Instant Messaging Security		Not vuln		source
Trend Micro	Internet Security for Mac (Consumer)		Not vuln		source
Trend Micro	Interscan Messaging Security		Not vuln		source
Trend Micro	Interscan Messaging Security Virtual Appliance (IMSVA)		Not vuln		source
Trend Micro	Interscan Web Security Suite		Not vuln		source
Trend Micro	Interscan Web Security Virtual Appliance (IWSVA)		Not vuln		source
Trend Micro	Mobile Secuirty for Enterprise		Not vuln		source
Trend Micro	Mobile Secuirty for Android		Not vuln		source
Trend Micro	Mobile Secuirty for iOS		Not vuln		source
Trend Micro	MyAccount (Consumer Sign-on)		Not vuln		source
Trend Micro	Network Viruswall		Not vuln		source
Trend Micro	OfficeScan		Not vuln		source
Trend Micro	Password Manager		Not vuln		source
Trend Micro	Phish Insight		Not vuln		source
Trend Micro	Policy Manager		Not vuln		source
Trend Micro	Portable Security		Not vuln		source
Trend Micro	PortalProtect		Not vuln		source
Trend Micro	Public Wifi Protection / VPN Proxy One Pro		Not vuln		source
Trend Micro	Rescue Disk		Not vuln		source
Trend Micro	Rootkit Buster		Not vuln		source
Trend Micro	Safe Lock (TXOne Edition)		Not vuln		source
Trend Micro	Safe Lock 2.0		Not vuln		source
Trend Micro	Sandbox as a Service		Fix		source
Trend Micro	ScanMail for Domino		Not vuln		source
Trend Micro	ScanMail for Exchange		Not vuln		source
Trend Micro	Security for NAS		Not vuln		source
Trend Micro	ServerProtect (all versions)		Not vuln		source
Trend Micro	Smart Home Network		Not vuln		source
Trend Micro	Smart Protection Complete		Not vuln		source
Trend Micro	Smart Protection for Endpoints		Not vuln		source
Trend Micro	Smart Protection Server (SPS)		Not vuln		source
Trend Micro	TippingPoint Accessories		Not vuln		source
Trend Micro	TippingPoint IPS (N-, NX- and S-series)		Not vuln		source
Trend Micro	TippingPoint Network Protection (AWS & Azure)		Not vuln		source
Trend Micro	TippingPoint SMS		Not vuln		source
Trend Micro	TippingPoint Threat Management Center (TMC)		Fix		source
Trend Micro	TippingPoint ThreatDV		Not vuln		source
Trend Micro	TippingPoint TPS		Not vuln		source
Trend Micro	TippingPoint TX-Series		Not vuln		source
Trend Micro	TippingPoint Virtual SMS		Not vuln		source
Trend Micro	TippingPoint Virtual TPS		Not vuln		source
Trend Micro	TMUSB		Not vuln		source
Trend Micro	Trend Micro Email Security & HES		Fix		source
Trend Micro	Trend Micro Endpoint Sensor		Not vuln		source
Trend Micro	Trend Micro ID Security		Not vuln		source
Trend Micro	Trend Micro Remote Manager		Not vuln		source
Trend Micro	Trend Micro Security (Consumer)		Not vuln		source
Trend Micro	Trend Micro Virtual Patch for Endpoint		Investigation		source
Trend Micro	Trend Micro Web Security		Investigation		source
Trend Micro	TXOne (Edge Series)		Not vuln		source
Trend Micro	TXOne (Stekkar Series)		Not vuln		source
Trend Micro	Vision One		Fix		source
Trend Micro	Worry-Free Business Security (on-prem)		Not vuln		source
Trend Micro	Worry-Free Business Security Services		Not vuln		source
tribe29	Check_MK		Not vuln		source
Tripwire	Tripwire® Enterprise		Not vuln		source
Tripwire	Tripwire IP360™		Not vuln		source
Tripwire	Tripwire LogCenter®		Not vuln		source
Tripwire	Tripwire Industrial Visibility		Not vuln		source
Tripwire	Tripwire Apps		Not vuln		source
Tripwire	Tripwire Configuration Compliance Manager (CCM)		Not vuln		source
Tripwire	Tripwire for Servers (TFS)		Not vuln		source
Tripwire	Tripwire Connect (on-prem)		Vulnerable		source
Tripwire	Tripwire Connect SaaS (cloud)		Vulnerable		source
Tripwire	Tripwire Configuration Manager SaaS		Vulnerable		source
Tripwire	Tripwire Anyware SCM		Vulnerable		source
Tripwire	Tripwire State Analyzer		Vulnerable		source
Tripwire	Tripwire Industrial Sentinel		Workaround		source

U

Supplier	Product	Version (see Status)	Status	Notes	Links
Ubiquiti	UniFi Network Application	6.5.55	Fix	Update log4j version to 2.16.0 (CVE-2021-45046)	source
Unify	First Response OpenScape Policy Store		Vulnerable		source
Unify	Hipath DS-Win		Vulnerable		source
Unify	OpenScape Contact Center		Vulnerable		source
Unify	OpenScape Contact Media Service		Vulnerable		source
Unify	OpenScape Enterprise Express		Investigation		source
Unify	OpenScape UC	>= 10.2.9.0	Vulnerable		source
Unify	OpenScape Voice	simplex deployments	Vulnerable		source
US Signal	Remote Management and Monitoring platform		Workaround		source
USoft	USoft	9.1.1F	Vulnerable	Found by manual scanning	proof

V

Supplier	Product	Version (see Status)	Status	Notes	Links
Veeam	All products		Not vuln		source
Wildfly	Wildfly		Not vuln		source
VMware	API Portal for VMware Tanzu	1.x	Fix	Fixed in 1.0.7	source, fix
VMware	AppDefense Appliance	2.x	Workaround		source, workaround
VMware	App Metrics	2.1.1	Fix		source, fix
VMware	Carbon Black Cloud Workload Appliance	1.x	Fix	Fixed in 1.1.1	source, workaround
VMware	Carbon Black EDR Server	7.x, 6.x	Fix	Fixed in 7.6.0	source, workaround, fix
VMware	Cloud Director Object Storage Extension	2.1.x, 2.0.x	Fix	Fixed in 2.1.0.1, 2.0.0.3	source, fix
VMware	Cloud Foundation	4.x, 3.x	Workaround		source, workaround
VMware	HCX	4.2.3, 4.1.0.2	Fix		source
VMware	Healthwatch for Tanzu Application Service	2.1.7, 1.8.6	Fix		source, fix
VMware	Horizon	8.x, 7.x	Workaround		source, workaround
VMware	Horizon Cloud Connector	1.x, 2.x	Fix	Fixed in 2.1.1	source, fix
VMware	Horizon DaaS	9.1.x, 9.0.x	Workaround		source, workaround
VMware	Identity Manager	3.3.x	Workaround		source, workaround
VMware	NSX Data Center for vSphere	6.x	Workaround		source, workaround
VMware	NSX-T Data Center	3.x, 2.x	Workaround		source, workaround
VMware	Single Sign-On for VMware Tanzu Application Service	1.x	Fix	Fixed in 1.14.5	source, fix
VMware	Site Recovery Manager	8.x	Vuln		source, workaround
VMware	Spring Boot	< 2.5.8, < 2.6.2	Workaround		source
VMware	Spring Cloud Gateway for Kubernetes	1.x	Vulnerable		source
VMware	Spring Cloud Gateway for VMware Tanzu	1.x	Fix	Fixed in 1.1.3	source, fix
VMware	Spring Cloud Services for VMware Tanzu	3.x	Fix	Fixed in 3.1.26	source, fix
VMware	Tanzu Application Service for VMs	2.x	Fix	Fixed in 2.7.42, 2.10.22, 2.11.10, 2.12.3	source, workaround, fix
VMware	Tanzu GemFire	1.14.x, 1.13.x, 1.10.x	Fix	Fixed in 1.14.1, 1.13.4	source, fix
VMware	Tanzu Greenplum	6.x	Workaround		source, workaround
VMware	Tanzu Kubernetes Grid Integrated Edition	2.x	Workaround		source, workaround
VMware	Tanzu Observability by Wavefront Nozzle	3.x, 2.x	Fix	Fixed in 3.0.3	source, fix
VMware	Tanzu Operations Manager	2.x	Fix	Fixed in 2.10.23	source, workaround, fix
VMware	Tanzu SQL with MySQL for VMs	2.x, 1.x	Vulnerable		source
VMware	Telco Cloud Automation	2.x, 1.x	Vulnerable		source
VMware	Unified Access Gateway	21.x, 20.x, 3.x	Workaround		source, workaround
VMware	vCenter Cloud Gateway	1.x	Workaround		source, workaround
VMware	vCenter Server	6.x	Workaround	Running on: Windows	source, workaround
VMware	vCenter Server	7.x, 6.x	Workaround	Running on: Virtual Appliance	source, workaround
VMware	vCloud Director	all	Not vuln		source
VMware	vCloud Workstation	all	Not vuln		source
VMware	vRealize Automation	8.x, 7.x	Vulnerable		source
VMware	vRealize Lifecycle Manager	8.x	Workaround		source, workaround
VMware	vRealize Log Insight	8.x	Workaround		source, workaround
VMware	vRealize Operations	8.x	Workaround		source, workaround
VMware	vRealize Operations Cloud Proxy	Any	Workaround		source, workaround
VMware	vRealize Orchestrator	8.x, 7.x	Vulnerable		source
VMware	vSphere ESXi	Unknown	Not Vuln		source
VMware	Workspace ONE Access	21.x, 20.x	Workaround		source, workaround
VMware	Workspace ONE Access Connector (VMware Identity Manager Connector)	19.03.0.1, 20.x, 21.x	Workaround		source, workaround

W

Supplier	Product	Version	Status	Notes	Links
Watcher	Watcher	all	Not vuln		source
WatchGuard	Dimension	-	Not vuln		source
WatchGuard	Firebox	-	Not vuln		source
WatchGuard	WatchGuard EPDR and Panda AD360	-	Not vuln		source
WatchGuard	WatchGuard System Manager, Dimension, WatchGuard EPDR and Panda AD360	-	Not vuln		source
WildFly	WildFly	< 22	Not vuln	"No log4j artifact shipped"	source
WildFly	WildFly	>= 22; <= 26.0.0.Beta1	Not vuln	"ships log4j-api but not vulnerable code from log4j-core; version of log4j-api might seem to be vulnerable but is not"	source
WildFly	WildFly	> 26.0.0.Final	Not vuln	"ships log4j-api where version matches patched version"	source
Wind River	Wind River Linux	<= 8	Not vuln	"contain package log4j, but their version is 1.2.x, too old to be affected"	source
Wind River	Wind River Linux	> 8	Not vuln	no support for log4j	source
WitFoo	WitFoo Precinct	6.x	Fix	WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable	source
Wowza	Wowza Streaming Engine	4.7.8, 4.8.x	Workaround		source

X

Y

Supplier	Product	Version (see Status)	Status	Notes	Links
Yahoo	Vespa		Not vuln	Your Vespa application may still be affected if log4j is included in your application package	source
Y Soft	SAFEQ 6	<= 6.0.63	Workaround		source
Yellowfin	Yellowfin	8.0.10.3, 9.7.0.2	Fix	v7 and v6 releases are not affected unless you have manually upgraded to Log4j2	source

Z

Supplier	Product	Version (see Status)	Status	Notes	Links
Zabbix	Zabbix		Not vuln	Zabbix is aware of this vulnerability, has completed verification, and can conclude that the only product where we use Java is Zabbix Java Gateway, which does not utilize the log4j library, thereby is not impacted by this vulnerability.	source
Zammad	Zammad		Workaround	Most of Zammad instances make use of Elasticsearch which might be vulnerable.	source
Zendesk	Zendesk		Workaround	SaaS - No user action	source
Zerto	Virtual Replication Appliance		Not vuln		source
Zerto	Zerto Cloud Appliance		Not vuln		source
Zerto	Zerto Cloud Manager		Not vuln		source
Zerto	Zerto Virtual Manager		Not vuln		source
Zesty	Zesty.io		Not vuln		source
Zyxel	All products		Investigation		source