| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| APC by Schneider Electric | Powerchute Business Edition | | | Fix | | | Mitigation instructions to remove the affected class. | link |
| APC by Schneider Electric | Powerchute Network Shutdown | | | Fix | | | Mitigation instructions to remove the affected class. | link |
| ARC Informatique | All | | | Not vuln | | | | link |
| Advanced Micro Devices (AMD) | All | | | Not vuln | | | | link |
| Alfresco | All | | | Not vuln | | | | link |
| Atvise | All | | | Not vuln | | | The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. | link |
| ABB | Alarminsight Cloud | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| ABB | B&R Products | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| ABB | Remote Service | | Not vuln | Fix | | | Details are shared with customers with an active RAP subscription | source |
| Abbott | All | | | Investigation | | | | source |
| Abbott | GLP Track System | Track Sample Manager (TSM) and Track Workflow Manager (TWM) communication interfaces | | Vulnerable | Vulnerable | Vulnerable | Abbott will provide a fix for this in a future update expected in January 2022. | source |
| Abnormal Security | All | | Not vuln | Not vuln | Not vuln | Not vuln | | Abnormal Blog |
| Accellence | All | | | | | | | Accellence Article |
| Accellence Technologies | EBÜS | All | Not vuln | Workaround | | | EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-partie software setups, which may be affected (see source for more info). | source |
| Accellence Technologies | vimacc | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Accellion | Kiteworks | v7.6 release | Not vuln | Fix | | | As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to disable the possible attack vector on both CentOS 6 and CentOS 7. | Kiteworks Statement |
| Accruent | Analytics | | Not vuln | Fix | | | | source |
| Accruent | Asset Enterprise | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Accruent | BigCenter | | Not vuln | Fix | | | | source |
| Accruent | EMS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Accruent | Evoco | | Not vuln | Fix | | | | source |
| Accruent | Expesite | | Not vuln | Fix | | | | source |
| Accruent | Famis 360 | | Not vuln | Fix | | | | source |
| Accruent | Lucernex | | Not vuln | Fix | | | | source |
| Accruent | Maintenance Connection | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Accruent | Meridian | | Not vuln | Fix | | | | source |
| Accruent | Single Sign On (SSO, Central Auth) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Accruent | SiteFM3 | | Not vuln | Fix | | | | source |
| Accruent | SiteFM4 | | Not vuln | Fix | | | | source |
| Accruent | Siterra | | Not vuln | Fix | | | | source |
| Accruent | TMS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Accruent | VxField | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Accruent | VxMaintain/VxObserve/VxSustain | | Not vuln | Fix | | | | source |
| Acquia | All | | | | | | | Acquia Article |
| Acronis | All | | | Investigation | | | See further information below | source |
| Acronis | Backup | 11.7 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Acronis | Cyber Backup | 12.5 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Acronis | Cyber Files | 8.6.2 onwards | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Acronis | Cyber Infrastructure | 3.5 and 4.x | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Acronis | Cyber Protect | 15 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Acronis | Cyber Protection Home Office | 2017 onwards | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Acronis | DeviceLock DLP | 9.0 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Acronis | Files Connect | 10.7 onwards | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Acronis | MassTransit | 8.1 and 8.2 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Acronis | Snap Deploy | 5 and 6 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| ActiveState | All | | | | | | | ActiveState Blog Post |
| Acunetix | 360 | All | | Not vuln | | | | source |
| Acunetix | Agents | All | | Not vuln | | | | source |
| Acunetix | Application | All | | Not vuln | | | | source |
| Acunetix | IAST: ASP. NET | All | | Not vuln | | | | source |
| Acunetix | IAST: Java | All | Not vuln | Workaround | | | AcuSensor IAST module needs attention | source |
| Acunetix | IAST: NodeJS | All | | Not vuln | | | | source |
| Acunetix | IAST: PHP | All | | Not vuln | | | | source |
| Adaptec | All | | | | | | | Adaptec Link |
| Addigy | All | | | | | | | Addigy Blog Post |
| Adeptia | All | | | | | | | Adeptia Article |
| Adeptia | Connect | 3.3 | | Workaround | Workaround | Workaround | Advisory mentioned only log4j2 and not the CVE | source |
| Adeptia | Connect | 3.4, 3.5 | | Workaround | Workaround | Workaround | Advisory mentioned only log4j2 and not the CVE | source |
| Adeptia | Suite | 6.9.10, 6.9.11 | | Workaround | Workaround | Workaround | Advisory mentioned only log4j2 and not the CVE | source |
| Adeptia | Suite | 6.9.9 | | Workaround | Workaround | Workaround | Advisory mentioned only log4j2 and not the CVE | source |
| Adobe | Acrobat Reader | | | Not vuln | | | | source |
| Adobe | All | | | Investigation | | | | source |
| Adobe | Automated Forms Conversion Service | | | Vulnerable | | | | source |
| Adobe | ColdFusion | All | Not vuln | Fix | | | https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html Patched on Dec 17th | source |
| Adobe | Experience Manager 6.3 Forms on JEE | all versions from 6.3 GA to 6.3.3 | Not vuln | Workaround | | | | source |
| Adobe | Experience Manager 6.4 Forms Designer | | | Vulnerable | | | | source |
| Adobe | Experience Manager 6.4 Forms on JEE | all versions from 6.4 GA to 6.4.8 | Not vuln | Workaround | | | | source |
| Adobe | Experience Manager 6.5 Forms Designer | | Not vuln | Fix | | | | source |
| Adobe | Experience Manager 6.5 Forms on JEE | all versions from 6.5 GA to 6.5.11 | Not vuln | Workaround | | | | source |
| Adobe | Experience Manager Forms on OSGi | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Adobe | Experience Manager Forms Workbench | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Adobe ColdFusion | All | | | | | | | Adobe ColdFusion Link |
| ADP | All | | | Investigation | | | Patching were needed, no signs of intrusion | source |
| Advanced Systems Concepts (formally Jscape) | Active MFT | | Not vuln | Not vuln | Not vuln | Not vuln | This advisory is available to customers only and has not been reviewed by CISA | Log4J Vulnerabilty |
| Advanced Systems Concepts (formally Jscape) | MFT | | Not vuln | Not vuln | Not vuln | Not vuln | This advisory is available to customers only and has not been reviewed by CISA | Log4J Vulnerabilty |
| Advanced Systems Concepts (formally Jscape) | MFT Gateway | | Not vuln | Not vuln | Not vuln | Not vuln | This advisory is available to customers only and has not been reviewed by CISA | Log4J Vulnerabilty |
| Advanced Systems Concepts (formally Jscape) | MFT Server | | Not vuln | Not vuln | Not vuln | Not vuln | This advisory is available to customers only and has not been reviewed by CISA | Log4J Vulnerabilty |
| AFAS | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| AFAS Software | All | | | | | | | AFAS Software Link |
| AFHCAN Global LLC | AFHCANcart | 8.0.7 - 8.4.3 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| AFHCAN Global LLC | AFHCANmobile | 8.0.7 - 8.4.3 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| AFHCAN Global LLC | AFHCANServer | 8.0.7 - 8.4.3 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| AFHCAN Global LLC | AFHCANsuite | 8.0.7 - 8.4.3 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| AFHCAN Global LLC | AFHCANupdate | 8.0.7 - 8.4.3 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| AFHCAN Global LLC | AFHCANweb | 8.0.7 - 8.4.3 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Agilysys | All | | | | | | | Agilysys Link |
| Ahsay | Mobile | version 1.6+ | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Ahsay | Other products | version 8.5.4.86 (and above) | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Ahsay | PRD | version 2.0 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Aiden | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| AIL | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Akamai | Enterprise Application Access (EAA) connector | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| Akamai | Siem Integration Connector | <1.7.4 | Not vuln | Fix | Fix | Fix | Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. | source |
| Akamai | Siem Splunk Connector | =>1.4.10 | Not vuln | Not vuln | Not vuln | Not vuln | v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities. | source |
| Akamai | Siem Splunk Connector | <1.4.10 | Not vuln | Workaround | | | Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector. | source |
| Alcatel | All | | | | | | | Alcatel Link |
| Alertus | Console | 5.15.0 | Not vuln | Fix | | | | source |
| Alexion | All | | | | | | | Alexion Blog Post |
| Alexion Software | Alexion CRM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Alfresco (Hyland) | Alfresco | All | | Not vuln | | | | Alfresco Blog Post |
| AlienVault | All | | | | | | | AlienVault Article Link |
| Alphatron | AMiSconnect | | | Not vuln | | | | source |
| Alphatron | Custo diagnostics | 5.4 to 5.6 | | Vulnerable | | | Potentially vulnerable through the HL7 and DICOM communication interfaces | source |
| Alphatron | JiveX | | | Not vuln | | | | source |
| Alphatron | Zorgbericht | | | Not vuln | | | | source |
| Alphatron Medical | All | | | | | | | Alphatron Medical Website |
| Amazon | AMS | | Not vuln | Fix | | | Work in progress, portion of customers may still be vulnerable. Actively monitoring this issue, and are working on addressing it for any AMS services which use Log4j2 | source |
| Amazon | API Gateway | | Not vuln | Fix | | | | source |
| Amazon | Athena | | Not vuln | Fix | | | | source |
| Amazon | Athena JDBC driver | | Not vuln | Not vuln | Not vuln | Not vuln | All versions vended to customers were not affected | source |
| Amazon | AWS | Linux 1,2 | Not vuln | Not vuln | Not vuln | Not vuln | Notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 https://forums.aws.amazon.com/thread.jspa?threadID=323611 AWS Forum. AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2 | |
| Amazon | AWS API Gateway | All | Not vuln | Fix | | | | Amazon AWS Link |
| Amazon | AWS AppFlow | | Not vuln | Fix | | | | source |
| Amazon | AWS AppSync | | Not vuln | Fix | | | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046 | source |
| Amazon | AWS AWS Certificate Manager | | Not vuln | Fix | | | | source |
| Amazon | AWS AWS Certificate Manager Private CA | | Not vuln | Fix | | | | source |
| Amazon | AWS AWS Service Catalog | | Not vuln | Fix | | | | source |
| Amazon | AWS CloudHSM | 3.4.1 | Not vuln | Fix | | | CloudHSM JCE SDK 3.4.1 or higher is not vulnerable | source |
| Amazon | AWS CodeBuild | | Not vuln | Fix | | | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046 | source |
| Amazon | AWS CodePipeline | | Not vuln | Fix | | | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046 | source |
| Amazon | AWS Connect | All | Not vuln | Fix | | | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation | Vendor Link |
| Amazon | AWS Directory Service | | Not vuln | Fix | | | | source |
| Amazon | AWS DynamoDB | | Not vuln | Fix | | | | Update for Apache Log4j2 Issue (CVE-2021-44228) |
| Amazon | AWS EKS, ECS, Fargate | | Not vuln | Fix | | | To help mitigate the impact of the open-source Apache “Log4j2"" utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions | Update for Apache Log4j2 Issue (CVE-2021-44228) |
| Amazon | AWS Elastic Beanstalk | | Not vuln | Not vuln | Not vuln | Not vuln | Default configuration of application's usage of Log4j versions is not vulnerable | source |
| Amazon | AWS ElastiCache | | Not vuln | Fix | | | | Update for Apache Log4j2 Issue (CVE-2021-44228) |
| Amazon | AWS ELB | | Not vuln | Fix | | | | Update for Apache Log4j2 Issue (CVE-2021-44228) |
| Amazon | AWS Fargate | | Not vuln | Not vuln | Not vuln | Not vuln | Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions | source hotpatch |
| Amazon | AWS Glue | | Not vuln | Fix | | | Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j | source |
| Amazon | AWS Greengrass | | Not vuln | Fix | | | Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, an update for the Stream Manager feature is included in Greengrass patch versions 1.10.5 and 1.11.5 | source |
| Amazon | AWS Inspector | | Not vuln | Fix | | | | Update for Apache Log4j2 Issue (CVE-2021-44228) |
| Amazon | AWS IoT SiteWise Edge | | Not vuln | Fix | | | Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2) | source |
| Amazon | AWS Kinesis Data Stream | | Not vuln | Fix | | | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher) | Update for Apache Log4j2 Issue (CVE-2021-44228) |
| Amazon | AWS KMS | | Not vuln | Fix | | | | source |
| Amazon | AWS Lambda | | Not vuln | Fix | | | Vulnerable when using aws-lambda-java-log4j2 | source |
| Amazon | AWS Polly | | Not vuln | Fix | | | | source |
| Amazon | AWS QuickSight | | Not vuln | Fix | | | | source |
| Amazon | AWS RDS | | Not vuln | Fix | | | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228 | Update for Apache Log4j2 Issue (CVE-2021-44228) |
| Amazon | AWS S3 | | Not vuln | Fix | | | | Update for Apache Log4j2 Issue (CVE-2021-44228) |
| Amazon | AWS SDK | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Amazon | AWS Secrets Manager | | Not vuln | Fix | | | | source |
| Amazon | AWS SNS | | Not vuln | Fix | | | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic | Update for Apache Log4j2 Issue (CVE-2021-44228) |
| Amazon | AWS SQS | | Not vuln | Fix | | | | Update for Apache Log4j2 Issue (CVE-2021-44228) |
| Amazon | AWS Systems Manager | | Not vuln | Fix | | | | source |
| Amazon | AWS Systems Manager Agent | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Amazon | AWS Textract | | Not vuln | Fix | | | | source |
| Amazon | Chime | | Not vuln | Fix | | | Amazon Chime and Chime SDK services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046 | source |
| Amazon | Cloud Directory | | Not vuln | Fix | | | | source |
| Amazon | CloudFront | | Not vuln | Fix | | | | source |
| Amazon | CloudWatch | | Not vuln | Fix | | | | source |
| Amazon | Cognito | | Not vuln | Fix | | | | source |
| Amazon | Connect | | Not vuln | Fix | | | | source |
| Amazon | Corretto | | Not vuln | Not vuln | Not vuln | Not vuln | 10/19 release distribution does not include Log4j. Vulnerable only if customer's applications use affected versions of Apache Log4j | source |
| Amazon | DocumentDB | | Not vuln | Fix | | | | source |
| Amazon | DynamoDB | | Not vuln | Fix | | | DynamoDB and DynamoDB Accelerator have been updated | source |
| Amazon | EC2 | | Not vuln | Fix | | | Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is | source fix |
| Amazon | ECR Public | | Not vuln | Fix | | | Amazon-owned images published under a Verified Account on Amazon ECR Public are not affected by the Log4j issue | source |
| Amazon | ECS | | Not vuln | Not vuln | Not vuln | Not vuln | As an Amazon Linux package, opt-in hot-patch to mitigate the Log4j issue in JVM layer is available | source hotpatch |
| Amazon | EKS | | Not vuln | Not vuln | Not vuln | Not vuln | As a DaemonSet, opt-in hot-patch to mitigate the Log4j issue in JVM layer is available | source hotpatch |
| Amazon | Elastic Load Balancing | | Not vuln | Fix | | | Services have been updated. All Elastic Load Balancers, as well as Classic, Application, Network and Gateway, are not affected by this Log4j issue | source |
| Amazon | ElastiCache | | Not vuln | Fix | | | | source |
| Amazon | EMR | | Not vuln | Fix | | | Many customers are estimated to be vulnerable. Vulnerable only if affected EMR releases are used and untrusted sources are configured to be processed | source |
| Amazon | EventBridge | | Not vuln | Fix | | | | source |
| Amazon | Fraud Detector | | Not vuln | Fix | | | | source |
| Amazon | Inspector | | Not vuln | Fix | | | | source |
| Amazon | Inspector Classic | | Not vuln | Fix | | | | source |
| Amazon | Kafka (MSK) | | Not vuln | Fix | | | Applying updates as required, portion of customers may still be vulnerable. Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed | source |
| Amazon | Kendra | | Not vuln | Fix | | | | source |
| Amazon | Keyspaces (for Apache Cassandra) | | Not vuln | Fix | | | | source |
| Amazon | Kinesis | | Not vuln | Fix | | | Update for Kinesis Agent is available | source |
| Amazon | Kinesis Data Analytics | | Not vuln | Fix | | | Updates are available. See source for more information | source |
| Amazon | Kinesis Data Streams | | Not vuln | Fix | | | KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable | source |
| Amazon | Lake Formation | | Not vuln | Fix | | | Update in progress, portion of customers may still be vulnerable. AWS Lake Formation service hosts are being updated to the latest version of Log4j | source |
| Amazon | Lex | | Not vuln | Fix | | | | source |
| Amazon | Linux 1 (AL1) | | Not vuln | Not vuln | Not vuln | Not vuln | By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available | source hotpatch |
| Amazon | Linux 2 (AL2) | | Not vuln | Fix | | | By default not vulnerable, and a new version of Amazon Kinesis Agent which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j issue in JVM layer is available | source hotpatch |
| Amazon | Lookout for Equipment | | Not vuln | Fix | | | | source |
| Amazon | Macie | | Not vuln | Fix | | | | source |
| Amazon | Macie Classic | | Not vuln | Fix | | | | source |
| Amazon | Managed Workflows for Apache Airflow (MWAA) | | Not vuln | Fix | | | | source |
| Amazon | MemoryDB for Redis | | Not vuln | Fix | | | | source |
| Amazon | Monitron | | Not vuln | Fix | | | | source |
| Amazon | MQ | | Not vuln | Fix | | | | source |
| Amazon | Neptune | | Not vuln | Fix | | | | source |
| Amazon | NICE | | Not vuln | Fix | | | Recommended to update EnginFrame or Log4j library | source |
| Amazon | OpenSearch | R20211203-P2 | Not vuln | Fix | | | Update released, customers need to update their clusters to the fixed release | source |
| Amazon | Pinpoint | | Not vuln | Fix | | | | source |
| Amazon | RDS | Rolling update has completed | Not vuln | Fix | | | | source |
| Amazon | RDS Aurora | Rolling update has completed | Not vuln | Fix | | | | source |
| Amazon | RDS for Oracle | | Not vuln | Fix | | | | source |
| Amazon | Redshift | | Not vuln | Fix | | | | source |
| Amazon | Rekognition | | Not vuln | Fix | | | | source |
| Amazon | Route53 | | Not vuln | Fix | | | | source |
| Amazon | S3 | | Not vuln | Fix | | | | source |
| Amazon | SageMaker | | Not vuln | Fix | | | Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable only if customer's applications use affected versions of Apache Log4j | source |
| Amazon | Simple Notification Service (SNS) | | Not vuln | Fix | | | Systems that serve customer traffic are patched against the Log4j2 issue. Working to apply the patch to sub-systems that operate separately from SNS’s systems that serve customer traffic. | source |
| Amazon | Simple Queue Service (SQS) | | Not vuln | Fix | | | | source |
| Amazon | Simple Workflow Service (SWF) | | Not vuln | Fix | | | | source |
| Amazon | Single Sign-On | | Not vuln | Fix | | | | source |
| Amazon | Step Functions | | Not vuln | Fix | | | | source |
| Amazon | Timestream | | Not vuln | Fix | | | | source |
| Amazon | Translate | | Not vuln | Not vuln | Not vuln | Not vuln | Service not identified on https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ AWS Log4j Security Bulletin | Amazon Translate |
| Amazon | VPC | | Not vuln | Fix | | | | source |
| Amazon | WorkSpaces/AppStream 2.0 | | Not vuln | Fix | | | Not affected with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info | source |
| AMD | All | | Not vuln | Not vuln | Not vuln | Not vuln | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | AMD Advisory Link |
| Anaconda | All | 4.10.3 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| AOMEI | All | | | Not vuln | | | | source |
| Apache | ActiveMQ Artemis | All | Not vuln | Not vuln | Not vuln | Not vuln | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. /cisagov/log4j-affected-db/blob/develop/web/console.war/WEB-INF/lib"">web/console.war/WEB-INF/lib). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See https://issues.apache.org/jira/browse/ARTEMIS-3612 ARTEMIS-3612 for more information on that task. | ApacheMQ - Update on CVE-2021-4428 |
| Apache | Airflow | | Not vuln | Not vuln | Not vuln | Not vuln | Airflow is written in Python | Apache Airflow |
| Apache | Archiva | <2.2.6 | Not vuln | Fix | | | Fixed in 2.2.6 | source fix |
| Apache | Camel | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Apache | Camel 2 | | Not vuln | Not vuln | Not vuln | Not vuln | | APACHE CAMEL AND CVE-2021-44228 (LOG4J) |
| Apache | Camel JBang | <=3.1.4 | | Vulnerable | | | | APACHE CAMEL AND CVE-2021-44228 (LOG4J) |
| Apache | Camel K | | Not vuln | Not vuln | Not vuln | Not vuln | | APACHE CAMEL AND CVE-2021-44228 (LOG4J) |
| Apache | Camel Karaf | | | Vulnerable | | | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | APACHE CAMEL AND CVE-2021-44228 (LOG4J) |
| Apache | Camel Quarkus | | Not vuln | Not vuln | Not vuln | Not vuln | | APACHE CAMEL AND CVE-2021-44228 (LOG4J) |
| Apache | CamelKafka Connector | | Not vuln | Not vuln | Not vuln | Not vuln | | APACHE CAMEL AND CVE-2021-44228 (LOG4J) |
| Apache | Cassandra | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Apache | Druid | 0.22.1 | Not vuln | Fix | | | | source |
| Apache | Dubbo | All | Not vuln | Fix | | | | source |
| Apache | Flink | 1.15.0, 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Not vuln | Fix | | | | source |
| Apache | Fortress | < 2.0.7 | Not vuln | Fix | | | Fixed in 2.0.7 | source |
| Apache | Geode | 1.14.0 | Not vuln | Fix | | | Fixed in 1.12.6, 1.13.5, 1.14.1 | source |
| Apache | Guacamole | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Apache | Hadoop | | Not vuln | Not vuln | Not vuln | Not vuln | Uses log4j 1.x. Are https://issues.apache.org/jira/plugins/servlet/mobile#issue/HADOOP-12956 plans to migrate to log4j2 but never performed | source |
| Apache | HBase | | | Vulnerable | | | Fix is committed, but not yet released | source |
| Apache | Hive | 4.x | Not vuln | Fix | | | Fix in 4.x | source |
| Apache | James | 3.6.0 | | Vulnerable | | | | source |
| Apache | Jena | < 4.3.1 | Not vuln | Fix | | | Fixed in 4.3.1 | source |
| Apache | JMeter | Any | | Vulnerable | | | Manual Bypass | source |
| Apache | JSPWiki | 2.11.1 | Not vuln | Fix | | | | source |
| Apache | Kafka | All | Workaround | Not vuln | Not vuln | Not vuln | Uses Log4j 1.2.17 | source |
| Apache | Karaf | | | Vulnerable | | | Depends on https://github.com/ops4j/org.ops4j.pax.logging/issues/414"">PAX logging which is affected | source |
| Apache | Log4j | < 2.15.0 | Not vuln | Fix | | | | Log4j – Apache Log4j Security Vulnerabilities |
| Apache | Log4j 1.x | All | Workaround | Not vuln | Not vuln | Not vuln | | source |
| Apache | Log4j 2 | 2.3.1, 2.12.3, 2.17.0 | Not vuln | Fix | Fix | Fix | | source |
| Apache | Maven | All | | Not vuln | | | | source |
| Apache | NiFi | All | Not vuln | Fix | | | Fixed in 1.15.1, 1.16.0 | source |
| Apache | OFBiz | < 18.12.03 | Not vuln | Fix | | | Fixed in 18.12.03 | source |
| Apache | Ozone | < 1.2.1 | Not vuln | Fix | | | Fixed in 1.2.1 | source |
| Apache | SkyWalking | < 8.9.1 | Not vuln | Fix | | | Fixed in 8.9.1 | source |
| Apache | SOLR | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Not vuln | Fix | | | Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations | source |
| Apache | Spark | All | Not vuln | Not vuln | Not vuln | Not vuln | Uses log4j 1.x | source |
| Apache | Struts | 2.5.28 | | Vulnerable | | | | source |
| Apache | Struts 2 | Versions before 2.5.28.1 | Not vuln | Fix | | | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | Apache Struts Announcements |
| Apache | Tapestry | 5.7.3 | | Vulnerable | | | Uses Log4j | source |
| Apache | Tika | 2.0.0 and up | | Vulnerable | | | | source |
| Apache | Tomcat | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Apache | TrafficControl | | | Vulnerable | | | | source |
| Apache | Zookeeper | | Not vuln | Not vuln | Not vuln | Not vuln | Zookeeper uses Log4j 1.2 version | source |
| Apereo | CAS | 6.3.x & 6.4.x | Not vuln | Fix | | | Other versions still in active maintainance might need manual inspection | source |
| Apereo | Opencast | < 9.10, < 10.6 | Not vuln | Fix | | | | source |
| Apigee | Edge and OPDK products | All version | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Apollo | All | | | | | | | Apollo Community Link |
| Appdynamics | All | | | | | | | Appdynamics Advisory Link |
| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Vulnerable | | | | |
| AppGate | All | | | | | | | AppGate Blog Post |
| Appian | All | | Not vuln | Fix | | | | source |
| Appian | Platform | All | Not vuln | Fix | | | | KB-2204 Information about the Log4j2 security vulnerabilities (CVE-2021-44228 & CVE-2021-45046) |
| Application Performance Ltd | DBMarlin | Not Affected | | | | | | |
| Application Performance Ltd | DBMarlin | | Not vuln | Not vuln | Not vuln | Not vuln | | Common Vulnerabilities Apache log4j Vulnerability CVE-2021-4428 |
| APPSHEET | All | | | | | | | APPSHEET Community Link |
| Aptible | All | Search 5.x | Not vuln | Fix | | | | source |
| Aqua Security | All | | | | | | | Aqua Security Google Doc |
| Arbiter Systems | All | | Not vuln | Not vuln | Not vuln | Not vuln | | Arbiter Systems Advisory Link |
| Arca Noae | All | | | | | | | Arca Noae Link |
| Arcserve | Backup | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Arcserve | Continuous Availability | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Arcserve | Email Archiving | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Arcserve | ShadowProtect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Arcserve | ShadowXafe | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Arcserve | Solo | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Arcserve | StorageCraft OneXafe | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Arcserve | UDP | 6.5-8.3 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| ArcticWolf | All | | | | | | | ArcticWolf Blog Post |
| Arduino | IDE | 1.8.17 | Not vuln | Fix | | | | source |
| Ariba | All | | | | | | | Ariba Annoucement |
| Arista | All | | | | | | | Arista Advisory Notice |
| Arista Networks | Analytics Node for Converged Cloud Fabric (formerly Big Cloud Fabric) | >7.0.0 | | Vulnerable | | | | source |
| Arista Networks | Analytics Node for DANZ Monitoring Fabric (formerly Big Monitoring Fabric) | >7.0.0 | | Vulnerable | | | | source |
| Arista Networks | CloudVision Portal | >2019.1.0 | | Vulnerable | | | | source |
| Arista Networks | CloudVision Wi-Fi, virtual appliance or physical appliance | >8.8 | | Vulnerable | | | | source |
| Arista Networks | Embedded Analytics for Converged Cloud Fabric (formerly Big Cloud Fabric) | >5.3.0 | | Vulnerable | | | | source |
| Aruba Networks | IntroSpect | versions 2.5.0.0 to 2.5.0.6 | | Fix | | | | advbisory |
| Aruba Networks | AirWave Management Platform | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | Analytics and Location Engine | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | ArubaOS Wi-Fi Controllers and Gateways | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | ArubaOS SD-WAN Gateways | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | ArubasOS-CX Switches | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | ArubasOS-S Switches | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | Central / Central On-Premises | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | ClearPass Policy Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | EdgeConnect | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | Fabric Composer (AFC) and Plexxi Composable Fabrice Manager (CFM) | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | HP ProCurve Switches | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | Instant / Instant Access Points | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | Instant On | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | Legacy GMS products | All | Fix | Fix | Fix | | | advbisory |
| Aruba Networks | Legacy NX, VX, VRX | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | NetEdit | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | Silver Peak Orchestrator | All | Fix | Fix | Fix | | | advbisory |
| Aruba Networks | User Experience Insight (UXI) | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Aruba Networks | VIA Clients | | Not vuln | Not vuln | Not vuln | Not vuln | | advbisory |
| Ataccama | All | | | | | | | Ataccama Link |
| Atera | All | | | | | | | Atera Link |
| Atlassian | Bamboo Server & Data Center | On prem | | Vulnerable | | | Only vulnerable when using non-default config, cloud version fixed | source |
| Atlassian | BitBucket Server | On prem | Not vuln | Workaround | | | | source |
| Atlassian | Bitbucket Server & Data Center | All | Not vuln | Fix | | | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228 |
| Atlassian | Confluence Server & Data Center | On prem | | Vulnerable | | | Only vulnerable when using non-default config, cloud version fixed | source |
| Atlassian | Confluence-CIS CSAT Pro | v1.7.1 | | Vulnerable | | | | source |
| Atlassian | Confluence-CIS WorkBench | | | Not vuln | | | | source |
| Atlassian | Confluence-CIS-CAT Lite | v4.13.0 | | Vulnerable | | | | source |
| Atlassian | Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable | v3.0.77 | | Vulnerable | | | | source |
| Atlassian | Confluence-CIS-CAT Pro Assessor v4 | v4.13.0 | | Vulnerable | | | | source |
| Atlassian | Confluence-CIS-CAT Pro Assessor v4 Service | v1.13.0 | | Vulnerable | | | | source |
| Atlassian | Confluence-CIS-CAT Pro Dashboard | | | Not vuln | | | | source |
| Atlassian | Confluence-CIS-Hosted CSAT | | | Not vuln | | | | source |
| Atlassian | Crowd Server & Data Center | On prem | | Vulnerable | | | Only vulnerable when using non-default config, cloud version fixed | source |
| Atlassian | Crucible | On prem | | Vulnerable | | | Only vulnerable when using non-default config, cloud version fixed | source |
| Atlassian | Fisheye | On prem | | Vulnerable | | | Only vulnerable when using non-default config, cloud version fixed | source |
| Atlassian | Jira Server & Data Center | On prem | | Vulnerable | | | Only vulnerable when using non-default config, cloud version fixed | source |
| Attivo networks | All | | | | | | | Attivo Networks Advisory |
| AudioCodes | All | | | | | | | AudioCodes Link |
| Autodesk | All | | | Investigation | | | | source |
| Automation Anywhere | Automation 360 Cloud | | Not vuln | Fix | | | | source |
| Automation Anywhere | Automation 360 On Premise | | Not vuln | Workaround | | | | source |
| Automation Anywhere | All | 11.3.x | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Automation Anywhere | All | 11.x, <11.3.x | Not vuln | Workaround | Workaround | Workaround | | source |
| Automox | All | | | | | | | Automox Blog Post |
| Autopsy | All | | | | | | | Autopsy Link |
| Auvik | All | | | | | | | Auvik Status Link |
| Avantra SYSLINK | All | | | | | | | Avantra SYSLINK Article |
| Avaya | All | | | | | | | source |
| Avaya | Analytics | 3.5, 3.6, 3.6.1, 3.7, 4 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Aura for OneCloud Private | | | Vulnerable | | | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Aura® Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Aura® Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Aura® Device Services | 8.0.1, 8.0.2, 8.1.3 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Aura® Device Services | 8, 8.1, 8.1.4, 8.1.5 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Aura® Media Server | 8.0.0, 8.0.1, 8.0.2 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Aura® Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Aura® Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Aura® System Manager | 10.1, 8.1.3 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Aura® Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1 [P], 3.9[P] | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Breeze™ | 3.7, 3.8, 3.8.1 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Business Rules Engine | 3.4, 3.5, 3.6, 3.7 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Callback Assist | 5, 5.0.1 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Contact Center Select | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Control Manager | 9.0.2, 9.0.2.1 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | CRM Connector - Connected Desktop | 2.2 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Device Enablement Service | 3.1.22 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Device Enrollment Service | 3.1 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Equinox™ Conferencing | 9.1.2 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Interaction Center | 7.3.9 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | IP Office™ Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Meetings | 9.1.10, 9.1.11, 9.1.12 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | one cloud private -UCaaS - Mid Market Aura | 1 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | OneCloud-Private | 2 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Proactive Outreach Manager | 3.1.2, 3.1.3, 4, 4.0.1 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Session Border Controller for Enterprise | 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | Not vuln | Fix | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Social Media Hub | | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| Avaya | Workforce Engagement | 5.3 | | Vulnerable | | | | Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security |
| AVEPOINT | All | | | | | | | AVEPOINT Notification |
| AVM | All | devices, firmware, software incl. MyFritz Service | | Not vuln | | | | source |
| AvTech RoomAlert | All | | | | | | | AvTech RoomAlert Article |
| AWS New | All | | | | | | | AWS New Security Bulletin |
| AXIS | OS | All | | Not vuln | | | | source |
| AXON | All | | | | | | | AXON Link |
| AXS Guard | All | | | | | | | AXS Guard Blog Post |
| Axways Applications | All | | | | | | | Axways Applications Link |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| Best Practical | Request Tracker (RT) | | | Not vuln | | | | link |
| Best Practical | Request Tracker for Incident Response (RTIR) | | | Not vuln | | | | link |
| B. Braun | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| B&R Industrial Automation | APROL | | Not vuln | Not vuln | Not vuln | Not vuln | | B&R Statement |
| Backblaze | Cloud | N/A (SaaS) | Not vuln | Fix | | | Cloud service patched | source |
| BackBox | All | | | | | | | BackBox Update |
| Balbix | All | | | | | | | Balbix Blog Post |
| Baramundi Products | All | | | | | | | Baramundi Products Forum |
| Barco | Demetra | | Investigation | Investigation | Investigation | Investigation | | source |
| Barco | OpSpace | 1.8 - 1.9.4.1 | Not vuln | Fix | Vulnerable | Vulnerable | | source |
| Barco | Other products | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Barracuda | All | | | | | | | Barracuda Link |
| Basis Technology | Autopsy | 4.18.0 onwards | Not vuln | Workaround | | | version 4.18.0 onwards use Apache Solr 8 | source |
| Baxter | All | | | | | | | Baxter Advisory Link |
| BBraun | APEX® Compounder | | Not vuln | Not vuln | Not vuln | Not vuln | | BBraun Advisory Link |
| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | Not vuln | Not vuln | Not vuln | Not vuln | | BBraun Advisory Link |
| BBraun | Outlook® Safety Infusion System Pump family | | Not vuln | Not vuln | Not vuln | Not vuln | | BBraun Advisory Link |
| BBraun | Pinnacle® Compounder | | Not vuln | Not vuln | Not vuln | Not vuln | | BBraun Advisory Link |
| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | Not vuln | Not vuln | Not vuln | Not vuln | | BBraun Advisory Link |
| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | Not vuln | Not vuln | Not vuln | Not vuln | | BBraun Advisory Link |
| BCT | BerichtenCentrale (BCE) & Integrations | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BCT | CORSA | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BCT | e-Invoice | 2.10.210 | Not vuln | Fix | Fix | Fix | Details are shared on BCT portal. | source |
| BCT | IDT | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BCT | iGEN | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BCT | LIBER | 1.125.3 | Not vuln | Fix | Fix | Not vuln | Details are shared on BCT portal. | source |
| BD | ® LSR II | All | | Not vuln | Not vuln | | | source |
| BD | ® Research Cloud | All | | Not vuln | Not vuln | | | source |
| BD | Accuri™ C6 Plus | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Auto-ID Module Model | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ CC Plus Syringe Pump | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Communications Engine | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ CQI Event Reporter | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Enteral Plus Syringe Pump | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Gateway Workstation | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ GP Plus Guardrails™ Volumetric Pump | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ GP Plus Volumetric Pump | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Guardrails™ Editor | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Infusion Central | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ neXus CC Syringe Pump | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ neXus Editor v5.0 | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ neXus GP Volumetric Pump | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ PCA Module Model 8120 | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ PK Plus Syringe Pump | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Plus Editor | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Point-of-Care Software | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Point-of-Care Unit (PCU) Model 8015 | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Pump Module Model 8100 | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Syringe Module Model 8110 | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ System Maintenance | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Systems Manager | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ Technical Utility (ATU) | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ TiVA Syringe Pump | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™ VP Plus Guardrails™ Volumetric Pump | All | | Not vuln | Not vuln | | | source |
| BD | Alaris™CCPlusGuardrails™SyringePump | All | | Not vuln | Not vuln | | | source |
| BD | Arctic Sun™ 5000 Temperature Management System | All | | Not vuln | Not vuln | | | source |
| BD | Arctic Sun™ 6000 Stat Temperature Management System | All | | Not vuln | Not vuln | | | source |
| BD | Arctic Sun™ Analytics | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | Assurity Linc™ | All | | Not vuln | Not vuln | | | source |
| BD | BACTEC™ 9050/9120/9240 | All | | Not vuln | Not vuln | | | source |
| BD | BACTEC™ FX | All | | Not vuln | Not vuln | | | source |
| BD | BACTEC™ FX40 | All | | Not vuln | Not vuln | | | source |
| BD | BACTEC™ MGIT™ | All | | Not vuln | Not vuln | | | source |
| BD | Care Coordination Engine (CCE) | All | | Not vuln | Not vuln | | | source |
| BD | Cato™ | All | | Not vuln | Not vuln | | | source |
| BD | COR™ | All | | Not vuln | Not vuln | | | source |
| BD | CoreLite | All | | Not vuln | Not vuln | | | source |
| BD | Diabetes Care App Cloud | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | EnCor Enspire® Breast Biopsy System | All | | Not vuln | Not vuln | | | source |
| BD | EnCor Ultra® Breast Biopsy System | All | | Not vuln | Not vuln | | | source |
| BD | EpiCenter™ | All | | Not vuln | Not vuln | | | source |
| BD | FACS™ Lyse Wash Assistant | All | | Not vuln | Not vuln | | | source |
| BD | FACS™ Sample Prep Assistant (SPA) III | All | | Not vuln | Not vuln | | | source |
| BD | FACS™ Workflow Manager | All | | Not vuln | Not vuln | | | source |
| BD | FACSAria™ Fusion | All | | Not vuln | Not vuln | | | source |
| BD | FACSAria™ II | All | | Not vuln | Not vuln | | | source |
| BD | FACSAria™ III | All | | Not vuln | Not vuln | | | source |
| BD | FACSCanto™ 10-color | All | | Not vuln | Not vuln | | | source |
| BD | FACSCanto™ 10-color clinical | All | | Not vuln | Not vuln | | | source |
| BD | FACSCanto™ II (w Diva 9.0) | All | | Not vuln | Not vuln | | | source |
| BD | FACSCanto™ II clinical | All | | Not vuln | Not vuln | | | source |
| BD | FACSCelesta™ | All | | Not vuln | Not vuln | | | source |
| BD | FACSDuet™ | All | | Not vuln | Not vuln | | | source |
| BD | FACSLink™ | All | | Not vuln | Not vuln | | | source |
| BD | FACSLyric™ | All | | Not vuln | Not vuln | | | source |
| BD | FACSMelody™ | All | | Not vuln | Not vuln | | | source |
| BD | FACSPresto™ | All | | Not vuln | Not vuln | | | source |
| BD | FACSVia™ | All | | Not vuln | Not vuln | | | source |
| BD | FACSymphony™ A1 | All | | Not vuln | Not vuln | | | source |
| BD | FACSymphony™ A3 / A5 | All | | Not vuln | Not vuln | | | source |
| BD | FACSymphony™ S6 | All | | Not vuln | Not vuln | | | source |
| BD | FlowJo™ Portal | All | | Not vuln | Not vuln | | | source |
| BD | FlowJo™ Software | All | | Not vuln | Not vuln | | | source |
| BD | FocalPoint™ APPS instrument | All | | Not vuln | Not vuln | | | source |
| BD | FocalPoint™ APPS workstation | All | | Not vuln | Not vuln | | | source |
| BD | FocalPoint™ LLS/SLS/GSRS | All | | Not vuln | Not vuln | | | source |
| BD | HD Check system | All | | Not vuln | Not vuln | | | source |
| BD | HealthSight™ Clinical Advisor | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | HealthSight™ Data Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | HealthSight™ Diversion Management | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | HealthSight™ Infection Advisor | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | HealthSight™ Inventory Optimization Analytics | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | HealthSight™ Medication Safety | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | Influx™ | All | | Not vuln | Not vuln | | | source |
| BD | Intelliport™ | All | | Not vuln | Not vuln | | | source |
| BD | Intelliport™ Medication Management System | All | | Not vuln | Not vuln | | | source |
| BD | Kiestra™ InoqulA | All | | Not vuln | Not vuln | | | source |
| BD | Kiestra™ InoqulA+ | All | | Not vuln | Not vuln | | | source |
| BD | Knowledge Portal for Pyxis™ Supply | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | Knowledge Portal for Infusion Technologies | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | Knowledge Portal for Medication Technologies | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | LSRFortessa™ | All | | Not vuln | Not vuln | | | source |
| BD | LSRFortessa™ X-20 | All | | Not vuln | Not vuln | | | source |
| BD | MAX™ | All | | Not vuln | Not vuln | | | source |
| BD | Phoenix™ 100 | All | | Not vuln | Not vuln | | | source |
| BD | Phoenix™ AP | All | | Not vuln | Not vuln | | | source |
| BD | Phoenix™ M50 | All | | Not vuln | Not vuln | | | source |
| BD | PleurX | All | | Not vuln | Not vuln | | | source |
| BD | Prevue™ II Peripheral Vascular Access System | All | | Not vuln | Not vuln | | | source |
| BD | Probetec™ | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ Anesthesia Station 4000 | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ Anesthesia Station ES | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ CIISafe™ | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ CUBIE™ System | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ ES System | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ IV Prep | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ Logistics (Pyxis™ Pharmogistics™) | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ Med Link Queue & Waste | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ MedBank | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ MedStation™ 4000 System | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ MedStation™ ES | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ Order Viewer | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ ParAssist | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ PARx™ | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ PharmoPack™ | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ ReadyMed | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ SupplyStation™ | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ Tissue & Implant Management System | All | | Not vuln | Not vuln | | | source |
| BD | Pyxis™ Track and Deliver | All | | Not vuln | Not vuln | | | source |
| BD | QUANTAFLO™ Peripheral Arterial Disease Test | All | | Not vuln | Not vuln | | | source |
| BD | Remote Support Services (RSS) | All | | Not vuln | Not vuln | | | source |
| BD | Restock Order | All | | Not vuln | Not vuln | | | source |
| BD | Rhapsody™ Single-Cell Analysis System | All | | Not vuln | Not vuln | | | source |
| BD | Rowa™ - Dose (Windows 10 platform) | All | | Not vuln | Not vuln | | | source |
| BD | Rowa™ - Dose (Windows 7 Workstations only) | All | | Not vuln | Not vuln | | | source |
| BD | Rowa™ - ProLog | All | | Not vuln | Not vuln | | | source |
| BD | Rowa™ - Smart | All | | Not vuln | Not vuln | | | source |
| BD | Rowa™ - Vmax | All | | Not vuln | Not vuln | | | source |
| BD | Rowa™ Pouch Packaging Systems | All | | Not vuln | Not vuln | | | source |
| BD | Sensica™ Urine Output System | All | | Not vuln | Not vuln | | | source |
| BD | SeqGeq™ Software | All | | Not vuln | Not vuln | | | source |
| BD | Sherlock 3CG™ Standalone Tip Confirmation Systems | All | | Not vuln | Not vuln | | | source |
| BD | Site~Rite Prevue® PICC Ultrasound Systems | All | | Not vuln | Not vuln | | | source |
| BD | Site~Rite Prevue® Plus Ultrasound Systems | All | | Not vuln | Not vuln | | | source |
| BD | Site~Rite™ 8 Ultrasound Systems | All | | Not vuln | Not vuln | | | source |
| BD | Specimen Collection Verification | All | | Not vuln | Not vuln | | | source |
| BD | Synapsys™ Informatics Solution | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | Totalys™ DataLink | All | | Not vuln | Not vuln | | | source |
| BD | Totalys™ Multiprocessor | All | | Not vuln | Not vuln | | | source |
| BD | Totalys™ SlidePrep | All | | Not vuln | Not vuln | | | source |
| BD | Veritor™ | All | | Not vuln | Not vuln | | | source |
| BD | Veritor™ COVID At Home Solution Cloud | | Not vuln | Not vuln | Not vuln | Not vuln | | BD Advisory Link |
| BD | Viper™ LT | All | | Not vuln | Not vuln | | | source |
| BD | Viper™ XTR™ | All | | Not vuln | Not vuln | | | source |
| Beckman Coulter | Blood Bank | PK7300, PK7400 | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Chemistry Systems | AU Models (DxC700AU, AU480, AU640, AU680, AU 2700, AU5400, AU5800, AU5800) | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Chemistry Systems | Unicel DxC 600, Unicel DxC 800 | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Hematology | Ac•T Family, Ac•T 5diff | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Hematology | DxH 500/520/560, 600, 800, 900, 690T, SMS, SMS II | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Hematology | HmX, HmX AL | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Hematology | LH 500, LH750, LH780, LH785, LH Slidemaker, LH Slidestraine | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Immunoassay Systems | Access 2, Unicel DxI 600, Unicel DxI 800 | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Information Systems | DxONE Insights | | Fix | Fix | | The Log4j patch has been applied. | source |
| Beckman Coulter | Information Systems | DxONE Inventory Manager | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Information Systems | DxONE Workflow Manager | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Information Systems | PROService, RAP Box | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Information Systems | REMISOL ADVANCE | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Lab Automation | AutoMate 1200, 1250, 2500, 2550 | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Lab Automation | DxA 5000, DxA 5000 Fit | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Lab Automation | Ipaw, ISB (Intelligent Sample Banking), Sorting Drive | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Lab Automation | Power Express, Power Processor, Power Link | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Microbiology | LabPro Workstation and Database Computers | | Workaround | Workaround | | See source for instructions | source |
| Beckman Coulter | Microbiology | MicroScan autoSCAN-4, HighFlexX Software, WalkAway 40 SI, ,WalkAway 96 SI, WalkAway 40 plus, WalkAway 96 plus, DxM WalkAway 1040 , DxM WalkAway 1096, DxM Autoplak | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Nephelometry | IMMAGE 800 | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Urinalysis | DxU (DxUm, DxUc, DxU Workcell) | | Not Vuln | Not Vuln | | | source |
| Beckman Coulter | Urinalysis | iRICELL, iQ Workcell, iChemVELOCITY, iQ200 | | Not Vuln | Not Vuln | | | source |
| Beijer Electronics | acirro+ | | Not vuln | Not vuln | Not vuln | Not vuln | | Beijer Electronics Advisory Link |
| Beijer Electronics | BFI frequency inverters | | Not vuln | Not vuln | Not vuln | Not vuln | | Beijer Electronics Advisory Link |
| Beijer Electronics | BSD servo drives | | Not vuln | Not vuln | Not vuln | Not vuln | | Beijer Electronics Advisory Link |
| Beijer Electronics | CloudVPN | | Not vuln | Not vuln | Not vuln | Not vuln | | Beijer Electronics Advisory Link |
| Beijer Electronics | FnIO-G and M Distributed IO | | Not vuln | Not vuln | Not vuln | Not vuln | | Beijer Electronics Advisory Link |
| Beijer Electronics | iX Developer | | Not vuln | Not vuln | Not vuln | Not vuln | | Beijer Electronics Advisory Link |
| Beijer Electronics | Nexto modular PLC | | Not vuln | Not vuln | Not vuln | Not vuln | | Beijer Electronics Advisory Link |
| Beijer Electronics | Nexto Xpress compact controller | | Not vuln | Not vuln | Not vuln | Not vuln | | Beijer Electronics Advisory Link |
| Beijer Electronics | WARP Engineering Studio | | Not vuln | Not vuln | Not vuln | Not vuln | | Beijer Electronics Advisory Link |
| Belden | all Hirschmann networking devices and software tools | | | Not vuln | | | Hirschmann is a brand of Belden | source |
| Bender | All | | | | | | | Bender Link |
| Bender GmbH und Co. KG | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) | All | | | | | | | Vendor Link |
| BeyondTrust | Privilege Management Cloud | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BeyondTrust | Privilege Management Reporting | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BeyondTrust | Privilege Management Reporting in BeyondInsight | 21.2 | Not vuln | Fix | | | | Security Advisory – Apache Log4j2 CVE 2021-44228 (Log4Shell) |
| BeyondTrust | Secure Remote Access appliances | | Not vuln | Not vuln | Not vuln | Not vuln | | Security Advisory – Apache Log4j2 CVE 2021-44228 (Log4Shell) |
| BeyondTrust Bomgar | All | | | | | | | BeyondTrust Bomgar Link |
| BigBlueButton | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BioJava | Java library for processing biological data | 6.0.3 | Not vuln | Fix | Fix | Fix | | source |
| BioMerieux | All | | | Investigation | | | | BioMerieux Advisory Link |
| BisectHosting | All | | | | | | | BisectHosting Link |
| Bitdefender | GravityZone On-Premises | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Bitnami | All | | Not vuln | Fix | | | | source |
| BitNami By VMware | All | | | | | | | BitNami By VMware |
| BitRise | All | | | | | | | BitRise Post |
| Bitwarden | All | All | | Not vuln | | | | source |
| Biztory | Fivetran | | Not vuln | Not vuln | Not vuln | Not vuln | | Apache Log4j2 Vulnerability - Updates For Biztory Clients |
| Black Kite | All | | | | | | | Black Kite Link |
| BlackBerry | 2FA | All | Not vuln | Workaround | | | | source |
| BlackBerry | Enterprise Mobility Server | 2.12 and above | Not vuln | Workaround | | | | source |
| BlackBerry | Workspaces On-prem Server | All | Not vuln | Workaround | | | | source |
| Blancco | All | | | | | | | Blancco Support Link |
| BleftSign | All | | | | | | | BleftSign Link |
| Bluemind | All | 3.5.x and 4.x | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Blumira | All | | | | | | | Blumira Link |
| BMC | 3270 SUPEROPTIMIZER/CI | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | 3270 SUPEROPTIMIZER/CICS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Apptune for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Backup and Recovery for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Batch Optimizer | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Capacity Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Catalog Manager for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Catalog Manager for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Change Manager for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Change Manager for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Change Manager for IMS for DBCTL | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Change Manager for IMS TM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Change Manager Virtual Terminal for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Check for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Command Center for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Command Center for Security | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Console management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Copy for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Cost Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Data Packer for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Database Administration for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Database Advisor for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Database Integrity for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Database Performance for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Datastream for Ops | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Defender for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Defender for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Defender for McAfee DAM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Defender for Ops Insight | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Defender for z/Linux | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Defender for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Defender for z/OS GSIP Package | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Defender for z/VM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Defender TCP/IP Receiver | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI DevOps for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Energizer for IMS Connect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Enterprise Connector | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Extended Terminal Assist for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Fast Path Indexer for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Fast Path Online Analyzer for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Fast Path Online Image Copy for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Fast Path Online Reorg for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Fast Path Online Restructure for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Fast Path Recovery for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Fast Path Restart for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Large Object Management for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Load for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI LOBMaster for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Log Analyzer for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Log Master for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Message Advisor for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Online Reorg for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | AMI Ops Automation | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Automation for Capping | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Common Rest API (CRA) | 2.0 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | AMI Ops for Networks | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Infrastructure (MVI) - CRA | 7.0 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | AMI Ops Insight | 1.0 | Not vuln | Vulnerable | Vulnerable | Investigation | | source |
| BMC | AMI Ops Insight | 1.2 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | AMI Ops Monitor for CICS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor for CMF | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor for IMS Offline | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor for IMS Online | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor for IP | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor for JE | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor for MQ | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor for USS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor for WAS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops Monitor SYSPROG Services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Ops UI | 1.1 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | AMI Partitioned Database Facility for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Pointer Checker for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Pool Advisor for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Products | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | AMI Recover for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Recovery for VSAM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Recovery Manager for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Reorg For Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Reorg for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Security Administrator | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Security Policy Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Security Privileged Access Manager (also called BMC AMI Security Breakglass) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Security Privileged Access Manager (BMC AMI Security Breakglass) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Security Self Service Password Reset | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI SQL Explorer for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI SQL Performance for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Stats for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Storage | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Unload for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Utilities for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Utility Management for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AMI Utility Manager for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Application Accelerator for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Application Restart Control for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Application Restart Control for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Application Restart Control for VSAM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | AR System | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Bladelogic Database Automation | 20.19.01, 20.19.02, 20.19.03, 20.20.01 20.20.02 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | Bladelogic Database Automation | 8.9.03 | Not vuln | Vulnerable | Vulnerable | Investigation | | source |
| BMC | Change Accumulation Plus | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Check Plus for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Client Gateway (Kaazing) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Client Management | 21.02.00, 21.02.01, 21.02.02 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | Cloud Lifecycle Management | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | CMDB | All | Investigation | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Compuware Abend-Aid | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Application Audit | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware DevEnterprise | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Enterprise Common Components (ECC) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Enterprise Services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Enterprise Services (CES) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware File-AID Data Privacy | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware File-AID Data Solutions | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware File-AID for DB2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware File-AID for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware File-AID/MVS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware File-AID/RDX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Hiperstation ALL Product Offerings | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware ISPW | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware iStrobe | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Program Analyzer | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Storage Backup and Recovery | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Storage Migration | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Storage Performance | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Strobe | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware ThruPut Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Topaz Connect (including NXPromote) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Topaz Enterprise Data | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Topaz for Java Performance | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Topaz for Total Test | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Topaz Program Analysis | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Topaz Workbench | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Xpediter/CICS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Xpediter/Code Coverage | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Xpediter/TSO and IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware Xpediter/Xchange | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Compuware zAdviser | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Concurrent Reorg Facility | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Conditional Image Copy | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Control-M | 9.0.18.x, 9.0.19.x, 9.0.20.x | Not vuln | Workaround | Workaround | Investigation | ETA Dec 30, 2021 | source |
| BMC | COPE for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | DASD Manager for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | DASD Manager Plus for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Data Accelerator Compression | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Db2 Plus Utilities | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Defender Agent Configuration Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Defender Agent for SAP | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Defender Agent for Unix/Linux | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Defender Agent for Windows | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Defender App for Splunk | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Defender SIEM Correlation Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Defender SIEM for Motorola | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Defender SIEM for NNT | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Defender SyslogDefender | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Defender Windows Agent for Splunk | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Delta IMS DB/DC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Delta IMS Virtual Terminal | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Discovery | 12.0.x, 20.08.x, 21.05.x, 21.3.x | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | Discovery for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | ExceptionReporter | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Extended Buffer Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Fast Path Analyzer/EP | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Fast Path Reorg/EP | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Fast Reorg Facility | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Fast Reorg Facility/EP | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | FASTCPK | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | FATSCOPY | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | FDR | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | FDR/UPSTREAM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | FDRABR | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | FDRERASE | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | FDRMOVE | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | FDRPAS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | FDRPASVM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | FDRREORG | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Footprints | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Helix Automation Console | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Business Workflows | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Helix Client Management | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Cloud Cost | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Cloud Security | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix CMDB | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Continuous Optimization | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Continuous Optimization – Agents | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Helix Continuous Optimization (REE) | 21.3.x | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | Helix Control-M | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Data Manager | 2.7, 21.05, 21.3.x | Not vuln | Vulnerable | Vulnerable | Investigation | ETA Dec 21, 2021 | source |
| BMC | Helix Digital Workplace | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Discovery | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Helix Discovery Outpost | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Helix ITSM | < 21.x | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Helix ITSM | 21.x | Not vuln | Vulnerable | Vulnerable | Investigation | ETA Dec 23, 2021 | source |
| BMC | Helix Knowledge Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Helix Operations Management with AIOps | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Platform | All | Not vuln | Vulnerable | Vulnerable | Vulnerable | | source |
| BMC | Helix platform | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Remediate | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Remedyforce | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Helix Virtual Agent | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | IAM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Image Copy Plus | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | ITSM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | License Usage Collection Utility | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | LOADPLUS for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | LOADPLUS for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | LOADPLUS/EP for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Local Copy Plus | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | MainView Explorer | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | MainView Middleware Administrator | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | MainView Middleware Monitor | 9.1 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | MainView Transaction Analyzer | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | MainView Vistapoint & Energizer | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | MAXM Reorg for IMS with Online/Defrag Feature | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | MAXM Reorg/EP for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | MAXM Reorg/EP for IMS with Online/Defrag Feature | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Mid-Tier | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Next Generation Logger (NGL) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Opertune for DB2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Partner KMs Hardware Sentry Open Telemetry Collector | 1.0 | Not vuln | Workaround | Workaround | Investigation | ETA Dec 22, 2021 | source |
| BMC | Partner KMs Storage All-in-One ETL for BMC TrueSight Capacity Optimization | 1.6 | Not vuln | Workaround | Workaround | Investigation | ETA Dec 22, 2021 | source |
| BMC | Partner KMs Storage Analyzer KM for PATROL | 1.2 | Not vuln | Workaround | Workaround | Investigation | ETA Dec 22, 2021 | source |
| BMC | PATROL Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | PATROL Agent (TSOM & BHOM) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Patrol for Linux KM | 20.05.01 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | Patrol for Sybase | 20.02.02 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | PATROL Knowledge Modules - PATROL KM (except Sybase and Linux) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Plus Utilities | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Prefix Resolution Plus | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Prefix Update for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Recovery Advisor for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Recovery Manager for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Recovery Plus for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Release Package and Deployment | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Release Process Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Remedy ITSM (IT Service Management) | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | Remedy Smart Reporting | 20.02.x, 20.08.x, 21.05.x, 21.3.x | Not vuln | Vulnerable | Vulnerable | Investigation | ETA Dec 21, 2021 | source |
| BMC | Reorg Plus for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Resident Security Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | RSSO Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | RSSO Auth Proxy | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | RSSO DataTransfer tool | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | RSSO Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Runtime Component System (RTCS) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Secondary Index Utility | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Secondary Index Utility/EP | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | SLM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | SmartIT | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Snapshot Upgrade Feature | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | SRM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Track-It! | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | TrueSight Automation Console | 19.1 | Not vuln | Vulnerable | Vulnerable | Investigation | | source |
| BMC | TrueSight Automation Console | 20.02, 20.02.01, 20.08.00, 20.08.01, 21.02.00, 21.02.01, 21.3 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TrueSight Automation for Networks | 20.02.00, 20.02.01, 20.02.02, 20.02.03, 21.08.00 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TrueSight Automation for Servers | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | TrueSight Automation for Servers - Data Warehouse | 20.02.01, 21.02, 21.3.00 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TrueSight Capacity Optimization | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | TrueSight Capacity Optimization - Agents | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | TrueSight Infrastructure Management | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | TrueSight Operations Management | | | Investigation | | | | BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community |
| BMC | TrueSight Operations Management Reporting | 11.3.02 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TrueSight Operations Management: App Visibility Manager | 11.3.03 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TrueSight Operations Management: Infrastructure Management | 11.3.05 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TrueSight Operations Management: IT Data Analytics | 11.3.02 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TrueSight Operations Management: Presentation Server | 11.3.02,11.3.03 , 11.3.04, 11.3.05 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TrueSight Orchestration | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | TrueSight Server Automation | 20.02.01, 21.02, 21.02.01, 21.3.00 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TrueSight Smart Reporting | 11.3.02 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TrueSight Smart Reporting Platform | 20.02.02 | Not vuln | Workaround | Workaround | Investigation | | source |
| BMC | TSCO For Mainframes | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | ULTRAOPT/CICS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | ULTRAOPT/IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | Unload Plus for Db2 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | UNLOAD PLUS for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | UNLOAD PLUS/EP for IMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | User Interface Middleware (UIM) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | UXF for IMS (non product) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | VSAM Optimization | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| BMC | zDetect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Bosch | IoT suite | | | Not vuln | | | | source |
| Bosch Rexroth | Bosch IoT gateway | 3.7.0 | Fix | Fix | Fix | Fix | | source |
| Bosch Security Systems | PRAESENSA PRA-APAS | 1.0.32 | | Fix | | | | source |
| Bosch Security Systems | Other products | | | Not vuln | | | | source |
| Boston Scientific | Heart Connect Tablet | 3933 | | Not vuln | | | | source |
| Boston Scientific | LATITUDE Clarity™ | 7260 | | Not vuln | | | | source |
| Boston Scientific | LATITUDE Consult™ | 6297 | | Not vuln | | | | source |
| Boston Scientific | LATITUDE Link™ | 6215 | Not vuln | Workaround | | | Customer action needed to secure customer system. | source |
| Boston Scientific | LATITUDE™ Classic | 6488 | | Not vuln | | | | source |
| Boston Scientific | LATITUDE™ Communicators | 6280, 6288, 6290, 6299, 6420, 6443, 6468, 6476, 6496, 6498 | | Not vuln | | | | source |
| Boston Scientific | LATITUDE™ EMR Secure Courier Client | 6455, 6624 | | Not vuln | | | | source |
| Boston Scientific | LATITUDE™ NXT | 6446, 6447, 6448, 6449, 6460 | | Not vuln | | | | source |
| Boston Scientific | LATITUDE™ Programmer & Apps | 3300 | | Not vuln | | | | source |
| Boston Scientific | LUX-Dx™ Clinic Assistant App | 2935, 6256 | | Not vuln | | | | source |
| Boston Scientific | MyLATITUDE™ Patient App | | | Not vuln | | | | source |
| Boston Scientific | myLUX™ Patient App | 2925, 6259 | | Not vuln | | | | source |
| Boston Scientific | ZOOM™ Programmer & Apps | 3120 | | Not vuln | | | | source |
| Box | All | | | | | | | Box Blog Post |
| Brainworks | All | | | | | | | Brainworks Link |
| Brian Pangburn | SwingSet | < 4.0.6 | Not vuln | Fix | | | | source |
| Broadcom | Advanced Secure Gateway (ASG) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Automic Automation | | | | | | | Broadcome Automic Automation Link |
| Broadcom | BCAAA | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | CA Advanced Authentication | 9.1 & 9.1.01 & 9.1.02 | Not vuln | Workaround | | | | source |
| Broadcom | CA Risk Authentication | | | Vulnerable | | | | |
| Broadcom | CA Strong Authentication | | | Vulnerable | | | | |
| Broadcom | Cloud Workload Assurance (CWA) | | | Fix | Fix | | The complete remediation was deployed on Dec 23. | source |
| Broadcom | Cloud Workload Protection (CWP) | | | Fix | Fix | | The complete remediation was deployed on Dec 23. | source |
| Broadcom | Cloud Workload Protection for Storage (CWP:S) | | | Fix | Fix | | The complete remediation was deployed on Dec 23. | source |
| Broadcom | CloudSOC Cloud Access Security Broker (CASB) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Content Analysis (CA) | | | Investigation | | | | Broadcom Support Portal |
| Broadcom | Content Analysis (CA)(SEPM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Critical System Protection (CSP) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Data Center Security (DCS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Data Loss Prevention (DLP) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Email Security Service (ESS) | | Not vuln | Fix | | | An initial remediation was deployed on Dec 13. Further investigation showed that the initial remediation is no longer considered sufficient. The complete remediation was deployed on Dec 17 | source |
| Broadcom | Ghost Solution Suite (GSS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | HSM Agent | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Industrial Control System Protection (ICSP) | | Not vuln | Not vuln | Fix | Not vuln | Further investigation showed that the initial remediation is no longer considered sufficient. The complete remediation was deployed on Dec 21. | source |
| Broadcom | Information Centric Analytics (ICA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Information Centric Tagging (ICT) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Integrated Cyber Defense Exchange (ICDx) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Integrated Cyber Defense Manager (ICDm) | | | Investigation | | | | Broadcom Support Portal |
| Broadcom | Integrated Secure Gateway (ISG) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Intelligence Services / WebFilter / WebPulse | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | IT Analytics (ITA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | IT Management Suite | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Layer7 API Developer Portal | 4.4, 4.5, 5.0 & 5.0 CR1, 5.0.2 & 5.0.2.1 | Not vuln | Workaround | Workaround | | | source |
| Broadcom | Layer7 API Developer Portal SaaS | 5.0.3 | Not vuln | Workaround | Workaround | | | source |
| Broadcom | Layer7 API Gateway | 9.4, 10.0, 10.1 | Not vuln | Workaround | Workaround | | | source |
| Broadcom | Layer7 Live API Creator | 5.4, 5.1-5.3 (EOS) | Not vuln | Workaround | | | | source |
| Broadcom | Layer7 Mobile API Gateway | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | LiveUpdate Administrator (LUA) | 2.3.10 | | Fix | Fix | | | source |
| Broadcom | Management Center (MC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Mirror Gateway | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | PacketShaper (PS) S-Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | PolicyCenter (PC) S-Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Privileged Access Manager | | | Investigation | | | | Broadcom Support Portal |
| Broadcom | Privileged Access Manager Server Control | | | Investigation | | | | Broadcom Support Portal |
| Broadcom | Privileged Identity Manager | | | Investigation | | | | Broadcom Support Portal |
| Broadcom | ProxySG | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Reporter | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Secure Access Cloud (SAC) | | | Fix | | | | source |
| Broadcom | Security Analytics (SA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | ServiceDesk | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | SiteMinder (CA Single Sign-On) | 12.8.x Policy Server, 12.8.04 or later Administrative UI, 12.8.x Access Gateway, 12.8.x SDK, 12.7 and 12.8 ASA Agents | Not vuln | Workaround | Not vuln | Not vuln | | source |
| Broadcom | SSL Visibility (SSLV) | | | Investigation | | | | source |
| Broadcom | Symantec Advanced Authentication | 9.1, 9.1.01, 9.1.02 | Not vuln | Fix | Fix | Fix | | source |
| Broadcom | Symantec Control Compliance Suite (CCS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Symantec Directory | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Symantec Endpoint Detection and Response (EDR) | 4.6.8 | Not vuln | Fix | | | Applying patch atp-patch-generic-4.6-1 to versions 4.6.0, 4.6.5, and 4.6.7 | source,-On%2Dpremise%20is) |
| Broadcom | Symantec Endpoint Detection and Response (EDR) On-premise | 4.6.8, 4.6.0, 4.65, 4.6.7 | | Fix | Fix | | | source |
| Broadcom | Symantec Endpoint Encryption (SEE) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Symantec Endpoint Protection (SEP) | | Not vuln | Not vuln | Not vuln | Not vuln | | source,-is%20not%20vulnerable) |
| Broadcom | Symantec Endpoint Protection (SEP) Agent | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Symantec Endpoint Protection (SEP) for Mobile | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Symantec Endpoint Protection Manager (SEPM) | 14.3 | | Fix | Fix | Not vuln | | source |
| Broadcom | Symantec Endpoint Security (SES) | | Investigation | Fix | | | The complete remediation was deployed on Dec 23 for CVE-2021-44228. | source |
| Broadcom | Symantec Identity Governance and Administration (IGA) | 14.2, 14.3, 14.4 | Not vuln | Workaround | | | | source |
| Broadcom | Symantec Mail Security for Microsoft Exchange (SMSMSE) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Symantec Messaging Gateway (SMG) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Symantec PGP Solutions | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Symantec Privileged Access Manager (PAM) | 3.4.6, 4.0, 4.0.1 | Not vuln | Fix | Fix | Not vuln | | source |
| Broadcom | Symantec Privileged Access Manager (PAM) Server Control | 14.1 | | Workaround | | | | source |
| Broadcom | Symantec Privileged Identity Manager (PIM) | 12.9.x, 14.0 | | Workaround | Workaround | | | source source |
| Broadcom | Symantec Protection Engine (SPE) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Symantec Protection for SharePoint Servers (SPSS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Symantec VIP | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Broadcom | Threat Defense for Active Directory (TDAD) | | Investigation | | | | | source |
| Broadcom | VIP | | Not vuln | Not vuln | Not vuln | Not vuln | | Broadcom Support Portal |
| Broadcom | VIP Authentication Hub | 1.0 2021.Nov.03 release | | Fix | | Not vuln | | source |
| Broadcom | Web Isolation (WI) | | | Investigation | | | | Broadcom Support Portal |
| Broadcom | Web Isolation (WI) Cloud | | Not vuln | Fix | | | | source |
| Broadcom | Web Isolation (WI) On-premises | | | Investigation | | | | source |
| Broadcom | Web Security Service (WSS) | | | Investigation | | | | Broadcom Support Portal |
| Broadcom | Web Security Service (WSS) Reporting | | Not vuln | Fix | | | | source%20Reporting,-CVE) |
| Broadcom | WebPulse | | | Investigation | | | | Broadcom Support Portal |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| Campbell Scientific | All | | | Not vuln | | | | link |
| Carrier | All | | | Not vuln | | | | link |
| CircleCI | All | | | | | | | link |
| C4b XPHONE | All | | | | | | | C4b XPHONE Link |
| Camunda | All | | | | | | | Camunda Forum Link |
| Canary Labs | All | | Not vuln | Not vuln | Not vuln | Not vuln | | Canary Labs Advisory Link |
| Canon | Applications integrated with Vitrea (iCAD, Invia, Medis, Mevis, Mirada, Olea and Tomtec) | | | Not vuln | | | | source |
| Canon | DR Products (CXDI_NE) | Omnera, Flexpro, Soltus and more | | Not vuln | | | | source |
| Canon | CT Medical Imaging Products | | | Not vuln | | | | source |
| Canon | Easy Viz | | | Not vuln | | | | source |
| Canon | Eye-Care Products | | | Not vuln | | | | source |
| Canon | MR Medical Imaging Products | | | Not vuln | | | | source |
| Canon | NM Medical Imaging Products | | | Not vuln | | | | source |
| Canon | Olea Sphere | | | Not vuln | | | | source |
| Canon | Rialto | 7.x | | Vulnerable | | | Contact customer support | source |
| Canon | Rialto Connect and Vault | | | Not vuln | | | | source |
| Canon | Solution Health (Cloud) | | | Not vuln | | | | source |
| Canon | Solution Health (On-Prem) | | | Vulnerable | | | Contact customer support | source |
| Canon | UL Medical Imaging Products | | | Not vuln | | | | source |
| Canon | Vitrea Advanced | 7.x | | Vulnerable | | | See source for mitigations | source |
| Canon | Vitrea Connection | 8.x | | Vulnerable | | | Contact customer support | source |
| Canon | Vitrea View | | | Not vuln | | | | source |
| Canon | VL Alphenix Angio Workstation (AWS) | | | Vulnerable | | | | source |
| Canon | VL Infinix-i and Alphenix DFP | | | Not vuln | | | | source |
| Canon | VL Infinix-i Angio Workstation (AWS) | | | Not vuln | | | | source |
| Canon | XR Medical Imaging Products | | | Not vuln | | | | source |
| Canon | Zillion | | | Not vuln | | | | source |
| CapStorm | Copystorm | | | Investigation | | | | |
| Carbon Black | Cloud Workload Appliance | | | Workaround | | | More information on pages linked bottom of blogpost (behind login) | source |
| Carbon Black | EDR Servers | | | Workaround | | | More information on pages linked bottom of blogpost (behind login) | source |
| CarbonBlack | All | | | | | | | CarbonBlack Advisory |
| CareStream | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| CAS genesisWorld | All | | | | | | | CAS genesisWorld Link |
| CaseWare | Cloud | All | Not vuln | Fix | | | | source |
| CaseWare | IDEA | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| CaseWare | WorkingPapers | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Catalogic | CloudCasa | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cato Networks | All | | | | | | | Cato Networks Blog Post |
| Cendio | ThinLinc | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cepheid | C360 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cepheid | GeneXpert | | | Investigation | | | | source |
| Cerberus | FTP | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cerberus FTP | All | | | | | | | Cerberus Article |
| Cerebrate | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cerebro | Elasticsearch Web Admin | All | Not vuln | Not vuln | Not vuln | Not vuln | Uses logback for logging | source |
| Chaser Systems | discrimiNAT Firewall | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Chatsworth Products | eConnect PDU | Not vuln | Not vuln | Not vuln | Not vuln | | https://user-images.githubusercontent.com/89155495/146845501-b2186f1b-ccce-4f3d-a2c3-373db2eed9f0.png | |
| Check Point | CloudGuard | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Check Point | Harmony Endpoint & Harmony Mobile | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Check Point | Infinity Portal | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Check Point | Quantum Security Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Check Point | Quantum Security Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Check Point | SMB | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Check Point | ThreatCloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| CheckMK | All | | | | | | | CheckMK Forum |
| Chef | Automate | All | Not vuln | Not vuln | Not vuln | Not vuln | | source) |
| Chef | Backend | All | Not vuln | Not vuln | Not vuln | Not vuln | | source) |
| Chef | Infra Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source) |
| Ciphermail | All | | | | | | | Ciphermail Blog Post |
| CIS | CAT Lite | 4.13.1 | | Fix | Fix | Fix | | source |
| CIS | CAT Pro Assessor v3 Full and Dissolvable | 3.0.78 | | Fix | Fix | Fix | | source |
| CIS | CAT Pro Assessor v4 | 4.13.1 | | Fix | Fix | Fix | | source |
| CIS | CAT Pro Assessor v4 Service | 1.13.1 | | Fix | Fix | Fix | | source |
| CIS | CAT Pro Dashboard | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| CIS | CSAT Pro | 1.7.2 | | Fix | Fix | Fix | | source |
| CIS | Hosted CSAT | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| CIS | WorkBench | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | ACI Multi-Site Orchestrator | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | ACI Virtual Edge | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Adaptive Security Appliance (ASA) Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Adaptive Security Device Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Adaptive Security virual Appliance (ASAv) | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Advanced Web Security Reporting Application | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | AireOS Wireless LAN Controllers | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Aironet 1560 Series Access Points | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Aironet 1810 Series OfficeExtend Access Points | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Aironet 1810w Series Access Points | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Aironet 1815 Series Access Points | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Aironet 1830 Series Access Points | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Aironet 1850 Series Access Points | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Aironet 2800 Series Access Points | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Aironet 3800 Series Access Points | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Aironet Access Points | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | AMP Virtual Private Cloud Appliance | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | AnyConnect Secure Mobility Client | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | AppDynamics | Multiple | Not vuln | Fix | Fix | Not vuln | See advisory for complete list of fixed versions per component | source |
| Cisco | AppDynamics with Cisco Secure Application | Multiple | Not vuln | Fix | Fix | Not vuln | | source |
| Cisco | Application Policy Infrastructure Controller (APIC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Application Policy Infrastructure Controller (APIC) - Network Insights Base App | 4.2(7r), 5.2(3g) | | Fix | Fix | Not vuln | | source |
| Cisco | Application Policy Infrastructure Controller Enterprise Module (APIC-EM) | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | ASR 5000 Series Routers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Automated Subsea Tuning | 2.1.0 | | Fix | Fix | Not vuln | | source |
| Cisco | Broadcloud Calling | | | Investigation | | | | source |
| Cisco | BroadWorks | 2021.11_1.162, ap381882 | | Fix | Fix | Not vuln | | source |
| Cisco | Business 100 and 200 Series Access Points | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Business 220 Series Smart Switches | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Business 250 Series Smart Switches | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Business 350 Series Managed Switches | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Business Dashboard | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Business Process Automation | 3.0.000.115, 3.1.000.044, 3.2.000.009 | | Fix | Fix | Not vuln | | source |
| Cisco | Business Wireless | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Call Studio | 11.6(2), 12.0(1), 12.5(1), 12.6(1) | | Fix | Fix | Not vuln | | source |
| Cisco | Catalyst 9100 Series Access Points | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Catalyst 9800 Series Wireless Controllers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | 220 Series Smart Plus Switches | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | 250 Series Smart Switches | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | 350 Series Series Managed Switches | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | 5000 Series Enterprise Network Compute system (ENCS) | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | 550 Series Stackable Managed Switches | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Cloud Connect | 12.6(1) | | Fix | Fix | Not vuln | | source |
| Cisco | Cloud Email Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Cloud Services Platform 2100 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Cloud Services Platform 5000 Series | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | CloudCenter | 4.10.0.16 | | Fix | Fix | Not vuln | Fixes should be available from 23 Dec 2021 | source |
| Cisco | CloudCenter Action Orchestrator | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | CloudCenter Cost Optimizer | 5.5.2 | | Fix | Fix | | | source |
| Cisco | CloudCenter Suite Admin | 5.3.1 | | Fix | Fix | | | source |
| Cisco | CloudCenter Workload Manager | 5.5.2 | | Fix | | | | source |
| Cisco | Cloudlock | All | | Fix | Fix | Not vuln | | source |
| Cisco | Cloudlock for Government | All | | Fix | Fix | Not vuln | | source |
| Cisco | Cognitive Intelligence | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Collaboration Experience Service (CES) | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Collaboration Experience Service Management (CESM) | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Common Services Platform Collector (CSPC) | 2.10.0, 2.9.1.3 | | Fix | Fix | Not vuln | | source |
| Cisco | Computer Telephony Integration Object Server (CTIOS) | | | Vulnerable | | | | source |
| Cisco | ConfD | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Connected Grid Device Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Connected Mobile Experiences (CMX) | 10.6.3-70, 10.6.3-105, 10.6.2-89, 10.4.1 | | Fix | Fix | Not vuln | | source |
| Cisco | Connectivity | | | Not vuln | | | | source |
| Cisco | Contact Center Domain Manager (CCDM) | 12.5(1) ES6, 12.6(1) ES3 | | Fix | Fix | Not vuln | | source |
| Cisco | Contact Center Management Portal (CCMP) | 12.5(1) ES6, 12.6(1) ES3 | | Fix | Fix | Not vuln | | source |
| Cisco | Container Platform | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Content Security Management Appliance (SMA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Crosswork Change Automation | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Crosswork Cloud | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Crosswork Data Gateway | 2.0.2, 3.0.1 | | Fix | Fix | Not vuln | | source |
| Cisco | Crosswork Health Insights | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Crosswork Network Controller | 2.0.1, 3.0.1 | | Fix | Fix | Not vuln | | source |
| Cisco | Crosswork Optimization Engine | 2.0.1, 3.0.1 | | Fix | Fix | Not vuln | | source |
| Cisco | Crosswork Platform Infrastructure | 4.0.1, 4.1.1 | | Fix | Fix | Not vuln | | source |
| Cisco | Crosswork Situation Manager | 8.0.0.8 | | Fix | Fix | Not vuln | | source |
| Cisco | Crosswork Service Health | All | | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Crosswork Zero Touch Provisioning (ZTP) | 2.0.1, 3.0.1 | | Fix | Fix | Not vuln | | source |
| Cisco | CX Cloud | All | | Fix | Fix | Not vuln | | source |
| Cisco | CX Cloud Agent Software | 1.12.2 | | Fix | Fix | Not vuln | | source |
| Cisco | Cyber Vision Sensor Management Extension | 4.0.3 | | Fix | Fix | Not vuln | | source |
| Cisco | Data Center Network Manager (DCNM) | 12.0(2d), 11.5(3), 11.5(2), 11.5(1), 11.4(1), 11.3(1) | | Vulnerable | Vulnerable | Not vuln | | source |
| Cisco | Defense Orchestrator | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | DNA Assurance | | | Investigation | | | | source |
| Cisco | DNA Center | 2.2.2.8, 2.1.2.8, 2.2.3.4 | | Fix | Fix | Not vuln | | source |
| Cisco | DNA Spaces | 2.5, 2.8.2, 2.11.0, 2.13.3 | Not vuln | Fix | | | | source |
| Cisco | DNA Spaces Connector | v2.0.588, v2.2.12 | | Fix | Fix | Not vuln | | source |
| Cisco | Duo | | Not vuln | Fix | | | | source |
| Cisco | duo network gateway (on-prem/self-hosted) | | | Investigation | | | | |
| Cisco | DUO network gateway (on-prem/self-hosted) | | | Investigation | | | | |
| Cisco | Duo Security for Government | All | | Fix | Fix | Not vuln | | source |
| Cisco | Elastic Services Controller (ESC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Email Security Appliance (ESA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Emergency Responder | 11.5(4)SU9, 11.5(4)SU10 | | Fix | Fix | Not vuln | | source |
| Cisco | Enterprise Chat and Email | 12.0(1), 12.5(1), 12.6(1) | | Fix | Fix | Not vuln | | source |
| Cisco | Enterprise NFV Infrastructure Software (NFVIS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | eSIM Flex | All | | Fix | Fix | Not vuln | | source |
| Cisco | Evolved Programmable Network Manager | 5.1.3.1 | | Fix | Fix | Not vuln | | source |
| Cisco | Evolved Programmable Network Manager | < 5.0.2.1, < 4.1.1.1 | | Vulnerable | Vulnerable | Not vuln | Fix should be available from 13 Jan 2022 | source |
| Cisco | Exony Virtualized Interaction Manager (VIM) | | | Investigation | | | | source |
| Cisco | Expressway Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Extensible Network Controller (XNC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Finesse | < 12.6(1)ES03 | | Vulnerable | | | | source |
| Cisco | Firepower 4100 Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Firepower 9300 Security Appliances | | | Investigation | | | | source |
| Cisco | Firepower Management Center | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Firepower Threat Defense (FTD) managed by FDM | 6.2.3 hotfix, 6.4.0 hotfix, 6.6.5 hotfix, 6.7.0 hotfix, 7.0.1 hotfix, 7.1.0 hotfix | | Fix | | | | source |
| Cisco | General Cisco Disclaimer | Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly | | | | | | |
| Cisco | GGSN Gateway GPRS Support Node | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Hosted Collaboration Mediation Fulfillment | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | HyperFlex System | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Identity Services Engine (ISE) | 2.4 hotfix, 2.6 hotfix, 2.7 hotfix, 3.0 hotfix, 3.1 hotfix | | Fix | | | Fix expected on Dec 17th | source |
| Cisco | Integrated Management Controller (IMC) Supervisor | 2.3.2.1 | | Fix | | | | source |
| Cisco | Intersight | | | Investigation | | | | source |
| Cisco | Intersight Virtual Appliance | | | Vulnerable | | | | source |
| Cisco | IOS and IOS XE Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | IOS XR Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | IoT Field Network Director (formerly Connected Grid Network Management System) | | | Investigation | | | | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 |
| Cisco | IoT Field Network Director (formerly Cisco Connected Grid Network Management System) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | IoT Operations Dashboard | | | Investigation | | | | source |
| Cisco | IOx Fog Director | | | Vulnerable | | | | source |
| Cisco | IP Services Gateway (IPSG) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Jabber Guest | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Kinetic for Cities | | | Investigation | | | | source |
| Cisco | Managed Services Accelerator (MSX) Network Access Control Service | | | Investigation | | | | source |
| Cisco | MDS 9000 Series Multilayer Switches | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Meeting Server | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Meraki GO | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Meraki MR | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Meraki MS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Meraki MT | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Meraki MV | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Meraki MX | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Meraki System Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Meraki Z-Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | MME Mobility Management Entity | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Mobility Services Engine | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Mobility Unified Reporting and Analytics System | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Modeling Labs | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Network Assessment (CNA) Tool | | | Investigation | | | | source |
| Cisco | Network Assurance Engine | | | Vulnerable | | | | source |
| Cisco | Network Convergence System 2000 Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Network Planner | | | Investigation | | | | source |
| Cisco | Network Services Orchestrator (NSO) | < nso-5.3.5.1, nso-5.4.5.2, nso-5.5.4.1, nso-5.6.3.1 | | Vulnerable | | | Fixes expected 17-Dec | source |
| Cisco | Nexus 3000 Series Switches | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Nexus 5500 Platform Switches | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Nexus 5600 Platform Switches | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Nexus 6000 Series Switches | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Nexus 7000 Series Switches | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Nexus 9000 Series Switches in standalone NX-OS mode | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Nexus Dashboard (formerly Application Services Engine) | | | Investigation | | | | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 |
| Cisco | Nexus Dashboard (formerly Cisco Application Services Engine) | <2.1.2 | | Vulnerable | | | Fixes expected 7-Jan-2022 | source |
| Cisco | Nexus Data Broker | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Nexus Insights | | | Investigation | | | | source |
| Cisco | Optical Network Planner | | | Investigation | | | | source |
| Cisco | Packaged Contact Center Enterprise | | | Vulnerable | | | | source |
| Cisco | Paging Server | | | Investigation | | | | source |
| Cisco | Paging Server (InformaCast) | | | Investigation | | | | source |
| Cisco | PDSN/HA Packet Data Serving Node and Home Agent | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | PGW Packet Data Network Gateway | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Policy Suite | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Access Registrar | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Cable Provisioning | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Central for Service Providers | | | Investigation | | | | source |
| Cisco | Prime Collaboration Assurance | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Collaboration Deployment | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Collaboration Manager | | | Investigation | | | | source |
| Cisco | Prime Collaboration Provisioning | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Infrastructure | | | Investigation | | | | source |
| Cisco | Prime IP Express | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime License Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Network | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Network Registrar | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Optical for Service Providers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Performance Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Provisioning | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Prime Service Catalog | | | Investigation | | | | source |
| Cisco | Registered Envelope Service | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | SD-WAN vEdge 1000 Series Routers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | SD-WAN vEdge 2000 Series Routers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | SD-WAN vEdge 5000 Series Routers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | SD-WAN vEdge Cloud Router Platform | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | SD-WAN vManage | | | Vulnerable | | | | source |
| Cisco | Secure Network Analytics (SNA), formerly Stealthwatch | | | Investigation | | | | source |
| Cisco | Security Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Smart Software Manager On-Prem | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | SocialMiner | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | System Architecture Evolution Gateway (SAEGW) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | TelePresence Management Suite | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | TelePresence Video Communication Server (VCS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Tetration Analytics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | UCS C-Series Rack Servers - Integrated Management Controller | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | UCS Central Software | 2.3.2.1 | | Fix | | | | source |
| Cisco | UCS Director | 6.8.2.0 | | Fix | | | | source |
| Cisco | UCS Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | UCS Performance Manager | | | Investigation | | | | source |
| Cisco | Ultra Packet Core | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Umbrella | | | Investigation | | | | source |
| Cisco | Unified Attendant Console Advanced | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Unified Attendant Console Business Edition | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Unified Attendant Console Department Edition | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Unified Attendant Console Enterprise Edition | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Unified Attendant Console Premium Edition | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Unified Communications Domain Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition | | | Vulnerable | | | | source |
| Cisco | Unified Communications Manager Cloud | | | Vulnerable | | | | source |
| Cisco | Unified Communications Manager IM & Presence Service (formerly CUPS) | | | Vulnerable | | | | source |
| Cisco | Unified Contact Center Enterprise | | | Vulnerable | | | | source |
| Cisco | Unified Contact Center Enterprise - Live Data server | | | Vulnerable | | | | source |
| Cisco | Unified Contact Center Express | | | Vulnerable | | | | source |
| Cisco | Unified Customer Voice Portal | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Unified Intelligence Center | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Unified Intelligent Contact Management Enterprise | | | Vulnerable | | | | source |
| Cisco | Unified SIP Proxy Software | | | Vulnerable | | | | source |
| Cisco | Unity Connection | | | Vulnerable | | | | source |
| Cisco | Unity Express | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Video Surveillance Media Server | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Video Surveillance Operations Manager | <7.14.4 | | Vulnerable | | | Fixes expected 16-Dec-2021 | source |
| Cisco | Virtual Topology System - Virtual Topology Controller (VTC) VM | | | Investigation | | | | source |
| Cisco | Virtualized Voice Browser | | | Investigation | | | | source |
| Cisco | Vision Dynamic Signage Director | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | WAN Automation Engine (WAE) | | | Vulnerable | | | | source |
| Cisco | Web Security Appliance (WSA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Webex App | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Webex Cloud-Connected UC (CCUC) | | | Vulnerable | | | | source |
| Cisco | Webex Meetings Server | CWMS-3.0MR4SP2, CWMS-4.0MR4SP2,CWMS-3.0MR4SP3, CWMS-4.0MR4SP3 | | Fix | | | Fixes expected 14-Dec-2021 | source |
| Cisco | Webex Room Phone | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Webex Teams | | | Investigation | | | | Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021 |
| Cisco | Wide Area Application Services (WAAS) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cisco | Wireless LAN Controller | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | ADC (NetScaler ADC) and Gateway (NetScaler Gateway) | All Platforms | Not vuln | Not vuln | Not vuln | Not vuln | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | Citrix Statement |
| Citrix | Analytics | | | Investigation | | | | source |
| Citrix | Application Delivery Management (NetScaler MAS) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | Cloud Connector | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | Connector Appliance for Cloud Services | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | Content Collaboration (ShareFile Integration) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | Content Collaboration (ShareFile Integration) – Files for Windows, Files for Mac, Files for Outlook | | Not vuln | Not vuln | Not vuln | Not vuln | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | Citrix Statement |
| Citrix | Endpoint Management ( XenMobile Server) | | Not vuln | Fix | | | For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised to apply the latest CEM rolling patch updates listed below as soon as possible to reduce the risk of exploitation. https://support.citrix.com/article/CTX335763 XenMobile Server 10.14 RP2; https://support.citrix.com/article/CTX335753 XenMobile Server 10.13 RP5; and https://support.citrix.com/article/CTX335785 XenMobile Server 10.12 RP10. Note: Customers who have upgraded their XenMobile Server to the updated versions are recommended not to apply the responder policy mentioned in the blog listed below to the Citrix ADC vserver in front of the XenMobile Server as it may impact the enrollment of Android devices. For CVE-2021-45105: Investigation in progress. | Citrix Statement |
| Citrix | Endpoint Management (XenMobile Server) | 10.12 RP10, 10.13 RP5 and 10.14 RP2 | Not vuln | Fix | Fix | Investigation | | source |
| Citrix | Files for Mac | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | Files for Outlook | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | Files for Windows | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | Hypervisor (XenServer) | | | Not vuln | | | | source |
| Citrix | License Server | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | NetScaler ADC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | NetScaler Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | SD-WAN | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | Sharefile | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | ShareFile Storage Zones Controller | | Not vuln | Not vuln | Not vuln | Not vuln | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | Citrix Statement |
| Citrix | Virtual Apps and Desktops (XenApp & XenDesktop) | Linux VDA 2112 | Not vuln | Fix | Investigation | | Impacted – Linux VDA (non-LTSR versions only), Not vulnerable: App Layering, Delivery Controller, Director, FAS, HDX, Profile Management, PVS, Session Recording, Storefront, Studio, Windows VDA, WEM | source |
| Citrix | Workspace | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Citrix | Workspace App | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Claris | All | | | | | | | Claris Article |
| Clavister | EasyAccess | <= 4.1.2 | Not vuln | Fix | | | | source |
| Clavister | InCenter | <= 1.68.03, 2.0.0 and 2.1.0 | Not vuln | Fix | | | | source |
| Clavister | InControl | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Clavister | NetShield | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Clavister | NetWall | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Clavister | OneConnect | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | AM2CM Tool | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | Ambari | Only versions 2.x, 1.x | | Vulnerable | | | | source |
| Cloudera | Arcadia Enterprise | Only version 7.1.x | | Vulnerable | | | | source |
| Cloudera | CDH, HDP, and HDF | Only version 6.x | | Vulnerable | | | | source |
| Cloudera | CDP Operational Database (COD) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | CDP Private Cloud Base | Only version 7.x | | Vulnerable | | | | source |
| Cloudera | CDS 3 Powered by Apache Spark | All | | Vulnerable | | | | source |
| Cloudera | CDS 3.2 for GPUs | All | | Vulnerable | | | | source |
| Cloudera | Cybersecurity Platform | All | | Vulnerable | | | | source |
| Cloudera | Data Analytics Studio (DAS) | | | Investigation | | | | source |
| Cloudera | Data Catalog | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | Data Engineering (CDE) | All | | Vulnerable | | | | source |
| Cloudera | Data Engineering (CDE) | | | Vulnerable | | | | source |
| Cloudera | Data Flow (CFM) | | | Vulnerable | | | | source |
| Cloudera | Data Lifecycle Manager (DLM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | Data Science Workbench (CDSW) | Only versions 2.x, 3.x | | Vulnerable | | | | source |
| Cloudera | Data Steward Studio (DSS) | All | | Vulnerable | | | | source |
| Cloudera | Data Visualization (CDV) | | | Vulnerable | | | | source |
| Cloudera | Data Warehouse (CDW) | All | | Vulnerable | | | | source |
| Cloudera | Data Warehouse (CDW) | | | Vulnerable | | | | source |
| Cloudera | DataFlow (CDF) | | | Vulnerable | | | | source |
| Cloudera | Edge Management (CEM) | All | | Vulnerable | | | | source |
| Cloudera | Enterprise | Only version 6.x | | Vulnerable | | | | source |
| Cloudera | Flow Management (CFM) | All | | Vulnerable | | | | source |
| Cloudera | Hortonworks Data Flow (HDF) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | Hortonworks Data Platform (HDP) | Only versions 7.1.x, 2.7.x, 2.6.x | | Vulnerable | | | | source |
| Cloudera | Hortonworks DataPlane Platform | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | Machine Learning (CML) | All | | Vulnerable | | | | source |
| Cloudera | Machine Learning (CML) | | | Vulnerable | | | | source |
| Cloudera | Management Console | All | | Vulnerable | | | | source |
| Cloudera | Management Console for CDP Public Cloud | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) | All | | Vulnerable | | | | source |
| Cloudera | Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) | Only versions 7.0.x, 7.1.x, 7.2.x | | Vulnerable | | | | source |
| Cloudera | Manager (Including Backup Disaster Recovery (BDR)) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | Replication Manager | | | Vulnerable | | | | source |
| Cloudera | Runtime (including Data Hub and all Data Hub templates) | Only versions 7.0.x, 7.1.x, 7.2.x | | Vulnerable | | | | source |
| Cloudera | SmartSense | | | Investigation | | | | source |
| Cloudera | Stream Processing (CSP) | All | | Vulnerable | | | | source |
| Cloudera | Streaming Analytics (CSA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | Streaming Analytics (CSA) | | | Vulnerable | | | | source |
| Cloudera | Workload Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cloudera | Workload XM | All | | Vulnerable | | | | source |
| Cloudera | Workload XM (SaaS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| CloudFlare | All | | | | | | | CloudFlare Blog Post |
| Cloudian HyperStore | All | | | | | | | Cloudian Article |
| Cloudogu | Ecosystem | All | Not vuln | Fix | | | | Cloudogu Community |
| Cloudogu | SCM-Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | SCM-Manager Blog |
| Cloudron | All | | | | | | | Cloudron Forum |
| Clover | All | | | | | | | Clover Article |
| Cockroach Labs | CockroachDB | - | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Code42 | App | 8.8.1 | Not vuln | Fix | | | | Code42 Release Notification |
| Code42 | Crashplan | 8.8, possibly prior versions | Not vuln | Fix | | | I think, they don't specify in the notice, but we know that they released an updated Crashplan client. Possibly prior versions affected. | Code42 Release Notification |
| CodeBeamer | All | | | | | | | CodeBeamer Link |
| CODESYS | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cohesity | All | | | | | | | Cohesity Support Link |
| Commvault | Cloud Apps & Oracle & MS-SQL | All supported versions | Not vuln | Fix | | | | source |
| Compumatica | CompuMail Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Compumatica | Compuwall | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Compumatica | CryptoGuard | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Compumatica | MagiCtwin | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Compumatica | MASC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Concourse | All | | Not vuln | Not vuln | Not vuln | Not vuln | | Concourse Community Discussion |
| ConcreteCMS.com | All | | | | | | | ConcreteCMS.com Link |
| Confluent | Cloud | | Not vuln | Fix | | | server-side fix | source |
| Confluent | Community Platform | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Confluent | Community/Standalone Package of ksqlDB | | Not vuln | Not vuln | Not vuln | Not vuln | No exploitable conditions found, working on package without log4j2 | source |
| Confluent | Connectors | see link | Not vuln | Fix | | | List of vulnerable connectors available at Confluent | source |
| Confluent | ElasticSearch Sink Connector | <11.1.7 | Not vuln | Fix | | | | December 2021 Log4j Vulnerabilities Advisory |
| Confluent | for Kubernetes | 2.1.0-1 and 2.2.0-1 | Not vuln | Fix | | | Only applicable to confluent-init-container | source |
| Confluent | Google DataProc Sink Connector | <1.1.5 | Not vuln | Fix | | | | December 2021 Log4j Vulnerabilities Advisory |
| Confluent | HDFS 2 Sink Connector | <10.1.3 | Not vuln | Fix | | | | December 2021 Log4j Vulnerabilities Advisory |
| Confluent | HDFS 3 Sink Connector | <1.1.8 | | Vulnerable | | | | December 2021 Log4j Vulnerabilities Advisory |
| Confluent | Kafka Connectors | | Not vuln | Not vuln | Not vuln | Not vuln | | December 2021 Log4j Vulnerabilities Advisory |
| Confluent | Platform | 7.0.1 | Not vuln | Fix | | | | source |
| Confluent | Splunk Sink Connector | <2.05 | Not vuln | Fix | | | | December 2021 Log4j Vulnerabilities Advisory |
| Confluent | VMWare Tanzu GemFire Sink Connector | <1.0.8 | Not vuln | Fix | | | | December 2021 Log4j Vulnerabilities Advisory |
| Connect2id | server | < 12.5.1 | Not vuln | Fix | | | | source |
| Connectwise | Global search capability of Manage Cloud | | | Workaround | | | | source |
| Connectwise | Manage on-premise's Global Search | | | Workaround | | | | source |
| Connectwise | Marketplace | | | Workaround | | | | source |
| Connectwise | Perch | | Not vuln | Fix | | | | source |
| Connectwise | StratoZen | | | Workaround | | | Urgent action for self-hosted versions | source |
| Contrast | Hosted SaaS Enviroments | All | Not vuln | Fix | | | | source |
| Contrast | Java Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Contrast | On-premises (EOP) Environments | All | Not vuln | Fix | | | | source |
| Contrast | Scan | All | Not vuln | Fix | | | | source |
| ContrastSecurity | All | | | | | | | ContrastSecurity Article |
| ControlUp | All | All | Not vuln | Fix | | | | source |
| Copadata | Zenon product family | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Coralogix | All | | Not vuln | Fix | | | | source |
| Couchbase | ElasticSearch connector | < 4.3.3 & < 4.2.13 | Not vuln | Fix | | | | source |
| Coveo | On-Premises Crawling Module | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Coveo | Platform (hosted services) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| cPanel | All | | | Workaround | | | | source |
| Cradlepoint | All | | | | | | | Cradlepoint |
| Crestron | All | | Not vuln | Not vuln | Not vuln | Not vuln | | Crestron Advisory |
| CrushFTP | All | | | | | | | CrushFTP Link |
| Cryptshare | .NET API | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cryptshare | for Notes | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cryptshare | for NTA 7516 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cryptshare | for Outlook | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cryptshare | Java API | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cryptshare | Robot | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cryptshare | Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cyberark | Cloud Entitlements Manager | | | Not vuln | | | | source |
| Cyberark | Endpoint Privilege Manager (EPM) - Agents | | | Not vuln | | | | source |
| Cyberark | Endpoint Privilege Manager (EPM) - EPM Server (On-Premise) | | | Not vuln | | | | source |
| Cyberark | Endpoint Privilege Manager (EPM) - Service (SaaS) | | | Not vuln | | | | source |
| Cyberark | HTML5 Gateway | | | Not vuln | | | | source |
| Cyberark | Identity - Mobile App | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cyberark | Identity - On-Premise Components | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cyberark | Identity - Secure Web Sessions (SWS) | | Not vuln | Fix | | | | source |
| Cyberark | Identity - Service (SaaS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cyberark | Legacy Sensitive Information Management (SIM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cyberark | Marketplace components - Certified and Trusted Marketplace Components | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cyberark | Marketplace components - CPM Plugins | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cyberark | Marketplace components - PSM Connection Components | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cyberark | On-Demand Privileges Manager (OPM) | | | Not vuln | | | | source |
| Cyberark | PAS Self Hosted (Vault, PVWA, CPM, PSM, PSMP) | | | Not vuln | | | | source |
| Cyberark | Privilege Cloud - On-Premise Components | | | Not vuln | | | | source |
| Cyberark | Privilege Cloud - Service (SaaS) | | Not vuln | Fix | | | Mitigation applied. No further action required by customers | source |
| Cyberark | Privileged Threat Analytics (PTA) | | Not vuln | Workaround | | | | source workaround |
| Cyberark | Remote Access (Alero) - Connector | | Not vuln | Fix | | | | source |
| Cyberark | Remote Access (Alero) - Mobile App | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cyberark | Remote Access (Alero) - Service (SaaS) | | Not vuln | Fix | | | Mitigation applied. No further action required by customers | source |
| Cyberark | Secrets Manager Conjur Enterprise | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cyberark | Secrets Manager Credential Providers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Cybereason | All Cybereason products | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| CyberRes | All | | | | | | | CyberRes Community Link |
| Cydar Medical | EV system | | | Not Vuln | | | | source |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| Daktronics | All Sport Pro | | | | | | | link |
| Daktronics | Dakronics Media Player | | | Not vuln | | | | link |
| Daktronics | Dakronics Web Player | DWP-1000 | | Vulnerable | | | DWP-1000 is not present in our codebase, but awaiting confirmation from LG re webOS platform. | link |
| Daktronics | Data Vision Software (DVS) | | | | | | DVS has one microservice that uses Log4j, but it uses a version that is not impacted. | link |
| Daktronics | Dynamic Messaging System (DMS) | | | | | | | link |
| Daktronics | Dynamic Messaging System - DMS Core Player | | | Not vuln | | | | link |
| Daktronics | Dynamic Messaging System - DMS Player hardware | | | Not vuln | | | | link |
| Daktronics | Dynamic Messaging System - DMS Web Player | | | | | | DMS Web Player not present in our codebase, but awaiting confirmation from LG re webOS platform. | link |
| Daktronics | IBoot - Dataprobe IBoot Devices | | | Not vuln | | | | link |
| Daktronics | Outdoor Smartlink Devices | | | Not vuln | | | | link |
| Daktronics | Routers - Cisco Meraki Z3/Z3c Routers | | | Not vuln | | | | link |
| Daktronics | Routers - Cisco Z1 Routers | | | Not vuln | | | | link |
| Daktronics | Routers - Sierra Wireless RV50x/RV50 | A-3350704 | | Vulnerable | | | | link |
| Daktronics | Show Control System (SCS) | | | | | | | link |
| Daktronics | Vanguard | | | | | | | link |
| Daktronics | Venus 1500 | | | | | | | link |
| Daktronics | Venus Control Suite (VCS) | | | | | | | link |
| Daktronics | Video Image Processors | | | Not vuln | | | | link |
| Daktronics | Webcam - Mobotix | | | Not vuln | | | | link |
| Digital Alert Systems | All | | | | | | Formerly Monroe Electronics, Inc. | link |
| DarkTrace | All | | | | | | | DarkTrace Customer Portal |
| Dassault Systèmes | All | | | | | | | Dassault Systemes Link |
| Databricks | All | | | | | | | Databricks Google Doc |
| Datadog | Agent | >=6.17.0, <=6.32.2, >=7.17.0, <=7.32.2 | Not vuln | Fix | | | | Datadog Log4j Vulnerability Update |
| DatadogHQ | Datadog Agent | 6 < 6.32.3, 7 < 7.32.3 | Not vuln | Fix | | | JMX monitoring component leverages an impacted version of log4j | source |
| DatadogHQ | datadog-kafka-connect-logs | < 1.0.2 | Not vuln | Fix | | | Version 1.0.2 of the library uses version 2.16.0 of Log4j. | source |
| DatadogHQ | datadog-lambda-java | < 0.3.3 or < 1.4.0 | Not vuln | Fix | | | following AWS’s recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). | source |
| Dataminer | All | | | | | | | Dataminer Community Link |
| DataNet Quality Systems | WinSPC | | Not vuln | Not vuln | Not vuln | Not vuln | Note: this is not WinSCP. This is a Statistical Process Control software. | |
| Datev | DATEV Mittelstand Faktura and DATEV Mittelstand Faktura mit Rechnungswesen compact | | Not vuln | Fix | | | German source | source |
| Datev | DATEV Wages and Salaries compact | | Not vuln | Fix | | | German source | source |
| Datev | DATEV-SmartIT | | Not vuln | Fix | | | German source | source |
| Datev | DATEVasp | | Not vuln | Fix | | | German source | source |
| Datev | Jasper Reports | | Not vuln | Fix | | | German source | source |
| Datev | Lawyer's mailbox | | Not vuln | Fix | | | German source | source |
| Datto | All Datto products | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| DBeaver | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| dCache.org | All | | | | | | | dCache.org Link |
| Debian | Apache-log4j.1.2 | stretch, buster, bullseye | Not vuln | Fix | | | | source |
| Debian | Apache-log4j2 | stretch, buster, bullseye | Not vuln | Fix | | | | source |
| Decos | Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | |
| Decos | EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online | All | Not vuln | Not vuln | Not vuln | Not vuln | | |
| Decos | Fixi | All | Not vuln | Not vuln | Not vuln | Not vuln | | |
| Decos | Integrations (StUF/ZGW/Doclogic-DataIntegrator) | All | Not vuln | Not vuln | Not vuln | Not vuln | | |
| Decos | JOIN Klant Contact | All | Not vuln | Not vuln | Not vuln | Not vuln | | |
| Decos | JOIN Zaak & Document (on-premise) | All | Not vuln | Workaround | | | The solution contains Elasticsearch (vulnerable). Mitigating actions available on our WIKI | source |
| Decos | JOIN Zaak & Document (Private Cloud) | All | Not vuln | Fix | | | The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). Mitigating actions taken | source |
| Deepinstinct | All | | | | | | | Deepinstinct Link |
| Dell | Alienware Command Center | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Alienware OC Controls | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Alienware On Screen Display | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Alienware Update | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | APEX Console | | Not vuln | Fix | Fix | Vulnerable | Cloud environment patched | source |
| Dell | APEX Data Storage Services | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Cloud environment patch in progress | source |
| Dell | Atmos | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Avamar vproxy | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Azure Stack HCI | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | BSAFE Crypto-C Micro Edition | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | BSAFE Crypto-J | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | BSAFE Micro Edition Suite | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Calibration Assistant | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | CalMAN Powered Calibration Firmware | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | CalMAN Ready for Dell | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Centera | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Chameleon Linux Based Diagnostics | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Chassis Management Controller (CMC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | China HDD Deluxe | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Cinema Color | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, XPS, Vostro, ChengMing) BIOS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Cloud Command Repository Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Cloud IQ | | Not vuln | Fix | Fix | Vulnerable | Cloud environment patched | source |
| Dell | Cloud Management Agent | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Cloud Mobility for Dell EMC Storage | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Cloud Tiering Appliance | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Color Management | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Command Configure | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Command Integration Suite for System Center | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Command Intel vPro Out of Band | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Command Monitor | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Command Power Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Command PowerShell Provider | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Command Update | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Common Event Enabler | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Connectrix (Cisco MDS 9000 switches) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Connectrix (Cisco MDS DCNM) | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch expected by 12/23/21 | source |
| Dell | Connectrix B-Series SANnav | 2.1.1 | Not vuln | Workaround | Workaround | Vulnerable | https://www.dell.com/support/kbdoc/nl-nl/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228 See DSA-2021-266 | source |
| Dell | Connextrix B Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Customer Connect | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | CyberSecIQ Application | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | CyberSense for PowerProtect Cyber Recovery | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Data Domain OS | 7.3.0.5 to 7.7.0.6, 7.6.0.5 to 7.6.0.20, 7.3.0.5 to 7.7.0.6 | Not vuln | Workaround | Workaround | Vulnerable | See DSA-2021-274 | source |
| Dell | Data Guardian* | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Data Protection* | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Data Recovery Environment | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Data Vault | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Data Vault for Chrome OS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerMax VMAX VMAX3 and VMAX AFA | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | EMC PowerSwitch Z9264F-ON BMC EMC PowerSwitch Z9432F-ON BMC | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | Deployment Agent | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Digital Delivery | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Direct USB Key | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Display Manager 1.5 for Windows / macOS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Display Manager 2.0 for Windows / macOS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Dream Catcher | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | DUP Creation Service | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | DUP Framework (ISG) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Embedded NAS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Embedded Service Enabler | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC AppSync | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Avamar | 18.2, 19.1, 19.2, 19.3, 19.4 | Not vuln | Workaround | Workaround | Vulnerable | https://www.dell.com/support/kbdoc/nl-nl/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228 See DSA-2021-277 | source |
| Dell | EMC BSN Controller Node | | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | EMC Cloud Disaster Recovery | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch pending | source |
| Dell | EMC Cloudboost | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC CloudLink | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Container Storage Modules | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Data Computing Appliance (DCA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Data Protection Advisor | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Data Protection Central | Versions before 19.5.0.7 | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | EMC Data Protection Search | Versions before 19.6 | Not vuln | Fix/Workaround | Fix/Workaround | Vulnerable | TBD (link will be updated when it becomes available) | source |
| Dell | EMC DataIQ | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Disk Library for Mainframe | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC ECS | 3.3.x, 3.4.x, 3.5.x, and 3.6.x | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | EMC Enterprise Storage Analytics for vRealize Operations | Versions before 6.0.0, Version 6.1.0, Versions 6.2.x | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | EMC GeoDrive | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Integrated System for Azure Stack HCI | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Refer to DSA for product updates | source |
| Dell | EMC Integrated System for Microsoft Azure Stack Hub | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch pending | source |
| Dell | EMC Isilon InsightIQ | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC License Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Metro Node | Metro Node OS 7.0.x | Not vuln | Workaround | Workaround | Vulnerable | | source |
| Dell | EMC NetWorker | 19.3.x, 19.4.x, 19.5.x | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch expected by 12/20/21 | source |
| Dell | EMC NetWorker Server | 19.5.x 19.4.x 19.3.x | | Vulnerable | | | Patch expected by 12/20/21 | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | EMC NetWorker VE | 19.3.x, 19.4.x, 19.5.x | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch expected by 12/20/21 | source |
| Dell | EMC NetWorker Virtual Edition | 19.5.x 19.4.x 19.3.x | | Vulnerable | | | Patch expected by 12/20/21 | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | EMC Networking Onie | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Networking Virtual Edge Platform with VersaOS | | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | EMC OpenManage Ansible Modules | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC OpenManage Enterprise Services | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch expected by 12/20/21 | source |
| Dell | EMC OpenManage integration for Splunk | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC OpenManage Integration for VMware vCenter | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC OpenManage Management pack for vRealize Operations | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC OpenManage Operations Connector for Micro Focus Operations Bridge Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerFlex Appliance | | Not vuln | Workaround | Workaround | Vulnerable | https://www.dell.com/support/kbdoc/nl-nl/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228 See DSA-2021-293 | source |
| Dell | EMC PowerFlex Rack | RCM 3.3 train: all versions up to 3.3.11.0, RCM 3.4 train: all versions up to 3.4.6.0, RCM 3.5 train: all versions up to 3.5.6.0, RCM 3.6 train: all versions up to 3.6.2.0 | Not vuln | Workaround | Workaround | Vulnerable | | source |
| Dell | EMC PowerFlex Software (SDS) | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4, 3.6, 3.6.0.1, 3.6.0.2 | Not vuln | Workaround | Workaround | Vulnerable | https://www.dell.com/support/kbdoc/nl-nl/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228 See DSA-2021-272 | source |
| Dell | EMC PowerMax, VMAX, VMAX3, and VMAX AFA | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerPath | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerPath Management Appliance | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerProtect Cyber Recovery | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerProtect Data Manager | All versions 19.9 and earlier | Not vuln | Workaround | Workaround | Vulnerable | | source |
| Dell | EMC PowerProtect DP Series Appliance (iDPA) | 2.7.0 and earlier | Not vuln | Workaround | Workaround | Vulnerable | | source |
| Dell | EMC PowerScale OneFS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerShell for PowerMax | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerShell for Powerstore | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerShell for Unity | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerStore | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch expected by 12/23/21 | source |
| Dell | EMC PowerSwitch Z9264F-ON BMC, Dell EMC PowerSwitch Z9432F-ON BMC | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC PowerVault MD3 Series Storage Arrays | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | EMC PowerVault ME4 Series Storage Arrays | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC RecoverPoint | All 5.0.x and later versions, All 5.1.x and later versions | Not vuln | Workaround | Workaround | Vulnerable | | source |
| Dell | EMC RecoverPoint Classic | All 5.1.x and later versions | | Vulnerable | | | Patch pending | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | EMC RecoverPoint for Virtual Machine | All 5.0.x and later versions | | Vulnerable | | | Patch pending | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | EMC Repository Manager (DRM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Ruckus SmartZone 100 Controller | | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | EMC Ruckus SmartZone 300 Controller | | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | EMC Ruckus Virtual Software | | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | EMC SourceOne | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC SRM vApp | Versions before 4.6.0.2 | Not vuln | Workaround | Workaround | Vulnerable | Patch expected by 1/25/2022 | source |
| Dell | EMC Streaming Data Platform | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch expected by 12/18/21 | source |
| Dell | EMC Systems Update (DSU) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Unisphere 360 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC Unity | | Not vuln | Workaround | Workaround | Workaround | Dell Artikelnummer: 000194826, DSA-2021-294 | source |
| Dell | EMC Virtual Storage Integrator | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC VPLEX | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | EMC VxRail | 4.5.x versions, 4.7.x versions, 7.0.x versions | Not vuln | Workaround | Workaround | Vulnerable | | source |
| Dell | EMC XC | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch pending | source |
| Dell | EMC XtremIO | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Encryption Enterprise* | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Encryption Personal* | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Endpoint Security Suite Enterprise* | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Enterprise Hybrid Cloud | 4.1.2 | Not vuln | Not vuln | Not vuln | Not vuln | Refer to DSA for product updates | source |
| Dell | Equallogic PS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Fluid FS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Hybrid Client | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | iDRAC Service Module (iSM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | ImageAssist | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Infinity MLK (firmware) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Insights Client | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Integrated Dell Remote Access Controller (iDRAC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | ISG Accelerators | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | ISG Board & Electrical | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | ISG Comms | | Not vuln | Investigation | Investigation | Investigation | | source |
| Dell | ISG Memory | | Not vuln | Investigation | Investigation | Investigation | | source |
| Dell | IsilonSD Management Server | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | IVE-WinDiag | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Linux Assistant | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Mainframe Enablers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | MDS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Mobile Connect | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Monitor ISP (Windows/Mac/Linux) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Monitor SDK | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | My Dell | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | My Dell Mobile | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | MyDell Mobile | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | NetWorker Management Console | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Networking BIOS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Networking DIAG | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Networking N-Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Networking OS 10 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Networking OS 9 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Networking OS9 | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | Networking SD-WAN Edge SD-WAN | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Networking W-Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Networking X-Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | OMIMSSC (OpenManage Integration for Microsoft System Center) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | OMNIA | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Open Manage Mobile | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Open Manage Server Administrator | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Open Management Enterprise - Modular | Versions before 1.40.10 | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | OpenManage Change Management | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | OpenManage Connections - Nagios | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | OpenManage Connections - ServiceNow | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | OpenManage Connections-Nagios | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | OpenManage Connections-ServiceNow | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | OpenManage Enterprise | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch expected by 12/19/21 | source |
| Dell | OpenManage Enterprise Power Manager Plugin | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | OpenManage Essentials | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | OpenManage Integration for Microsoft System Center for System Center Operations Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | OpenManage Integration with Microsoft Windows Admin Center | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | OpenManage Network Integration | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Optimizer | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | OS Recovery Tool | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Peripheral Manager 1.4 / 1.5 for Windows | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | Peripheral Manager 1.4/1.5 for Windows | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Platform Service | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Power Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Power Manager Lite | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | PowerConnect N3200 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | PowerConnect PC2800 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | PowerConnect PC8100 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | PowerEdge BIOS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | PowerEdge Operating Systems | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | PowerTools Agent | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | PPDM Kubernetes cProxy | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | PPDM VMware vProxy | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Precision Optimizer | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Precision Optimizer for Linux | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Premier Color | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Recovery (Linux) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Redtail | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Remediation Platform | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Remote Execution Engine (DRONE) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Remotely Anywhere | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Riptide (firmware) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Rugged Control Center (RCC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | SD ROM Utility | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | SDNAS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Secure Connect Gateway (SCG) Appliance | 5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD) | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | Secure Connect Gateway (SCG) Policy Manager | 5.00.00.10, 5.00.05.10 | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | Security Advisory Update - DSA-2021-088 | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | Security Advisory Update-DSA-2021-088 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Security Management Server & Security Management Server Virtual* | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | Security Management Server & Dell Security Management Server Virtual* | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Server Storage | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Smart Fabric Storage Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | SmartByte | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | SMI-S | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Software RAID | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Solutions Enabler | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Solutions Enabler vApp | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Sonic | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | SRS Policy Manager | 7.0 | Not vuln | Workaround | Workaround | Vulnerable | | source |
| Dell | SRS VE | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Storage Center - Dell Storage Manager | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch pending | source |
| Dell | Storage Center OS and additional SC applications unless otherwise noted | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | SupportAssist Client Commercial | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | SupportAssist Client Consumer | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | SupportAssist Enterprise | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch expected by 12/23/21 | source |
| Dell | SupportAssist SOS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Thin OS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Threat Defense | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | True Color | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Trusted Device | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | UCC Edge | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Unisphere Central | | Not vuln | Vulnerable | Vulnerable | Vulnerable | Patch expected by 1/10/2022 | source |
| Dell | Unisphere for PowerMax | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Unisphere for PowerMax vApp | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Unisphere for VMAX | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Unisphere for VNX | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Update | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Update Manager Plugin | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Vblock | | Not vuln | Vulnerable | Vulnerable | Vulnerable | https://support-dellemc-com.secure.force.com/ See vce6771 (requires customer login) | source |
| Dell | ViPR Controller | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | VMware vRealize Automation 8.x | 8.2 8.3 8.4 8.5 and 8.6 | | Vulnerable | | | Patch expected by 12/19/21 | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | VMware vRealize Orchestrator 8.x | 8.2 8.3 8.4 8.5 and 8.6 | | Vulnerable | | | Patch expected by 12/19/21 | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | VNX Control Station | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | VNX1 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | VNX2 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | VNXe 1600 | Versions 3.1.16.10220572 and earlier | Not vuln | Workaround | Workaround | Vulnerable | | source |
| Dell | VNXe 3200 | Version 3.1.15.10216415 and earlier | Not vuln | Workaround | Workaround | Vulnerable | | source |
| Dell | VPLEX VS2/VS6 / VPLEX Witness | | Not vuln | Not vuln | Not vuln | Not vuln | | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | VPLEX VS2/VS6/VPLEX Witness | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | vRealize Data Protection Extension Data Management | version 19.6, version 19.7, version 19.8, and version 19.9 | Not vuln | Fix/Workaround | Fix/Workaround | Vulnerable | | source |
| Dell | vRealize Data Protection Extension for vRealize Automation (vRA) 8.x | version 19.6 version 19.7 version 19.8 and version 19.9 | Not vuln | Fix | | | Patch expected by 12/19/21 | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage | Version 1.2.3 or earlier, Version 1.1.0 or earlier, Version 1.1.4 or earlier, Version 1.0.7 or earlier, Version 4.1.2 or earlier | Not vuln | Fix/Workaround | Fix/Workaround | Vulnerable | | source |
| Dell | vRO Plugin for Dell EMC PowerMax | Version 1.2.3 or earlier | Not vuln | Fix | | | See DSA-2021-300 | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | vRO Plugin for Dell EMC PowerScale | Version 1.1.0 or earlier | Not vuln | Fix | | | See DSA-2021-300 | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | vRO Plugin for Dell EMC PowerStore | Version 1.1.4 or earlier | | Vulnerable | | | See DSA-2021-300 | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | vRO Plugin for Dell EMC Unity | Version 1.0.6 or earlier | | Vulnerable | | | See DSA-2021-300 | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | vRO Plugin for Dell EMC XtremIO | Version 4.1.2 or earlier | | Vulnerable | | | See DSA-2021-300 | Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) |
| Dell | Vsan Ready Nodes | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | VxBlock | | Not vuln | Vulnerable | Vulnerable | Vulnerable | https://support-dellemc-com.secure.force.com/ See vce6771 (requires customer login) | source |
| Dell | Warnado MLK (firmware) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Wyse Management Suite | Version 3.5 and earlier | Not vuln | Fix | Fix | Vulnerable | | source |
| Dell | Wyse Proprietary OS (ThinOS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dell | Wyse Windows Embedded Suite | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Deltares | Delft-FEWS | >2018.02 | Not vuln | Fix | | | Mitigations Only | Deltares Advisory |
| Denequa | All | | | | | | | Denequa Link |
| Device42 | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Devolutions | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Diebold Nixdorf | All | | | | | | | Diebold Nixdorf Link |
| Digi International | AnywhereUSB Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | ARMT | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Aview | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | AVWOB | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | CTEK G6200 family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | CTEK SkyCloud | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | CTEK Z45 family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi 54xx family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi 63xx family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi AnywhereUSB (G2) family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi AnywhereUSB Plus family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Connect EZ family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Connect family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Connect IT family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Connect Sensor family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Connect WS family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi ConnectPort family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi ConnectPort LTS family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Embedded Android | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Embedded Yocto | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi EX routers | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi IX routers | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi LR54 | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Navigator | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi One family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Passport family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi PortServer TS family | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Remote Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi TX routers | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi WR11 | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi WR21 | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi WR31 | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi WR44R/RR | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi WR54 | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi WR64 | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Digi Xbee mobile app | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Lighthouse | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Realport | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digi International | Remote Hub Config Utility | | Not vuln | Not vuln | Not vuln | Not vuln | | Digi International Advisory Link |
| Digicert | All | | | | | | | Digicert Link |
| Digital AI | All | | | | | | | Digital AI Article |
| DirectAdmin | All | | Not vuln | Not vuln | Not vuln | Not vuln | Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. | source |
| DNSFilter | All | | | | | | | DNSFilter Blog Post |
| Docker | infrastructure | | Not vuln | Not vuln | Not vuln | Not vuln | Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. | source |
| Docusign | All | | | | | | | Docusign Alert |
| DotCMS | Hybrid Content Management System | | Not vuln | Fix | | | | source |
| Dräger | All Medical Devices | | | Not vuln | | | | source |
| Draytek | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source/) |
| Dropwizard | All | | Not vuln | Not vuln | Not vuln | Not vuln | Only vulnerable if you manually added Log4j | source |
| DSpace | All | | | | | | | DSpace Google Group |
| Dynatrace | ActiveGate | | Not vuln | Not vuln | Not vuln | Not vuln | | Official Dynatrace Communication |
| Dynatrace | ActiveGates | 1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926 | Not vuln | Fix | | | | source |
| Dynatrace | Cloud Services | | Not vuln | Fix | | | | source |
| Dynatrace | Extensions | | Not vuln | Fix | | | Please see Dynatrace Communication for details | Official Dynatrace Communication |
| Dynatrace | FedRamp SAAS | | Not vuln | Fix | | | | Official Dynatrace Communication |
| Dynatrace | Managed cluster nodes | | Not vuln | Not vuln | Not vuln | Not vuln | Please see Dynatrace Communication for details | Official Dynatrace Communication |
| Dynatrace | OneAgent | | Not vuln | Not vuln | Not vuln | Not vuln | | Official Dynatrace Communication |
| Dynatrace | SAAS | | Not vuln | Fix | | | | Official Dynatrace Communication |
| Dynatrace | Synthetic Private ActiveGate | | Not vuln | Fix | | | Please see Dynatrace Communication for details | Official Dynatrace Communication |
| Dynatrace | Synthetic public locations | | Not vuln | Fix | | | | Official Dynatrace Communication |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| EAL | ATS Classic | All | | Not vuln | | | | |
| EasyRedmine | All | | | | | | | EasyRedmine News |
| Eaton | Power Protector | 1.68 | | Fix | | | | source |
| Eaton | Undisclosed | Undisclosed | | Vulnerable | | | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | Security Bulletin |
| EclecticIQ | TIP | < 2.11 | | Vulnerable | | | The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation. see link in their own fix for Logstash (Support account needed, ongoing investigation) | source/fix |
| Eclipse Foundation | All | | | | | | | Eclipse Foundation Wiki) |
| Edwards | All | | | Not Vuln | | | | source |
| EFI | All | | | | | | | EFI Link |
| eG Innovations | eG Enterprise | 7.1.8-7.1.9 | | Not vuln | | | Patch to Remove old log4j | source |
| EGroupware | All | | | | | | | EGroupware Link |
| Elastic | Agent | | | Not vuln | | | | source |
| Elastic | APM Java Agent | 1.17.0-1.28.0 | Not vuln | Workaround | | | Only vulnerable with specific configuration | source |
| Elastic | APM Server | | | Not vuln | | | | source |
| Elastic | Beats | | | Not vuln | | | | source |
| Elastic | Cloud | | | Not vuln | | | | source |
| Elastic | Cloud Enterprise | | | Not vuln | | | | source |
| Elastic | Cloud on Kubernetes | | | Not vuln | | | | source |
| Elastic | Cmd | | | Not vuln | | | | source |
| Elastic | Endgame | | | Not vuln | | | | source |
| Elastic | Endpoint Security | | | Not vuln | | | | source |
| Elastic | Enterprise Search | | | Not vuln | | | | source |
| Elastic | Fleet Server | | | Not vuln | | | | source |
| Elastic | Kibana | | | Not vuln | | | | source |
| Elastic | Logstash | 6.8.22 | Not vuln | Fix | Fix | Fix | No known remote code execution exposure. Fixed in 6.8.22 | source |
| Elastic | Machine Learning | | | Not vuln | | | | source |
| Elastic | Maps Service | | | Not vuln | | | | source |
| Elastic | search | 7.16.2 | Not vuln | Fix | Fix | Fix | | source |
| Elastic | Swiftype | | | Investigation | | | | source |
| ElasticSearch | All | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| Ellucian | Admin | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Advance Web Connector | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Banner Analytics | | | Vulnerable | | | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Banner Document Management (includes Banner Document Retention) | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Banner Event Publisher | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Banner Integration for eLearning | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Banner Integration for eProcurement | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Banner Self Service | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Banner Workflow | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Colleague | | | Vulnerable | | | On-prem and cloud deployements expect fixed 12/18/2021 | Ellucian Response on Apache Log4j Issue |
| Ellucian | Colleague Analytics | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | CRM Advance | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | CRM Advise | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | CRM Recruit | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Data Access | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Design Path | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Enterprise Identity Services(BEIS) | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | ePrint | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Ethos API & API Management Center | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Ethos Extend | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Ethos Integration | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | eTranscripts | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Experience | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Intelligent Platform (ILP) | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | International Student and Scholar Management (ISSM) | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Message Service (EMS) | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Messaging Adapter (EMA) | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Mobile | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Payment Gateway | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Portal | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | PowerCampus | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Solution Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| Ellucian | Workflow | | Not vuln | Not vuln | Not vuln | Not vuln | | Ellucian Response on Apache Log4j Issue |
| ELO | Digital Office | | | Not vuln | | | | source |
| Emerson | 148 Temperature Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 2051 Pressure Transmitter Family | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 2088 Pressure Transmitter Family | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 2090F/2090P Pressure Transmitters | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 215 Pressure Sensor Module | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 248 Configuration Application | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 248 Temperature Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 3051 & 3051S Pressure transmitter families | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 3144P Temperature Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 326P Pressure Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 326T Temperature Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 327T Temperature Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 4088 Pressure Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 4088 Upgrade Utility | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 4600 Pressure Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 4732 Endeavor | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 4732 Endeavor | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | 550 PT Pressure Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 5726 Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 5726 Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | 644 Temperature Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 648 Temperature Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | 848T Temperature Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Aperio software | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Combustion: OCX OXT 6888 CX1100 6888Xi | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | CT2211 QCL Aerosol Microleak Detection System | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | CT3000 QCL Automotive OEM Gas Analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | CT4000 QCL Marine OEM Gas Analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | CT4215 QCL Packaging Leak Detection System | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | CT4400 QCL General Purpose Continuous Gas Analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | CT4404 QCL pMDI Leak Detection Analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | CT5100 QCL Field Housing Continuous Gas Analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | CT5400 QCL General Purpose Continuous Gas Analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | CT5800 QCL Flameproof Housing Continuous Gas Analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | DHNC1 DHNC2 | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | DHNC1 DHNC2 | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Engineering Assistant 5.x & 6.x | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Fieldwatch and Service consoles | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Fieldwatch and Service consoles | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Incus Ultrasonic gas leak detector | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | K-Series Coriolis Transmitters | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | K-Series Coriolis Transmitters | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Liquid Transmitters: 5081 1066 1056 1057 56 | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Mark III Gas and Liquid USM | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Mark III Gas and Liquid USM | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | MPFM2600 & MPFM5726 | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | MPFM2600 & MPFM5726 | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Prolink Configuration Software | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Prolink Configuration Software | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Prolink Mobile Application & ProcessViz Software | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Prolink Mobile Application & ProcessViz Software | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Rosemount 2230 Graphical Field Display | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount 2240S Multi-input Temperature Transmitter | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount 2410 Tank Hub | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount 2460 System Hub | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount 3490 Controller | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount CMS/IOU 61 | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount CMS/SCU 51/SCC | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount CMS/WSU 51/SWF 51 | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount IO-Link Assistant | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount Level Detectors (21xx) | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount Radar Configuration Tool | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount Radar Level Gauges (Pro 39xx 59xx) | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount RadarMaster and RadarMaster Plus | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount Tank Radar Gauges (TGUxx) | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Rosemount TankMaster and TankMaster Mobile | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Spectrex family Flame Detectors and Rosemount 975 flame detector | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | Vortex and Magmeter Transmitters | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | Vortex and Magmeter Transmitters | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Emerson | WCM SWGM | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification EMR.RMT21003-2 |
| Emerson | WCM SWGM | | Not vuln | Not vuln | Not vuln | Not vuln | | Emerson Security Notification MR.RMT21003-2 |
| Enfocus | BoardingPass | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Enfocus | Connect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Enfocus | PDF Review Module | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Enfocus | PitStop | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Enfocus | Switch | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Enovation | All | | | Not vuln | | | | source |
| EnterpriseDT | All | | | | | | | EnterpriseDT Statement |
| ESET | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| ESET | Secure Authentication | | Not vuln | Workaround | | | | source |
| Esri | ArcGIS Data Store | All | Not vuln | Fix | | | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | source |
| Esri | ArcGIS Enterprise | All | Not vuln | Fix | | | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | source |
| Esri | ArcGIS Enterprise and related products | | Workaround | Workaround | Workaround | | See source for workaround | source |
| Esri | ArcGIS GeoEvent Server | All | Not vuln | Fix | | | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | source |
| Esri | ArcGIS Server | All | Not vuln | Fix | | | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | source |
| Esri | ArcGIS Workflow Manager Server | All | Not vuln | Fix | | | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | source |
| Esri | Portal for ArcGIS | All | Not vuln | Fix | | | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | source |
| estos | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| EVL Labs | JGAAP | <8.0.2 | Not vuln | Fix | | | | source |
| Evolveum | midPoint | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Evolveum Midpoint | All | | | | | | | Evolveum Midpoint Statement |
| Ewon | All | | | | | | | Ewon Statement |
| Ewon (HMS-Networks) | eCatcher | 6.7.8 | Not vuln | Fix | Fix | Fix | | source bulletin |
| Exabeam | All | | | | | | This advisory is available to customers only and has not been reviewed by CISA | Exabeam Statement |
| Exact | AEC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Audition | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | BoekhoudGemak | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Bouw7 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Business Suite | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | CommunicatieGemak | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Consolidation powered by LucaNet | | Not vuln | Workaround | Workaround | Workaround | | source |
| Exact | Digipoort | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | DigitaleFactuur | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Dimoni | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | EDI Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | FDS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Financials | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | FiscaalGemak | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Globe Core product | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Globe E-report/Crystal Reports | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Go2UBL | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Gripp | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | HR & SalarisGemak | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | insights (Qlik) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Officient | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Online All core products | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Online Elastic Search | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Online Samenwerken (OSW) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Payroll Plus (Loket) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | ProAcc | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | ProQuro | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | RapportageGemak | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Reeleezee | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | ScanSys | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | SRXP | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Synergy Core product | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Synergy Elastic Search | 6.6.2 | Not vuln | Workaround | Workaround | Workaround | | source |
| Exact | WerkprogrammaGemak | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | Winbooks | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exact | WMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Exivity | On-Premise | All version | | Not vuln | | | | source |
| Extensis | Universal Type Server | =>7.0.6 | Not vuln | Fix | | | | source |
| ExtraHop | Reveal(x) | <=8.4.6, <=8.5.3, <=8.6.4 | Not vuln | Fix | | | Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. | ExtraHop Statement |
| eXtreme Hosting | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | 200-series | | | Investigation | | | | source |
| Extreme Networks | BOSS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | EXOS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | Extreme AirDefense | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | Extreme Campus Controller (ExtremeCloud Appliance) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | Extreme Fabric Automation (EFA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | Extreme Management Center (XMC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | Extreme Visibility Manager (XVM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | ExtremeAnalytics | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | ExtremeCloud A3 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | ExtremeCloud IQ | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | ExtremeConnect | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | ExtremeControl | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | ExtremeGuest | | | Investigation | | | | source |
| Extreme Networks | ExtremeLocation | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | ExtremeWireless (Identifi) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | Fabric Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | HiveManager Classic On-Premises | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | HiveManager Classic Online | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | IQEngine (HiveOS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | IQVA | | | Vulnerable | | | | source |
| Extreme Networks | ISW | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | NetIron OS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | Network OS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | Nsight | | | Investigation | | | | source |
| Extreme Networks | SLX-OS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | Traffic Sensor | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | VOSS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | WiNG | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extreme Networks | XIQ-SE | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Extron | All | | | | | | | Extron Statement |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| GSA | Cloud.gov | | | | | | | link |
| Google | Chrome | | | Not vuln | | | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | link |
| GE Digital | All | | | | | | This advisory is available to customers only and has not been reviewed by CISA. | GE Digital Advisory Link(login required) |
| GE Digital Grid | All | | | | | | This advisory is available to customers only and has not been reviewed by CISA. | GE Digital Grid Advisory Link(login required) |
| GE Gas Power | Asset Performance Management (APM) | | | Vulnerable | | | GE verifying workaround. | GE Gas Power Advisory Link |
| GE Gas Power | Baseline Security Center (BSC) | | | Vulnerable | | | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details. | GE Gas Power Advisory Link |
| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Vulnerable | | | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details | GE Gas Power Advisory Link |
| GE Gas Power | Control Server | | | Vulnerable | | | The Control Server is Affected via vCenter. There is a fix for vCenter. Please see below. GE verifying the vCenter fix as proposed by the vendor. | GE Gas Power Advisory Link |
| GE Gas Power | Tag Mapping Service | | Not vuln | Fix | | | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | GE Gas Power Advisory Link |
| GE Healthcare | All | | | | | | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | GE Healthcare Advisory Link |
| Gearset | All | | | | | | | Gearset Statement |
| Genesys | All | | | Investigation | | | | source |
| GeoServer | All | | | | | | | GeoServer Announcement |
| GeoSolutions | Geonetwork | All | Not vuln | Workaround | | | | source |
| GeoSolutions | GeoServer | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Gerrit code review | All | | | | | | | Gerrit Statement |
| GFI | All | | | | | | | GFI Statement |
| GFI Software | Kerio Connect | 9.3.1p2 | Not vuln | Workaround | Vulnerable | Vulnerable | | source |
| Ghidra | All | | | | | | | Ghidra Statement |
| Ghisler | Total Commander | All | | Not vuln | | | Third Party plugins might contain log4j | source |
| Gigamon | Fabric Manager | <5.13.01.02 | Not vuln | Fix | | | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | Gigamon Customer Support Portal |
| GitHub | All | GitHub.com and GitHub Enterprise Cloud | Not vuln | Fix | | | | GitHub Statement |
| GitHub | Github Enterprise Server | 3.3.1, 3.2.6, 3.1.14, 3.0.22 | Not vuln | Fix | | | | source |
| GitLab | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| GitLab | DAST analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| GitLab | Dependency Scanning | | Not vuln | Fix | | | | source |
| GitLab | Gemnasium-Maven | | Not vuln | Fix | | | | source |
| GitLab | PMD OSS | | Not vuln | Fix | | | | source |
| GitLab | SAST | | Not vuln | Fix | | | | source |
| GitLab | Spotbugs | | Not vuln | Fix | | | | source |
| Globus | All | | | | | | | Globus Statement |
| GoAnywhere | Agents | | Not vuln | Workaround | | | | source |
| GoAnywhere | Gateway | version 2.7.0 or later | Not vuln | Fix | | | | source |
| GoAnywhere | MFT | version 5.3.0 or later | Not vuln | Fix | | | | source |
| GoAnywhere | MFT Agents | 1.4.2 or later | | Vulnerable | | | Versions less than GoAnywhere Agent version 1.4.2 are not affected | source |
| GoAnywhere | Open PGP Studio | | Not vuln | Workaround | | | | source |
| GoAnywhere | Surveyor/400 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| GoCD | All | | | | | | | GoCD Statement |
| Google Cloud | Access Transparency | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Actifio | | Not vuln | Not vuln | Not vuln | Not vuln | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit https://now.actifio.com https://now.actifio.com for the full statement and to obtain the hotfix (available to Actifio customers only). | source |
| Google Cloud | AI Platform Data Labeling | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | AI Platform Neural Architecture Search (NAS) | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | AI Platform Training and Prediction | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Anthos | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | source |
| Google Cloud | Anthos Config Management | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Anthos Connect | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Anthos Hub | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Anthos Identity Service | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Anthos on VMWare | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | source |
| Google Cloud | Anthos Premium Software | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Anthos Service Mesh | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Apigee | | Not vuln | Not vuln | Not vuln | Not vuln | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | source |
| Google Cloud | App Engine | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | source |
| Google Cloud | AppSheet | | Not vuln | Not vuln | Not vuln | Not vuln | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | source |
| Google Cloud | Armor | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Armor Managed Protection Plus | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Artifact Registry | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Assured Workloads | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | AutoML | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | AutoML Natural Language | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | AutoML Tables | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | AutoML Translation | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | AutoML Video | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | AutoML Vision | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | BigQuery | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | BigQuery Data Transfer Service | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | BigQuery Omni | | Not vuln | Not vuln | Not vuln | Not vuln | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | source |
| Google Cloud | Binary Authorization | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Certificate Manager | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Chronicle | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Asset Inventory | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Bigtable | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Build | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | source |
| Google Cloud | Cloud CDN | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Composer | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | source |
| Google Cloud | Cloud Console App | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Data Loss Prevention | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Debugger | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Deployment Manager | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud DNS | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Endpoints | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud External Key Manager (EKM) | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Functions | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | source |
| Google Cloud | Cloud Harware Security Module (HSM) | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Interconnect | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Intrusion Detection System (IDS) | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Key Management Service | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Load Balancing | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Logging | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Natural Language API | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Network Address Translation (NAT) | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Profiler | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Router | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Run | | | | | | 12/21/2021 | |
| Google Cloud | Cloud Run for Anthos | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | source |
| Google Cloud | Cloud Scheduler | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud SDK | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Shell | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | source |
| Google Cloud | Cloud Source Repositories | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Spanner | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud SQL | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Storage | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Tasks | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Trace | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Traffic Director | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Translation | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Vision | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud Vision OCR On-Prem | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Cloud VPN | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | CompilerWorks | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Compute Engine | | Not vuln | Not vuln | Not vuln | Not vuln | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | source |
| Google Cloud | Contact Center AI (CCAI) | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Contact Center AI Insights | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Container Registry | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Data Catalog | | Not vuln | Not vuln | Not vuln | Not vuln | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | source |
| Google Cloud | Data Fusion | | Not vuln | Not vuln | Not vuln | Not vuln | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | source |
| Google Cloud | Database Migration Service (DMS) | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Dataflow | | Not vuln | Not vuln | Not vuln | Not vuln | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | source |
| Google Cloud | Dataproc | | Not vuln | Not vuln | Not vuln | Not vuln | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | source |
| Google Cloud | Dataproc Metastore | | Not vuln | Not vuln | Not vuln | Not vuln | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | source |
| Google Cloud | Datastore | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Datastream | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Dialogflow Essentials (ES) | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Document AI | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Event Threat Detection | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Eventarc | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Filestore | | Not vuln | Not vuln | Not vuln | Not vuln | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | source |
| Google Cloud | Firebase | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Firestore | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Game Servers | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Google Kubernetes Engine | | Not vuln | Not vuln | Not vuln | Not vuln | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | source |
| Google Cloud | Healthcare Data Engine (HDE) | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Human-in-the-Loop AI | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | IoT Core | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Key Access Justifications (KAJ) | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Looker | | Not vuln | Not vuln | Not vuln | Not vuln | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | source |
| Google Cloud | Media Translation API | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Memorystore | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Migrate for Anthos | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Migrate for Compute Engine (M4CE) | | Not vuln | Not vuln | Not vuln | Not vuln | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | source |
| Google Cloud | Network Connectivity Center | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Network Intelligence Center | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Network Service Tiers | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Persistent Disk | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Pub/Sub | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Pub/Sub Lite | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | source |
| Google Cloud | reCAPTCHA Enterprise | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Recommendations AI | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Retail Search | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Risk Manager | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Secret Manager | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Security Command Center | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Service Directory | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Service Infrastructure | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Speaker ID | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Speech-to-Text | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Speech-to-Text On-Prem | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Storage Transfer Service | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Talent Solution | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Text-to-Speech | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Transcoder API | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Transfer Appliance | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Video Intelligence API | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Virtual Private Cloud | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | VMware Engine | | Not vuln | Not vuln | Not vuln | Not vuln | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | source |
| Google Cloud | Web Security Scanner | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Google Cloud | Workflows | | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source |
| Gradle | All | | Not vuln | Not vuln | Not vuln | Not vuln | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | source |
| Gradle | Enterprise | 2021.3.6 | Not vuln | Fix | | | | source |
| Gradle | Enterprise Build Cache Node | 10.1 | Not vuln | Fix | | | | source |
| Gradle | Enterprise Test Distribution Agent | 1.6.2 | Not vuln | Fix | | | | source |
| Grafana | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Grandstream | All | | | | | | | Grandstream Statement |
| Gravitee | Access Management | 3.10.x | Not vuln | Not vuln | Not vuln | Not vuln | | About the Log4J CVSS 10 Critical Vulnerability |
| Gravitee | Access Management | 3.5.x | Not vuln | Not vuln | Not vuln | Not vuln | | About the Log4J CVSS 10 Critical Vulnerability |
| Gravitee | Alert Engine | 1.4.x | Not vuln | Not vuln | Not vuln | Not vuln | | About the Log4J CVSS 10 Critical Vulnerability |
| Gravitee | Alert Engine | 1.5.x | Not vuln | Not vuln | Not vuln | Not vuln | | About the Log4J CVSS 10 Critical Vulnerability |
| Gravitee | API Management | 3.10.x | Not vuln | Not vuln | Not vuln | Not vuln | | About the Log4J CVSS 10 Critical Vulnerability |
| Gravitee | API Management | 3.5.x | Not vuln | Not vuln | Not vuln | Not vuln | | About the Log4J CVSS 10 Critical Vulnerability |
| Gravitee | Cockpit | 1.4.x | Not vuln | Not vuln | Not vuln | Not vuln | | About the Log4J CVSS 10 Critical Vulnerability |
| Gravitee.io | All | | | | | | | Gravitee.io Statement |
| Gravwell | All | | Not vuln | Not vuln | Not vuln | Not vuln | Gravwell products do not use Java | source |
| Graylog | All | 3.3.15, 4.0.14, 4.1.9, 4.2.3 | Not vuln | Fix | | | The vulnerable Log4j library is used to record GrayLog's own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. Graylog https://github.com/Graylog2/graylog2-server/compare/4.2.3...4.2.4"">version 4.2.4 fixes https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/ another vulnerability | source |
| Graylog | Server | All versions >= 1.2.0 and <= 4.2.2 | Not vuln | Fix | | | | Graylog Update for Log4j |
| Greenshot | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| GuardedBox | All | 3.1.2 | Not vuln | Fix | | | | source |
| Guidewire | All | | | | | | | Guidewire Statement |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| HMS Industrial Networks AB | Cosy, Flexy and Ewon CD | | | | | | | link |
| HMS Industrial Networks AB | Netbiter Hardware including EC, WS, and LC | | | | | | | link |
| HMS Industrial Networks AB | Talk2M including M2Web | | | | | | | link |
| HMS Industrial Networks AB | eCatcher Mobile applications | | | | | | | link |
| HMS Industrial Networks AB | eCatcher Windows software | | | | | | | link |
| HPE/Micro Focus | Data Protector | | | Fix | | | | link |
| HackerOne | All | | Not vuln | Fix | | | | source |
| HAProxy | All | | | | | | | HAProxy Statement |
| HarmanPro AMX | All | | | | | | | HarmanPro AMX Statement |
| Hashicorp | All | | | Not vuln | | | | source |
| HCL Software | BigFix Compliance | | Not vuln | Not vuln | Not vuln | | | source |
| HCL Software | BigFix Insights | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HCL Software | BigFix Insights for Vulnerability Remediation | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HCL Software | BigFix Inventory | < 10.0.7 | Not vuln | Workaround | Not vuln | | | source |
| HCL Software | BigFix Lifecycle | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HCL Software | BigFix Mobile | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HCL Software | BigFix Patch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Heimdal Security | web-based services | Cloud | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Helpsystems | Clearswift Secure Email Gateway | 5.4.0 ,5.3.0 | | Vulnerable | | | Investigation | source |
| Helpsystems | Clearswift Secure Exchange Gateway | 5.4.0 ,5.3.0 | | Vulnerable | | | Investigation | source |
| Helpsystems | Clearswift Secure ICAP Gateway | 5.4.0 ,5.3.0 | | Vulnerable | | | Investigation | source |
| Helpsystems | Clearswift Secure Web Gateway | 5.4.0 ,5.3.0 | | Vulnerable | | | Investigation | source |
| HelpSystems Clearswift | All | | | | | | | HelpSystems Clearswift |
| HENIX | Squash TM | 1.21.7 - 1.22.9, 2.0.3 - 2.1.5, 2.2.0 - 3.0.2 | Not vuln | Fix | | | | Vendor Link |
| Hexagon | ERDAS APOLLO - Catalog Explorer | | Not vuln | Fix | | | | source |
| Hexagon | ERDAS APOLLO Advantage & Professional | | | Investigation | | | | source |
| Hexagon | ERDAS APOLLO Essentials | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | GeoCompressor | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | GeoMedia | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | GeoMedia SmartClient | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | GeoMedia WebMap | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | Geoprocessing Server | | Not vuln | Fix | | | Fixed with 2022GeoprocessingLog4j-SecurityVulnerability.zip | source |
| Hexagon | Geospatial Portal | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | Geospatial SDI | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN Connect | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN InService (All InService products) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN NetWorks Comms (G/Tech Fiber Optic Works) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN NetWorks Core (G/Technology products) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN NetWorks WebServices (NetWotks) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN OnCall Analytics | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN OnCall Dispatch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN OnCall Mobile | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN OnCall Mobile Admin | | | Vulnerable | | | | source |
| Hexagon | HxGN OnCall Mobile Unit | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN OnCall Planning & Response | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN OnCall Records | | Not vuln | Fix | | | | source |
| Hexagon | HxGN OnCall Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | HxGN Xalt | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | I/Map Editor | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | ImageStation | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | IMAGINE | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | inPURSUIT Client | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | inPURSUIT Server (Workflow) | | Not vuln | Fix | | | | source) |
| Hexagon | Intergraph CAD (All I/CAD products) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | Intergraph Fiber Optic Works – ESC | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | Intergraph G!NIUS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | Intergraph G/Technology – ESC | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | Intergraph LEADS (All I/LEADS products) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | Intergraph Mobile (I/Mobile, Mobile Public Safety, Mobile Responder) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | Intergraph NetWorks - ESC | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | Intergraph Security (All I/Security products) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | LuciadFusion | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | LuciadLightspeed | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hexagon | M.App Enterprise | | | Vulnerable | | | | source |
| Hexagon | M.App X - Geoprocessing Server | | | Vulnerable | | | | source |
| Hexagon | NIBRS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Hikvision | All | | | | | | | Hikvision |
| Hitachi Energy | all other products | | | Investigation | | | Meta-Advisory listing all known affected products, other are still unter investigation | source |
| Hitachi Energy | Axis | 3.6 | Not vuln | Fix | Fix | | SaaS only, patched by vendor | source |
| Hitachi Energy | Counterparty Settlement and Billing (CSB) version 6 | 6 | Not vuln | Workaround | Workaround | Workaround | request patch from vendor | source |
| Hitachi Energy | e-Mesh Monitor | | Not vuln | Fix | Fix | | affected part at cloud & handled by vendor, no user action required | source |
| Hitachi Energy | eSOMS | | Not vuln | Not vuln | Not vuln | Not vuln | | Hitachi Energy |
| Hitachi Energy | FOXMAN-UN | < R11BSP1 | Not vuln | Vulnerable | Vulnerable | Vulnerable | | source |
| Hitachi Energy | FOXMAN-UN | R15A, R14B, R14A, R11BSP1 | Not vuln | Workaround | Workaround | Workaround | patch at customer portal avilable | source |
| Hitachi Energy | Lumada APM On-premises | 5.0 or later | Not vuln | Not vuln | Not vuln | | | source |
| Hitachi Energy | Lumada APM On-premises | 6.0.0.0, 6.0.0.1, 6.0.0.2 | Not vuln | Vulnerable | Vulnerable | | | source |
| Hitachi Energy | Lumada APM On-premises | 6.0.0.3 | Not vuln | Fix | Fix | | | source |
| Hitachi Energy | Lumada APM On-premises | 6.1.0.0 | Not vuln | Vulnerable | Vulnerable | | | source |
| Hitachi Energy | Lumada APM On-premises | 6.1.0.1 | Not vuln | Fix | Fix | | | source |
| Hitachi Energy | Lumada APM On-premises | 6.2.0.0, 6.2.0.1 | Not vuln | Vulnerable | Vulnerable | | | source |
| Hitachi Energy | Lumada APM On-premises | 6.2.0.2 | Not vuln | Fix | Fix | | | source |
| Hitachi Energy | Lumada APM On-premises | 6.3.0.0 | Not vuln | Vulnerable | Vulnerable | | | source |
| Hitachi Energy | Lumada APM On-premises | 6.3.0.1 | Not vuln | Fix | Fix | | | source |
| Hitachi Energy | Lumada APM SaaS | | Not vuln | Fix | Fix | | handled by vendor, no user action required | source |
| Hitachi Energy | Lumada EAM / FSM | v1.7.x, v1.8.x, v1.9.x | Not vuln | Workaround | Workaround | | | source |
| Hitachi Energy | MMS internal facing subcomponent | | Not vuln | Workaround | Workaround | | Patch is available and delivered | source |
| Hitachi Energy | Network Manager ADMS Network Model Server | 9.1.0.32 – 9.1.0.44 | Not vuln | Workaround | Workaround | | | source |
| Hitachi Energy | Network Manager Outage Management Interface (OMI) – Client Application | 9.0 – 9.1.0.44, 9.1.1, 10.3.4 | Not vuln | Workaround | Workaround | | | source |
| Hitachi Energy | Network Manager Outage Management Interface (OMI) – Third Party Oracle Database Components (Trace File Analyzer, SQL Developer, Property Graph) | 12.1, 12.2, 19c | Not vuln | Vulnerable | Vulnerable | | | source |
| Hitachi Energy | Network Manager SCADA/EMS, Ranger and NMR Product – Third Party Oracle Database Components (Trace File Analyzer, SQL Developer, Property Graph) | 12.1, 12.2, 19c | Not vuln | Vulnerable | Vulnerable | | | source |
| Hitachi Energy | nMarket CAISO | 2.9.30 and prior | Vulnerable | Not vuln | Not vuln | Not vuln | | source |
| Hitachi Energy | nMarket Global I-SEM | 3.7.16.01 | Not vuln | Fix | Fix | Fix | | source |
| Hitachi Energy | nMarket Global MISO SaaS | 3.0.40.03 on premise | Vulnerable | Not vuln | Not vuln | Not vuln | | source |
| Hitachi Energy | nMarket Global MISO SaaS | 3.0.40.03 | Workaround | Not vuln | Not vuln | Not vuln | no customer action required | source |
| Hitachi Energy | nMarket Global SPP SaaS | 3.0.40.01 on premise | Vulnerable | Not vuln | Not vuln | Not vuln | | source |
| Hitachi Energy | nMarket Global SPP SaaS | 3.0.40.01 | Workaround | Not vuln | Not vuln | Not vuln | no customer action required | source |
| Hitachi Energy | nMarket NE | 4.6.26 and prior | Vulnerable | Not vuln | Not vuln | Not vuln | | source |
| Hitachi Energy | nMarket NY | 4.1.45 and prior | Vulnerable | Not vuln | Not vuln | Not vuln | | source |
| Hitachi Energy | nMarket PJM | 5.4.28 and prior | Vulnerable | Not vuln | Not vuln | Not vuln | | source |
| Hitachi Energy | nMarket TX | 3.1.18 and prior | Vulnerable | Not vuln | Not vuln | Not vuln | | source |
| Hitachi Energy | RelCare | 2.0 | Not vuln | Fix | Fix | | patched by vendor | source |
| Hitachi Energy | UNEM | < R11BSP1 | Not vuln | Vulnerable | Vulnerable | Vulnerable | | source |
| Hitachi Energy | UNEM | R15A, R14B, R14A, R11BSP1 | Not vuln | Workaround | Workaround | Workaround | patch at customer portal avilable | source |
| Hitachi Vantara | Pentaho | v8.3.x, v9.2.x | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HMS-Networks | All | | | | | | | source |
| Hologic | Advanced Workflow Manager (AWM) | | | Investigation | | | While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. | source |
| Hologic | Affirm Prone Biopsy System | | | Not vuln | | | | source |
| Hologic | Brevera Breast Biopsy System | | | Not vuln | | | | source |
| Hologic | Cenova Image Analytics Server | | Not vuln | Not vuln | Not vuln | Not vuln | | HOLOGIC Advisory Link |
| Hologic | Cenova Image Analytics Server (CAD) | | | Not vuln | | | | source |
| Hologic | Dimensions / 3Dimensions Mammography System | | | Not vuln | | | | source |
| Hologic | Discovery Bone Densitometer | | | Not vuln | | | | source |
| Hologic | Faxitron CT Specimen Radiography System | | | Investigation | | | While the Hologic software itself does not utilize Java/Log4J, there is a utility program installed that may utilize Java and Log4J. This utility program does not run on startup and is not required for system operation. | source |
| Hologic | Faxitron Specimen Radiography Systems | | | Not vuln | | | | source |
| Hologic | Fluoroscan Insight Mini C-Arm | | | Not vuln | | | | source |
| Hologic | Horizon DXA Bone Densitometer | | | Not vuln | | | | source |
| Hologic | Rosetta DC Tomosynthesis Data Converter | | | Not vuln | | | | source |
| Hologic | SecurView DX Workstation | | Not vuln | Not vuln | Not vuln | Not vuln | | HOLOGIC Advisory Link |
| Hologic | SecurView DX/RT Workstation and Manager | | | Not vuln | | | | source |
| Hologic | SecurXChange Router | | | Not vuln | | | | source |
| Hologic | SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) | | | Not vuln | | | | source |
| Hologic | Trident HD Specimen Radiography System | | | Not vuln | | | | source |
| Hologic | Unifi Workspace | | | Investigation | | | While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. | source |
| Hologic | Windows Selenia Mammography System | | | Not vuln | | | | source |
| Honeywell | All | | | | | | | Honeywell Statement |
| HostiFi | Unifi hosting | | Not vuln | Fix | | | Hosted Unifi solution | source |
| HP | Teradici Cloud Access Controller | < v113 | Not vuln | Fix | | | | Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK |
| HP | Teradici EMSDK | < 1.0.6 | Not vuln | Fix | | | | Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK |
| HP | Teradici Management Console | < 21.10.3 | Not vuln | Fix | | | | Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK |
| HP | Teradici PCoIP Connection Manager | < 21.03.6, < 20.07.4 | Not vuln | Fix | | | | Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK |
| HP | Teradici PCoIP License Server | | Not vuln | Not vuln | Not vuln | Not vuln | | Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK |
| HPE | 3PAR Service Processor | 5.x | Not vuln | Fix | | | Fixed in version 5.0.9.2 | source release notes |
| HPE | 3PAR StoreServ Arrays | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | AirWave Management Platform | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Alletra 6000 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Alletra 9k | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Aruba Central | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Aruba ClearPass Policy Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Aruba Instant (IAP) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Aruba Location Services | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Aruba NetEdit | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Aruba NetInsight Network Analytics | All | | Vulnerable | | | | source |
| HPE | Aruba PVOS Switches | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Aruba SDN VAN Controller | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Aruba User Experience Insight (UXI) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Aruba VIA Client | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | ArubaOS SD-WAN Controllers and Gateways | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | ArubaOS Wi-Fi Controllers and Gateways | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | ArubaOS-CX switches | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | ArubaOS-S switches | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Authentication Server Function (AUSF) | 1.2107.0, 1.2109.0 and 1.2112.0 | | Vulnerable | | | | source |
| HPE | B-series SN2600B SAN Extension Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | B-series SN4000B SAN Extension Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | B-series SN6000B Fibre Channel Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | B-series SN6500B Fibre Channel Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | B-series SN6600B Fibre Channel Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | B-series SN6650B Fibre Channel Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | B-series SN6700B Fibre Channel Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | BladeSystem Onboard Administrator | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Brocade 16Gb SAN Switch for HPE BladeSystem c-Class | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Brocade Network Advisor | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | CloudAuth | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | CloudPhysics | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Compute Cloud Console | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Compute operations manager- FW UPDATE SERVICE | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Compute operations manager- FW UPDATE SERVICE (internal name olive) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | COS (Cray Operating System) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Cray EX System Monitoring Application (SMA) | All | | Vulnerable | | | | source |
| HPE | Cray Systems Management (CSM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Cray View for ClusterStor | 1.3.1 | | Vulnerable | | | | source |
| HPE | Custom SPP Portal (https://spp.hpe.com/custom) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Custom SPP Portal Link | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Customer Experience Assurance (CEA) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Data Management Framework | 7.x | | Vulnerable | | | | source |
| HPE | Data Services Cloud Console | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Device Entitlement Gateway (DEG) | 5 | | Vulnerable | | | | source |
| HPE | Dragon | 7.2 and 7.3 | | Vulnerable | | | | source |
| HPE | Dynamic SIM Provisioning (DSP) | DSP3.3, DSP3.1 and DSP3.4 | | Vulnerable | | | | source |
| HPE | Edge Infrastructure Automation | 2.0.x | | Vulnerable | | | | source |
| HPE | enhanced Internet Usage Manager (eIUM) | 10.6.3 | | Vulnerable | | | | source |
| HPE | Ezmeral Container Platform | 5.x | | Vulnerable | | | | source |
| HPE | Ezmeral Container Platform Bluedata EPIC | 3.x and 4.x | | Vulnerable | | | | source |
| HPE | Ezmeral Data Fabric | "Core/Client v6.2.0; MCS v6.0.1, v6.1.0, v6.1.1 and v6.2.0; Installer v1.17.0.0 and older" | | Vulnerable | | | | source |
| HPE | Ezmeral Ecosystem Pack (EEP) | "Elastic Search v6.8.8 and older; Data Access Gateway (DAG) v2.x and older; Hive v2.3.x and older; HBase v1.4.13 and older; Kafka HDFS Connector v10.0.0 and older" | | Vulnerable | | | | source |
| HPE | General information HPE | | | Investigation | | | Security bulletins for affected products will be posted on HPE Support Center, as the results of the investigation become available in the near future. HPE products not listed below are either vulnerable or undergoing investigation. | source |
| HPE | Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Harmony Data Platform | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Home Location Register (HLR/I-HLR) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | HOP public services (grafana, vault, rancher, Jenkins) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Hyper Converged 250 System | All | | Vulnerable | | | | source |
| HPE | Hyper Converged 380 | All | | Vulnerable | | | | source |
| HPE | Infosight for Servers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Infosight for Storage | All | | Vulnerable | | | | source |
| HPE | Insight Cluster Management Utility (CMU) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Integrated Home Subscriber Server (I-HSS) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Integrated Home Subscriber Server Software Series | 4.0.x | | Vulnerable | | | Only vulnerable when using the nHSS 4G/5G IWK function | source |
| HPE | Integrated Lights-Out (iLO) Amplifier Pack | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Integrated Lights-Out 4 (iLO 4) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Integrated Lights-Out 5 (iLO 5) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Integrity BL860c, BL870c, BL890c | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Integrity Rx2800/Rx2900 | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Integrity Superdome 2 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Integrity Superdome X | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Intelligent Assurance | All | | Vulnerable | | | Only Analytics on Metrics is vulnerable | source |
| HPE | Intelligent Management Center (IMC) Standard and Enterprise | 7.3 (E0706) and 7.3 (E0706P06) | | Vulnerable | | | | source |
| HPE | Intelligent Messaging (IM) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Intelligent Network Server (INS) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Intelligent Provisioning | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | iSUT integrated smart update tool | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Maven Artifacts (Atlas) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Media Workflow Master (MWM) | All | | Vulnerable | | | | source |
| HPE | MSA | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Multimedia Services Environment (MSE) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | NetEdit | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Network Function Virtualization Director (NFV Director) | 5.1.x and 6.0.x | | Vulnerable | | | | source |
| HPE | Nimble Storage | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | NS-T0634-OSM CONSOLE TOOLS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | NS-T0977-SCHEMA VALIDATOR | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | ntegrity Rx2800/Rx2900 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | OC Convergent Communications Platform (OCCP) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | OC Media Platform Media Resource Function (OCMP-MRF) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | OC Service Access Controller (OC SAC) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | OC Service Controller (OCSC) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | OC Universal Signaling Platform (OC-USP-M) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | OfficeConnect | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | OneView | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | OneView for VMware vRealize Operations (vROps) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | OneView Global Dashboard | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Performance Cluster Manager (HPCM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Performance Manager (PM) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Position Determination Entity (PDE) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Primera Storage | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Real Time Management System (RTMS) | 3.0.x and 3.1.x | | Fix | Fix | Fix | Fixed in version 3.00.72.1 | source security bulletin |
| HPE | Remote SIM Provisioning Manager (RSPM) | 1.3.2 and 1.4.1 | | Vulnerable | | | | source |
| HPE | RepoServer part of OPA (on Premises aggregator) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Resource Aggregator for Open Distributed Infrastructure Management | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | RESTful Interface Tool (iLOREST) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Revenue Intelligence Software Series | All | | Vulnerable | | | | source |
| HPE | SANnav Management Software | 2.0.0 and 2.1.1 | | Vulnerable | | | | source |
| HPE | SAT (System Admin Toolkit) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Scripting Tools for Windows PowerShell (HPEiLOCmdlets) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Secure Identity Broker (SIB) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Service Activator (SA) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Service Director (SD) | All | | Vulnerable | | | | source |
| HPE | Service Governance Framework (SGF) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Service Orchestration Manager (SOM) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Service Provisioner (SP) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | SGI MC990 X Server | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | SGI UV 2000 Server | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | SGI UV 300, 300H, 300RL, 30EX | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | SGI UV 3000 Server | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Shasta Monitoring Framework (SMF) | All | | Vulnerable | | | | source |
| HPE | Short Message Point-to-Point Gateway (SMPP) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Silver Peak Orchestrator | | Not vuln | Workaround | | | | source workaround |
| HPE | SimpliVity 325, 380 Gen9, 380 Gen10 and 2600 Gen10 | All | | Vulnerable | | | | source |
| HPE | SimpliVity OmniCube | All | | Vulnerable | | | | source |
| HPE | Slingshot | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Smart Interaction Server (SIS) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | SN3000B Fibre Channel Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | SN8000B 4-Slot SAN Director Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | SN8000B 8-Slot SAN Backbone Director Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | SN8600B 4-Slot SAN Director Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | SN8600B 8-Slot SAN Director Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | SN8700B 4-Slot Director Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | SN8700B 8-Slot Director Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | StoreEasy | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | StoreEver CVTL | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | StoreEver LTO Tape Drives | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | StoreEver MSL Tape Libraries | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | StoreOnce | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | StoreServ Management Console (SSMC) | All | | Vulnerable | | | | source |
| HPE | Subscriber, Network, and Application Policy (SNAP) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Subscription Manager (SM) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | SUM (Smart Update Manager) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Superdome Flex 280 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Superdome Flex Server | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Synergy Image Streamer | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Systems Insight Manager (SIM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Telecom Analytics Smart Profile Server (TASPS) | All | | Vulnerable | | | | source |
| HPE | Telecom Application Server (TAS) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Telecom Management Information Platform Software Series | | | Vulnerable | | | Only TeMIP Rest Server 8.3.2 and TMB 3.4.0 are vulnerable | source |
| HPE | Trueview Inventory Software Series | 8.6.x and 8.7.x | | Vulnerable | | | | source |
| HPE | UAN (User Access Node) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Unified Correlation and Automation (UCA) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Unified Data Management (UDM) | 1.2107.0, 1.2109.0, 1.2109.1 and 1.2112.0 | | Vulnerable | | | | source |
| HPE | Unified Mediation Bus (UMB) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Unified OSS Console (UOC) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Unified Topology Manager (UTM) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Universal Identity Repository (VIR) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Universal IoT (UioT) Platform | All | | Vulnerable | | | | source |
| HPE | Universal SLA Manager (uSLAM) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Unstructured Data Storage Function (UDSF) | 1.2108.0, 1.2110.0 and 1.2112.0 | | Vulnerable | | | | source |
| HPE | User Data Repository (UDR) | 1.2106.0, 1.2110.0 and 1.2112.0 | | Vulnerable | | | | source |
| HPE | Virtual Connect | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Virtual Connect Enterprise Manager (VCEM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Virtual Headend Manager (vHM) | All | | Vulnerable | | | | source |
| HPE | Virtual Provisioning Gateway (vPGW) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Virtual Server Environment (VSE) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| HPE | Virtual Subscriber Data Management (vSDM) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | WebRTC Gateway Controller (WGW) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | Wi-Fi Authentication Gateway (WauG) | | Not vuln | Not vuln | Not vuln | Not vuln | Support Communication Cross Reference ID: SIK7387 | (Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228 |
| HPE | XP Performance Advisor Software | 7.5 through 8.4 | | Vulnerable | | | | source |
| Huawei | All | | | Investigation | | | Customers have to contact the Huawei TAC | source |
| Hubspot | All | | | | | | | Hubspot Notice |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| I-Net software | All | | | | | | | I-Net Software Statement |
| I2P | All | | | | | | | I2P Statement |
| IBA-AG | All | | | | | | | IBA-AG Statement |
| Ibexa | All | | | | | | | Ibexa Statement |
| IBM | A9000/R | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Accelerator Catalog | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | AIX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | All | | | Investigation | | | IBM updates their advisories quite often. We will try to update accordingly. Please see their advisory | source |
| IBM | Analytical Decision Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Analytics Engine Serverless | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | App Configuration | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | App Connect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Application Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Application Performance Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Application Runtime Expert for i | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Aspera Endpoint | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Aspera Enterprise (including all product components) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Aspera Enterprise on Demand | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Aspera fasp.io | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Aspera on Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | b-type Switches and Directors | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | B2B Advanced Communications | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Backup, Recovery and Media Services for i | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Bare Metal Servers | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Block Storage | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Block Storage for VPC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Block Storage Snapshots for VPC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Blockchain Platform | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Blockchain Platform for Cloud Private | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Blockchain Platform on IBM Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Business Automation Workflow | 18.0.0+ | Not vuln | Fix | | | JR64456 / JR64096 | source |
| IBM | Business Process Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Business space | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | c-type Switches and Directors | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Call Center for Commerce | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | CareDiscovery Electronic Quality Measures | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | CareDiscovery Quality Measures | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | CareNotes | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Case Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Case Manager on Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Client VPN for VPC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Activity Tracker | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud API Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Automation Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Backup | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Event Management on Cloud Private | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud foundry for IBM cloud Private | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Load Balancer | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Monitoring | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Object Storage | All | Not vuln | Fix | | | Fix: 3.16.0.53 and 3.16.2.57 | source |
| IBM | cloud Orchestrator | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Pak for Data (IBM DB2 Event Store for CP4D) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Pak for Multicloud Management Core | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Pak for Multicloud Management Infrastructure Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | cloud platform common services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Satellite | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cloud Virtual Server for VPC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | COBOL for AIX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | COBOL for Linux on X86 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | COBOL for Windows | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Code Engine | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cognos Analytics | 11.2.1 Interim Fix 2, 11.1.7 Interim Fix 7, and 11.0.13 Interim Fix 4 | | Fix | Fix | | | source |
| IBM | Cognos Analytics Mobile / Cognos Analytics Mobile for Android and iOS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cognos Analytics Reports for Android | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cognos Analytics Reports for iOS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cognos Command Center | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cognos Integration Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cognos Mobile for Blackberry Dynamics (mobile app) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Cognos Planning | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Communications Server for AIX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Communications Server for Data Center Development | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Communications Server for Linux & CS for Linux on System z | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Compose Enterprise | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Compose for Elasticsearch | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Compose for etcd | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Compose for MongoDB | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Compose for MySQL | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Compose for PostgreSQL | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Compose for RabbitMQ | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Compose for Redis | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Compose for RethinkDB | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Compose for ScyllaDB | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Content Classification | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Content Collector for SAP Applications | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Content Delivery Network | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Content Integrator Enterprise Edition | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Content Manager Enterprise Edition | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Control Desk | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Copy Services Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Curam SPM | 8.0.0, 7.0.11 | | Vulnerable | | | | source |
| IBM | Data Management Platform for EDB Postgres Enterprise | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Data Management Platform for EDB Postgres Enterprise for IBM Cloud Pak for Data | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Data Management Platform for EDB Postgres Standard for IBM Cloud Pak for Data | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Data Management Platform for MongoDB Enterprise Advnaced for IBM Cloud Pak for Data | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Data Server Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Database Add-Ins for Visual Studio | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Databases for DataStax | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Databases for EDB | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Databases for Elasticsearch | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Databases for etcd | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Databases for MongoDB | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Databases for PostgreSQL | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Databases for Redis | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Datapower Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | DataStax Enterprise with IBM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Datastax enterprise with IBM for IBM Cloud Pak for Data | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Administration Foundation for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Administration Tool for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Administration Toolkit for z/OS SAP Edition | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Administration Toolkit for z/OS the SAP Edition | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Automation Tool for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Automation Toolkit for z/OS SAP Edition | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Bind Manager for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Change Accumulation Tool for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Cloning Tool for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | DB2 Connect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | DB2 Data Access Common Collector for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 DevOps Experience for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Event Store | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 High Performance Unload for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Log Analysis Tool for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Merge Backup | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Mirror for i | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Object Comparison Tool for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | DB2 Query Monitor for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Recovery Expert for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | DB2 Server | 11.5 | | Vulnerable | | | | source |
| IBM | Db2 Sort for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 SQL Performance Analyzer for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Table Editor for Multiplatforms | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Table Editor for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Db2 Utilities Enhancement Tool for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Decision Optimization Center | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Dedicated Host for VPC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Direct Link Connect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Direct Link Connect on Classic | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Direct Link Dedicated (2.0) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Direct Link Dedicated Hosting on Classic | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Direct Link Dedicated on Classic | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Direct Link Exchange on Classic | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | DNS Services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | EDB Postgres Advanced Server with IBM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | EDB PostgreSQL with IBM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Edge Application Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Emptoris Contract Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Emptoris Program Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Emptoris Services Procurement | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Emptoris Sourcing | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Emptoris Spend Analysis | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Emptoris Strategic Supply Management Platform | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Emptoris Supplier Lifecycle Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Enterprise Content Management System Monitor | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | enterprise records | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Enterprise Tape Controller Model C07 (3592) (ETC) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Event Notifications | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Event Streams | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | FHIR Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | File net IS HDS connectors | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | File net Print | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | File Storage | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Filenet Content Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | FileNet Image Services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Financial Crimes Insight for Entity Research | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Financial Transaction Manager (FTM) for Z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Financial Transaction Manager for Corporate Payment Services for MP 2.1.1 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Financial Transaction Manager for Digital Payments for z/OS 3.2.1 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Financial Transaction Manager for Immediate Payments for Multiplatforms (Base) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Financial Transaction Manager for SWIFT Services for Multiplatforms | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Financial Transaction Manager for SWIFT Services for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Flash System 900 (& 840) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | FlashSystem 5000 Series | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | FlashSystem 7000 Series | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | FlashSystem 9000 Series | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | FlashSystem v9000 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Flexible Analytics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Flow Logs for VPC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Fluid Query | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Functions | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | GSKit | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Guardium S-TAP for Data Sets on z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Guardium S-TAP for DB2 on z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Guardium S-TAP for IMS on z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | HATS (Host Access Transformation Services) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Health Insights Adhoc Report Writer (Previously known as Advantage Suite Adhoc Report Writer) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | HOD (Host On-Demand) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | HTTP Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Hyper Protect Crypto Services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Access Client Solutions | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Access Family | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Access Family – Access for Web | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Advanced DBCS Printer Support | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Advanced Function Printing | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Advanced Job Scheduler | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i AFP DBCS Fonts | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i AFP Font Collection | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i AFP Fonts | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Business Graphics Utility | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i CICS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Communications Utilities | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Cryptographic Device Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Db2 Query Manager and SQL Development Kit | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Db2 UDB Extenders | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Developer Kit for Java | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | I Facsimile Support | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i HTTP Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i InfoPrint Designer | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i InfoPrint Fonts | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i InfoPrint Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Integrated Domino Facsimile | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Job Scheduler | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Managed System Services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Network Authentication Enablement | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Performance Tools | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Portable Utilities | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Query | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Rational Application Management Toolset | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Rational Development Studio | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Rational Open Access, RPG Edition | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i System Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i System/38 Utilities | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i TCP/IP Utilities | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Transform Services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i Universal Manageability Enablement | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i WebSphere Development Studio | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i XML Toolbox | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i2 Analyst’s Notebook | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i2 Base | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | i2 iBase | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | ICP4A-Business Automation Content Analyzer | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | ILOG CP | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | ILOG CPLEX Optimization Studio | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Informix 4GL | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | InfoSphere Classic Federation & Replication for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | InfoSphere Data Architect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | InfoSphere Identity Insight | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Installation Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Integrated Analytics System (Sailfish) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Integration Bus Healthcare Pack | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Integration Bus Retail Pack | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | ITCAM for Transactions – MQ DC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Kenexa LCMS Premier | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Kenexa LMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Key Lifecyle Manager for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Key Protect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Kubernetes Service | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Liberty for Java for IBM Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Load Balancer for VPC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Log Analysis & Cloud Activity Tracker | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Market Expert | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | MarketScan Treatment Pathways | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Mass Data Migration | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo APM – Asset Health Insights SaaS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo Archiving with InfoSphere Optim Data Growth Solution | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo Asset Performance Management On-Premises | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo EAM SaaS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo Enterprise Adapter Oracle | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo Enterprise Adapter SAP | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo for Nuclear Power | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo for Oil and Gas | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo for Transportation | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo for Utilities | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo Health, Safety, and Environment Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo MRO Inventory Optimization | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo Spatial Asset Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Maximo Visual Inspection | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Merge Cardio | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Merge Hemo | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Message Hub | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Message Service Client (XMS) for C/C++ | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Micromedex | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Mono2Micro | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | MQ | iFix 9.2-IBM-MQ-LinuxX64-LAIT39386 | Not vuln | Fix | | | | source |
| IBM | MQ – This is the PID Product name we sell | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | MQ Advanced for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | MQ Appliance | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | MQ for HPE NonStop v8.1 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | MQ for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | MQ on IBM Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Netezza | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Netezza Analytics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Netezza Analytics | All versions <= 3.3.9 | | Vulnerable | | | Fix should be available from 14th Dec | source |
| IBM | Netezza Analytics – NPS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Netezza Analytics for NPS | All versions <= 11.2.21 | | Vulnerable | | | Fix should be available from 14th Dec | source |
| IBM | Netezza Fluid Query | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Netezza for Cloud Pak for Data System | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Netezza SQL Extensions | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Netezza SQL Extensions – NPS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Netezza® Performance Server for Cloud Pak® for Data | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Now Factory Analytics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Now Factory Sourceworks | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | OmniFind Text Search Server for DB2 for i | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | OPENBMC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Operational Decision Composer for Z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Operational Decision Manager on Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | OrbitalRX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Order Management Software | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Payments Director Transaction Services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | PCOMM (Personal Communications) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | PL/1 for AIX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Platform Process Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Platform RTM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Power Hardware Management Console | V10.1.1010.0,V9.2.950.0 | Not vuln | Fix | | | Fix: MH01913,MF69263 | source |
| IBM | PowerHA System Mirror for i | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | PowerSC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | PowerVM Hypervisor | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | PowerVM VIOS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Prerequisite scanner | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Price Transparency | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Process Mining | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | PureData System for Analytics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | QRadar Advisor | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | QRadar Incident Forensics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Qradar Network Threat Analytics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | QRadar On Cloud (QRoC) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | QRadar SIEM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | QRadar Vulnerability Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | QRadar WinCollect Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Quantum Services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Rational Business Developer (RBD) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Rational Developer for AIX and Linux | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Rational Developer for i | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Rational Integration Tester | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Rational Service Tester | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Rational Test Workbench | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Reactive Platform | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Red Hat OpenShift on IBM Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Remote Execution and Access | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Robotic Process Automation | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Robotic Process Automation with Automation Every where | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Safer Payments | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | SAN Volume Controller and Storwize Family | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Schematics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | SDK for Node.js | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | SDK, Java Technology Edition | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Secrets Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Secure Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Access Manager | 10.0.2-ISS-ISVA-FP0000 | Not vuln | Fix | | | | source |
| IBM | Security Access Manager | 9.0.7-ISS-ISAM-FP0002 | Not vuln | Fix | | | | source |
| IBM | Security Access Manager & Verify Access Integrations | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Directory Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Directory Suite | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Guardium STAPs (Windows, Linux & z/OS) and GIM clients | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Bridge | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Gateway for Linux PAM and AIX PAM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Gateway for Radius | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Gateway for Windows Login | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Privilege Account Lifecycle Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Privilege Behavior Analysis | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Privilege DevOps Vault | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Privilege Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Privilege Server Suite | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Privilege Vault | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Security Verify Privilege Vault Remote | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | SOA Policy Pattern for Red Hat Enterprise Linux Server 2.0 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Accelerate | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Archive Library Edition | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Discover | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect Client Management Service | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect for Databases: Data Protection for Oracle | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect for Databases: Data Protection for SQL | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect for Enterprise Resource Planning | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect for Mail: Data Protection for Domino | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect for Mail: Data Protection for Exchange | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect for Workstations | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect for z/OS USS Client and API | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect HSM for Windows | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect Plus Db2 Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect Plus Exchange Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect Plus File Systems Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect Plus MongoDB Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect Plus O365 Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect Plus Oracle Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect Plus SQL Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Protect Snapshot for UNIX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Spectrum Virtualize | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | SPSS Statistics | 25.0, 26.0, 27.0.1, 28.0.1 | Not vuln | Fix | | | Link is behind a login | source |
| IBM | SQL Query | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Connect:Direct Browser User Interface | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Connect:Direct for HP NonStop | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Connect:Direct for i5/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Connect:Direct for OpenVMS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Connect:Direct for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Connect:Direct FTP+ | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Connect:Enterprise for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Connect:Express for Microsoft Windows | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Connect:Express for UNIX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Connect:Express for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Fulfillment Optimizer | | | Vulnerable | | | | source |
| IBM | Sterling Gentran | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Inventory Visibility | | | Vulnerable | | | | source |
| IBM | Sterling Order Management | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Order Management (on-prem) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Pack for ACORD | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Pack for Financial Services | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Pack for FIX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Pack for NACHA | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Pack for PeopleSoft | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Pack for SAP R/3 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Pack for SEPA | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Pack for Siebel | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Pack for SWIFT | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Packs for EDI | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Packs for Healthcare | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Sterling Transformation Extender Trading Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Storage TS1160 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Storage TS2280 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Storage TS2900 Library | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Storage TS3100-TS3200 Library | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Storage TS4500 Library | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Storage Virtualization Engine TS7700 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Surveillance Insight for Financial Services Solution on Cloud (stand-alone) / (also part of) IBM Financial Crimes Insight) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | System Dashboard for Enterprise Content Management | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | System Storage DS3950/DS5020/DS5100/DS5300 Refresh | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | System Storage Storwize V7000 Unified (V7000U) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tape System Library Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | TDMF for zOS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli Composite Application Manager for Application Diagnostics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli Composite Application Manager for Applications | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli Composite Application Manager for J2EE | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli Composite Application Manager for SOA | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli Composite Application Manager for Transactions | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli Composite Application Manager for WebSphere | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli Directory Integrator | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli Federated Identity Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli Monitoring for Virtual Environments | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli Netcool Ominbus / (a product, and also a component of Netcool Operations Insight) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli OMEGAMON XE for DB2 Performance Expert on z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli OMEGAMON XE for DB2 Performance Monitor on z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli System Automation for Multiplatforms | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tivoli® Netcool/OMNIbus Knowledge Library | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tools Customizer for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Total Storage Service Console (TSSC) / TS4500 IMC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Transit Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Treatment Cost Calculator | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Tririga Anywhere | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Trusteer Mobile SDK | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Trusteer Pinpoint Assure | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Trusteer Pinpoint Detect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Trusteer Rapport | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | TS3310 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | TS3500 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | TS4300 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Unified Management Server for z/OS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Urbancode Deploy | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Virtual Private Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Virtual Server for Classic | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Virtualization Management Interface | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Visual Inspection Component | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | VM Manager Tool (part of License Metric Tool) | >9.2.21,<9.2.26 | | Vulnerable | | | | source |
| IBM | Voice Agent with Watson | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Voice Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | VPN for VPC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Watson Annotator for Clinical Data | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Watson IoT Platform – Message Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Watson Language Translator | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Weather Company Fusion | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Weather Company Max Engage for Enterprise with Watson | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Weather Company Max Solution | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Weather Company Pilotbrief | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Websphere | 8.5 | | Vulnerable | | | fix: PH42728 | source |
| IBM | Websphere | 9.0 | | Vulnerable | | | fix: PH42728 | source |
| IBM | WebSphere Application Server Developer Tools for Eclipse | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | WebSphere Application Server for Cloud Private VM Quickstarter | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | WebSphere Application Server Hypervisor Edition | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | WebSphere Application Server Migration Toolkit | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | WebSphere eXtreme Scale | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | WebSphere Liberty | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | WebSphere Message Broker Connectivity Pack for Healthcare | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | WebSphere Message Broker Extender for TIBCO RV | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | WebSphere Message Broker File Extender | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | WebSphere Message Broker with Rules and Formatter Extension | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | WebSphere MQ for HP NonStop v5.3.1 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Workload Automation | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Workload Deployer Image for x86 Systems | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Workload Scheduler | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | Workstation APL2 for Multiplatforms | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | XIV Management Tools | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | XIV Storage System | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | XL C/C++ for AIX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | XL C/C++ for Linux | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | XL Fortran for AIX | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| IBM | XL Fortran for Linux | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| ICONICS | All | | Not vuln | Not vuln | Not vuln | Not vuln | | ICONICS Advisory Link |
| IFS | All | | | | | | | IFS Bulletin |
| IGEL | Universal Management Suite | | Not vuln | Workaround | | | | source |
| Ignite Realtime | All | | | | | | | Ignite Realtime Statement |
| iGrafix | All | Latest | Not vuln | Fix | | | | source |
| iGrafx | All | | | | | | | iGrafx Statement |
| Illuminated Cloud | All | | | | | | | Illuminated Cloud Statement |
| Illumio | C-VEN | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | CLI | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | CloudSecure | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | Core on-premise PCE | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | Core SaaS PCE | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | Edge SaaS PCE | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | Edge-CrowdStrike | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | Flowlink | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | Kubelink | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | NEN | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | QRadar App | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | Splunk App | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Illumio | VEN | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| iManage | Preview Server | 10.0 or later | | Workaround | | | Link is behind a login | source |
| iManage | Records Manager | 10.3.x and later | | Workaround | | | Link is behind a login | source |
| iManage | Security Policy Manager | 10.1.x and 10.2.x | | Workaround | | | Link is behind a login | source |
| iManage | Work Indexer powered by IDOL | 10.3.0.26 and later | | Workaround | | | Link is behind a login | source |
| iManage | Work Indexer powered by RAVN | 10.2.3 - 10.2.6, 10.3.x | | Workaround | | | Link is behind a login | source |
| Imperva | All | | | | | | | Imperva Statement |
| Imprivata | ConfirmID | | | Not vuln | | | Link is behind a login | source |
| Imprivata | Cortext | | | Not vuln | | | Link is behind a login | source |
| Imprivata | GroundControl | | | Not vuln | | | Link is behind a login | source |
| Imprivata | Identity Governance | | | Not vuln | | | Link is behind a login | source |
| Imprivata | Mobile Device Access | | | Not vuln | | | Link is behind a login | source |
| Imprivata | OneSign | | | Not vuln | | | Link is behind a login | source |
| Imprivata | PAM | | Not vuln | Fix | | | Link is behind a login | source |
| Imprivata | PatientSecure | | | Not vuln | | | Link is behind a login | source |
| Inductive Automation | Ignition | All | | Not vuln | | | | source |
| IndustrialDefender | All | | | | | | | IndustrialDefender Statement |
| infinidat | All | | | | | | | infinidat Statement |
| Influxdata | All | All | | Not vuln | | | | source |
| Infoblox | All | All | | Not vuln | | | | source |
| Infoland | iQualify | | | Not vuln | | | | source |
| Infoland | Zenya (iProva) | | | Not vuln | | | | source |
| Infor | Private Cloud Tenant (IBM Websphere) | Dependent on Infor configuration | | Vulnerable | | | No official statement from Vendor. See screenshot. | source |
| Infor | Rich Desktop Client | | | Vulnerable | | | No official statement from Vendor. See screenshot | source |
| Informatica | Axon | 7.2.x | Not vuln | Workaround | | | | source |
| Informatica | Data Privacy Management | 10.5, 10.5.1 | Not vuln | Workaround | | | | source |
| Informatica | Information Deployment Manager | | Not vuln | Fix | | | | source |
| Informatica | Metadata Manager | 10.4, 10.4.1, 10.5, 10.5.1 | Not vuln | Workaround | | | | source |
| Informatica | PowerCenter | 10.5.1 | Not vuln | Workaround | | | | source |
| Informatica | PowerExchange for CDC (Publisher) and Mainframe | 10.5.1 | Not vuln | Workaround | | | | source |
| Informatica | Product 360 | All | Not vuln | Workaround | | | | source |
| Informatica | Secure Agents (Cloud hosted) | | Not vuln | Fix | | | Fixed agents may need to be restarted | source |
| INIT GmbH | AppComm | | | Not vuln | | | | source source |
| INIT GmbH | Mobile Plan | 4.22.x and 5.x | | Vulnerable | | | | source source |
| INIT GmbH | MOBILE-PERDIS | | | Not vuln | | | | source source |
| INIT GmbH | WebComm | | | Not vuln | | | | source source |
| Instana | All | | | | | | | Instana Statement |
| Instructure | All | | | | | | | Instructure Statement |
| Intel | Audio Development Kit | | | Vulnerable | | | | source |
| Intel | Computer Vision Annotation Tool | | | Vulnerable | | | | source |
| Intel | Computer Vision Annotation Tool maintained by Intel | | | Vulnerable | | | | Intel Advisory |
| Intel | Dataleft Manager | | | Vulnerable | | | | source |
| Intel | Genomics Kernel Library | | | Vulnerable | | | | source |
| Intel | oneAPI sample browser plugin for Eclipse | | | Vulnerable | | | | source |
| Intel | Secure Device Onboard | | | Vulnerable | | | | source |
| Intel | Sensor Solution Firmware Development Kit | | | Vulnerable | | | | source |
| Intel | System Debugger | | | Vulnerable | | | | source |
| Intel | System Studio | | | Vulnerable | | | | source |
| Internet Systems Consortium(ISC) | BIND 9 | All | Not vuln | Not vuln | Not vuln | Not vuln | no JAVA Code | ISC Open Source and Log4J |
| Internet Systems Consortium(ISC) | ISC DHCP, aka dhcpd | All | Not vuln | Not vuln | Not vuln | Not vuln | no JAVA Code | ISC Open Source and Log4J |
| Internet Systems Consortium(ISC) | Kea DHCP | All | Not vuln | Not vuln | Not vuln | Not vuln | no JAVA Code | ISC Open Source and Log4J |
| InterSystems | API Manager | | | Not vuln | | | | source |
| InterSystems | Atelier Integration | | | Not vuln | | | | source |
| InterSystems | Cache | | | Not vuln | | | | source |
| InterSystems | Cloud Manager | | | Not vuln | | | | source |
| InterSystems | Ensemble | | | Investigation | | | | source |
| InterSystems | FHIR Accelerator | | | Not vuln | | | | source |
| InterSystems | Health Integration as a Service | | | Investigation | | | | source |
| InterSystems | HealthShare Care Community | | | Not vuln | | | | source |
| InterSystems | HealthShare Clinical Viewer | 2019.2 to 2021.1 | | Not vuln | | | | source |
| InterSystems | HealthShare Health Connect | | | Investigation | | | | source |
| InterSystems | HealthShare Health Insight | | | Not vuln | | | | source |
| InterSystems | HealthShare Message Transformation Service | | | Not vuln | | | | source |
| InterSystems | HealthShare Patient Index | | | Not vuln | | | | source |
| InterSystems | HealthShare Personal Community | | | Not vuln | | | | source |
| InterSystems | HealthShare Provider Directory | | | Not vuln | | | | source |
| InterSystems | HealthShare Unified Care Record | | | Not vuln | | | | source |
| InterSystems | IRIS | | | Not vuln | | | | source |
| InterSystems | IRIS for Health | | | Investigation | | | | source |
| InterSystems | ISC Reports | | | Vulnerable | | | | source |
| InterSystems | TrakCare Core | | | Vulnerable | | | | source |
| InterSystems | TrakCare Editions | | | Investigation | | | | source |
| InterSystems | TrakCare Lab | | | Investigation | | | | source |
| InterSystems | VS Code Integration | | | Not vuln | | | | source |
| Intland | codebeamer | <= 20.11-SP11, <= 21.09-SP3 | | Vulnerable | | | A fix has been released for https://codebeamer.com/cb/wiki/13134438 20.11 and https://codebeamer.com/cb/wiki/19418497 21.09, but not yet for https://codebeamer.com/cb/wiki/16937839 21.04 | Apache Log4j vulnerability and fixes |
| IPRO | Netgovern | | | | | | | |
| iRedMail | All | | | | | | | iRedMail Statement |
| IronNet | All | All verisons | | Investigation | | | | source |
| ISL Online | All | All | | Not vuln | | | | source |
| ISLONLINE | All | | | | | | | ISLONLINE Statement |
| ISPNext | All | All | | Not vuln | | | | source |
| Ivanti | Avalache | 6.3.[0-3] | Not vuln | Fix | | | Information behind login | source |
| Ivanti | Core Connector | All | Not vuln | Workaround | | | Information behind login | source |
| Ivanti | File Director | All | Not vuln | Workaround | | | Information behind login | source |
| Ivanti | MobileIron Core | All | Not vuln | Workaround | | | Information behind login | source |
| Ivanti | MobileIron Sentry | 9.13, 9.14 | Not vuln | Workaround | | | Information behind login | source |
| Ivanti | Xtraction | 2019.2 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| Logit.io | Platform | | | Not vuln | | | | link |
| L-Soft | All | | | | | | | L-Soft Info |
| L3Harris Geospatial | All | | | | | | | L3Harris Geospatial |
| Lancom Systems | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lansweeper | All | All | | Not vuln | | | | source |
| Laserfiche | All | | | | | | | Laserfiche Product Information |
| LastPass | MFA | | Not vuln | Fix | | | Universal Proxy on Windows with Debug logging enabled are highly recommended to update to the newest version of the Universal Proxy 3.0.2 or 4.1.2 | source |
| LastPass | Other products | | | Not vuln | | | | source |
| LaunchDarkly | All | | | | | | | LaunchDarkly Statement |
| LeanIX | All | All | Not vuln | Fix | | | | source |
| Lecia biosystem | Aperio AT2 | | | Not vuln | | | | source |
| Lecia biosystem | Aperio AT2 DX | | | Not vuln | | | | source |
| Lecia biosystem | Aperio CS2 | | | Not vuln | | | | source |
| Lecia biosystem | Aperio eSlide Manager | | | Not vuln | | | | source |
| Lecia biosystem | Aperio GT 450 | | | Not vuln | | | | source |
| Lecia biosystem | Aperio GT 450 DX | | | Not vuln | | | | source |
| Lecia biosystem | Aperio ImageScope | | | Not vuln | | | | source |
| Lecia biosystem | Aperio ImageScope DX | | | Not vuln | | | | source |
| Lecia biosystem | Aperio LV1 | | | Not vuln | | | | source |
| Lecia biosystem | Aperio SAM DX Server For GT 450 DX | | Vulnerable | Not vuln | | | Uses Mirth Connect - See supplier Vyaire Medical further in the list | source |
| Lecia biosystem | Aperio Scanner Administration Manager (SAM) Server for GT 450 | | | Not vuln | | | Uses Mirth Connect - See supplier Vyaire Medical further in the list | source |
| Lecia biosystem | Aperio VERSA | | Vulnerable | Not vuln | | | | source |
| Lecia biosystem | Aperio WebViewer DX | | | Not vuln | | | | source |
| Lecia biosystem | BOND Controller | | | Not vuln | | | | source |
| Lecia biosystem | BOND RX / RXm | | | Not vuln | | | | source |
| Lecia biosystem | BOND-ADVANCE | | | Not vuln | | | | source |
| Lecia biosystem | BOND-III | | | Not vuln | | | | source |
| Lecia biosystem | BOND-MAX | | | Not vuln | | | | source |
| Lecia biosystem | CEREBRO | | Vulnerable | Not vuln | | | Uses Mirth Connect - See supplier Vyaire Medical further in the list | source |
| Lecia biosystem | CytoVision | | | Not vuln | | | | source |
| Lecia biosystem | HistoCore PEARL | | | Not vuln | | | | source |
| Lecia biosystem | HistoCore PEGASUS | | | Not vuln | | | | source |
| Lecia biosystem | HistoCore SPECTRA CV | | | Not vuln | | | | source |
| Lecia biosystem | HistoCore SPECTRA ST | | | Not vuln | | | | source |
| Lecia biosystem | HistoCore SPIRIT ST | | | Not vuln | | | | source |
| Lecia biosystem | HistoCore SPRING ST | | | Not vuln | | | | source |
| Lecia biosystem | Leica ASP300S | | | Not vuln | | | | source |
| Lecia biosystem | Leica CV5030 | | | Not vuln | | | | source |
| Lecia biosystem | Leica ST4020 | | | Not vuln | | | | source |
| Lecia biosystem | Leica ST5010 | | | Not vuln | | | | source |
| Lecia biosystem | Leica ST5020 | | | Not vuln | | | | source |
| Lecia biosystem | Leica TP1020 | | | Not vuln | | | | source |
| Lecia biosystem | LIS Connect | | Vulnerable | Not vuln | | | Uses Mirth Connect - See supplier Vyaire Medical further in the list | source |
| Lecia biosystem | PathDX | | | Not vuln | | | | source |
| Lecia biosystem | ThermoBrite Elite | | | Not vuln | | | | source |
| Leica BIOSYSTEMS | Aperio AT2 | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio AT2 DX | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio CS2 | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio eSlide Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio GT 450 | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio GT 450 DX | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio ImageScope | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio ImageScope DX | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio LV1 | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio SAM DX Server For GT 450 DX | | | Investigation | | | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio Scanner Administration Manager (SAM) Server for GT 450 | | | Investigation | | | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio VERSA | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Aperio WebViewer DX | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | BOND Controller | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | BOND RX | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | BOND RXm | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | BOND-ADVANCE | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | BOND-III | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | BOND-MAX | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | CEREBRO | | | Investigation | | | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | CytoVision | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | HistoCore PEARL | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | HistoCore PEGASUS | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | HistoCore SPECTRA CV | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | HistoCore SPECTRA ST | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | HistoCore SPIRIT ST | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | HistoCore SPRING ST | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Leica ASP300S | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Leica CV5030 | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Leica ST4020 | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Leica ST5010 | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Leica ST5020 | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | Leica TP1020 | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | LIS Connect | | | Investigation | | | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | PathDX | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Leica BIOSYSTEMS | ThermoBrite Elite | | Not vuln | Not vuln | Not vuln | Not vuln | | Leica BIOSYSTEMS Advisory Link |
| Lenovo | Any 5594 UPS unit | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Any 5595 UPS unit | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | B300 FC SAN Switch | 2.0.0, 2.1.0, 2.1.1 | Not vuln | Workaround | | | | source |
| Lenovo | B6505 FC SAN Switch | 2.0.0, 2.1.0, 2.1.1 | Not vuln | Workaround | | | | source |
| Lenovo | B6510 FC SAN Switch | 2.0.0, 2.1.0, 2.1.1 | Not vuln | Workaround | | | | source |
| Lenovo | BIOS/UEFI | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Chassis Management Module 2 (CMM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Cloud Deploy | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Commercial Vantage | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Confluent | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | CP-CB-10 (Lenovo) | | | Vulnerable | | | | source |
| Lenovo | CP-CB-10E (Lenovo) | | | Vulnerable | | | | source |
| Lenovo | CP-CN-10 (ThinkAgile) | | | Vulnerable | | | | source |
| Lenovo | CP-CN-10E (ThinkAgile) | | | Vulnerable | | | | source |
| Lenovo | CP-I-10 (ThinkAgile) | | | Vulnerable | | | | source |
| Lenovo | CP-SB-D20 (ThinkAgile) | | | Vulnerable | | | | source |
| Lenovo | CP-SB-D20E (ThinkAgile) | | | Vulnerable | | | | source |
| Lenovo | CP-SB-S10 (ThinkAgile) | | | Vulnerable | | | | source |
| Lenovo | CP6000 (ThinkAgile) | | | Vulnerable | | | | source |
| Lenovo | Device Intelligence (LDI) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | DM120S (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM240N (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM240S (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM3000H (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM5000F (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM5000H (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM5100F (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM600S (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM7000F (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM7000H (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM7100F (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DM7100H (ThinkSystem) | | Not vuln | Workaround | | | | source |
| Lenovo | DSS-G | | | Vulnerable | | | | source |
| Lenovo | Dynamic System Analysis (DSA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Eaton UPS Network Management Card (NMC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Embedded System Management Java-based KVM clients | | Not vuln | Not vuln | Not vuln | Not vuln | | Apache Log4j Vulnerability |
| Lenovo | Fan Power Controller (FPC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Fan Power Controller2 (FPC2) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | GCM16 Global Console Managers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | GCM32 Global Console Managers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | IBM Advanced Management Module (AMM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | IBM GCM16 Global Console Managers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | IBM GCM32 Global Console Managers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | IBM LCM16 Local Console Managers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | IBM LCM8 Local Console Managers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Integrated Management Module II (IMM2) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | LCM16 Local Console Managers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | LCM8 Local Console Managers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | NetApp ONTAP Tools for VMware vSphere | | | Vulnerable | | | See https://security.netapp.com/advisory/ntap-20211210-0007/ NetApp advisory. | Apache Log4j Vulnerability |
| Lenovo | Network Switches | | Not vuln | Not vuln | Not vuln | Not vuln | Lenovo CNOS, Lenovo ENOS, IBM ENOS, Brocade FOS | source |
| Lenovo | Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade FOS | | Not vuln | Not vuln | Not vuln | Not vuln | | Apache Log4j Vulnerability |
| Lenovo | P920 Rack Workstation | | | Vulnerable | | | Patch 2021-12-20 | source |
| Lenovo | Patch for MEM | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | SR530 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR550 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR570 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR590 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR630 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR630 V2 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR645 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR650 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR650 V2 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR665 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR850 V2 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | SR860 V2 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | ST550 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | ST558 (ThinkSystem) | | | Vulnerable | | | | source |
| Lenovo | Storage Management utilities | | | Investigation | | | | Apache Log4j Vulnerability |
| Lenovo | System Management Module (SMM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | System Management Module 2 (SMM2) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | System Update | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Thin Installer | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | ThinkAgile HX | | | Vulnerable | | | Nutanix and VMware components only; hardware not affected. See https://download.nutanix.com/alerts/Security_Advisory_0023.pdf Nutanix and https://www.vmware.com/security/advisories/VMSA-2021-0028.html VMWare advisories. | Apache Log4j Vulnerability |
| Lenovo | ThinkAgile HX (VMware Components) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | ThinkAgile VX | | | Vulnerable | | | VMware components only; hardware not affected. See https://www.vmware.com/security/advisories/VMSA-2021-0028.html VMWare advisory. | Apache Log4j Vulnerability |
| Lenovo | ThinkAgile VX (VMware Components) | | Not vuln | Fix | | | | source |
| Lenovo | ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T | | Not vuln | Fix | | | | source |
| Lenovo | ThinkSystem DB400D FC Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | ThinkSystem DB610S FC Switch | 2.0.0, 2.1.0, 2.1.1 | Not vuln | Workaround | | | | source |
| Lenovo | ThinkSystem DB620S FC Switch | 2.0.0, 2.1.0, 2.1.1 | Not vuln | Workaround | | | | source |
| Lenovo | ThinkSystem DB630S FC Switch | 2.0.0, 2.1.0, 2.1.1 | Not vuln | Workaround | | | | source |
| Lenovo | ThinkSystem DB720S FC Switch | 2.0.0, 2.1.0, 2.1.1 | Not vuln | Workaround | | | | source |
| Lenovo | ThinkSystem DB800D FC Switch | 2.0.0, 2.1.0, 2.1.1 | Not vuln | Workaround | | | | source |
| Lenovo | ThinkSystem DE Series Storage | 2.0.0, 2.1.0, 2.1.1 | Not vuln | Workaround | | | | source |
| Lenovo | ThinkSystem Digital 2x1x16 KVM Switch, 1754-D1T | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | ThinkSystem DM Series Storage | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | ThinkSystem DS Series Storage | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | ThinkSystem Manager (TSM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Update Retriever | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | UPS Network Management Card, p/n 46M4110 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Vantage | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | Vertiv rPDUs for Lenovo | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | XClarity Administrator | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | XClarity Administrator (LXCA) | | | Vulnerable | | | | Apache Log4j Vulnerability |
| Lenovo | XClarity Controller (XCC) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | XClarity Energy Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | XClarity Energy Manager (LXEM) | | | Vulnerable | | | | Apache Log4j Vulnerability |
| Lenovo | XClarity Essentials (LXCE) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | xClarity Integrator | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | XClarity Integrator (LXCI) for Microsoft Azure Analytics | | Not vuln | Fix | | | | source |
| Lenovo | XClarity Integrator (LXCI) for Microsoft Azure Log Analytics | | | Investigation | | | | Apache Log4j Vulnerability |
| Lenovo | XClarity Integrator (LXCI) for Microsoft System Center | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | XClarity Integrator (LXCI) for Nagios | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | XClarity Integrator (LXCI) for ServiceNow | | | Vulnerable | | | Patch 2021-12-20 | source |
| Lenovo | XClarity Integrator (LXCI) for VMware vCenter | | | Vulnerable | | | | Apache Log4j Vulnerability |
| Lenovo | XClarity Integrator (LXCI) for Windows Admin Center | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | XClarity Mobile (LXCM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Lenovo | XClarity Orchestrator (LXCO) | | | Vulnerable | | | Patch 2021-12-21 | source |
| Lenovo | XClarity Provisioning Manager (LXPM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| LeoStream | All | | | | | | | LeoStream Discussion |
| Let's Encrypt | All | | | | | | | Let's Enrypt Statement |
| LibreNMS | All | | | | | | | LibreNMS Statement |
| LifeRay | All | | | | | | | LifeRay Blog |
| LifeSize | All | | | | | | | LifeSize Statement |
| Lightbend | Akka | | | Not vuln | | | | source |
| Lightbend | Akka Serverless | | | Not vuln | | | | source |
| Lightbend | Lagom Framework | | | Not vuln | | | Users that switched from logback to log4j (non-default) are affected | source |
| Lightbend | Play Framework | | | Not vuln | | | Users that switched from logback to log4j (non-default) are affected | source |
| Lime CRM | All | | | | | | | Lime CRM Statement |
| Liongard | All | | | Not vuln | Not vuln | Investigation | | source |
| LiquidFiles | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| LiveAction | LiveNA | <21.5.1 | Not vuln | Fix | | | | source |
| LiveAction | LiveNX | <21.5.1 | Not vuln | Fix | | | | source |
| Loftware | All | | | | | | | Loftware |
| LOGalyze | SIEM & log analyzer tool | v4.x | | Vulnerable | | | local-log4j-vuln-scanner result: indicator for vulnerable component found in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j 1.2.17 | abandoned open-source software repo (sourceforge.net) |
| LogiAnalytics | All | | | | | | | LogiAnalytics Statement |
| LogicMonitor | Platform | | Not vuln | Not vuln | Not vuln | Not vuln | | Log4j Security Vulnerabilities |
| LogMeIn | All | | | | | | | LogMeIn Statement |
| LogRhythm | SIEM | 7.4-7.8 | Not vuln | Workaround | | | Link is behind a login | source |
| LogZilla | NEO | All | Not vuln | Not vuln | Not vuln | Not vuln | LogZilla's engine is C++ | |
| Looker | All | 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 | Not vuln | Fix | | | | Looker Statement |
| LucaNet | All | 12 LTS - 1911.0.192+3, 13 LTS - 2011.0.112+7, 22 LTS - 2111.0.11+9 | Not vuln | Fix | | | | source |
| Lucee | All | | | | | | | Lucee Statement |
| Lyrasis | DSpace | 7.1.1 | Not vuln | Fix | | | | source |
| Lyrasis | Fedora Repository | 3.x,4.x,5.x,6.x | Not vuln | Not vuln | Not vuln | Not vuln | Fedora Repository is unaffiliated with Fedora Linux. Uses logback and explicitly excludes log4j. | Fedora Repository Statement |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| MMM Group | Control software of all MMM series | | | | | | | link |
| MMM Group | RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server | | | | | | | link |
| Mitsubishi Electric Corporation | CC-Link IE TSN | <=1.02C | | Vulnerable | | | Product number: SW1DNN-GN610SRC-M | link |
| Mitsubishi Electric Corporation | CC-Link IE TSN | | | Fix | | | Product number: SW1DNN-GN610SRC-M | link |
| Macrium Software | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mailcow | Solr Docker | < 1.8 | Not vuln | Fix | | | | source |
| MailStore | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Maltego | All | | | | | | | Maltego Response to Logj4 |
| ManageEngine | ADAudit Plus | | Not vuln | Workaround | Workaround | Workaround | | source |
| ManageEngine | ADManager Plus | | Not vuln | Workaround | Workaround | Workaround | | source |
| ManageEngine | Desktop Central | 10.1.2127.20 | Fix | Not vuln | Not vuln | Not vuln | | source |
| ManageEngine | EventLog Analyzer | | Not vuln | Workaround | Workaround | Workaround | | source |
| ManageEngine | Servicedesk Plus | 11305 and below | | Vulnerable | | | | Manage Engine Advisory |
| ManageEngine Zoho | ADAudit Plus | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | ADManager Plus | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | ADSelfService Plus | | Not vuln | Not vuln | Not vuln | Not vuln | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | All | | | | | | | Manage Engine Link |
| ManageEngine Zoho | Analytics Plus | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | Cloud Security Plus | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | DataSecurity Plus | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | EventLog Analyzer | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | Exchange Reporter Plus | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | Log360 | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | Log360 UEBA | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | M365 Manager Plus | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | M365 Security Plus | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| ManageEngine Zoho | RecoveryManager Plus | On-Prem | | | | | | ManageEngine Vulnerability Impact |
| MariaDB | All | | | | | | | MariaDB Statement |
| Mathworks | All MathWorks general release desktop or server products | | Not vuln | Not vuln | Not vuln | Not vuln | | MathWorks statement regarding CVE-2021-44228 |
| Mathworks | MATLAB | All | | Not vuln | | | | source |
| MathWorks Matlab | All | | | | | | | MathWorks Matlab Statement |
| Matillion | All | | | | | | | Matillion Security Advisory |
| Matomo | All | | | | | | | Matomo Statement |
| Mattermost | All | | | Not vuln | | | | source |
| Mattermost FocalBoard | All | | | | | | | Mattermost FocalBoard Concern |
| McAfee | Active Response (MAR) | | | Not vuln | | | Standalone MAR not vulnerable, for MAR included in bundle see TIE | source |
| McAfee | Agent (MA) | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Application and Change Control (MACC) for Linux | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Application and Change Control (MACC) for Windows | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Client Proxy (MCP) for Mac | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Client Proxy (MCP) for Windows | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Data Exchange Layer (DXL) | | | Not vuln | | | | source |
| McAfee | Data Exchange Layer (DXL) Client | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Data Loss Prevention (DLP) Discover | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Data Loss Prevention (DLP) Endpoint for Mac | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Data Loss Prevention (DLP) Endpoint for Windows | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Data Loss Prevention (DLP) Monitor | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Data Loss Prevention (DLP) Prevent | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Drive Encryption (MDE) | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Endpoint Security (ENS) for Linux | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Endpoint Security (ENS) for Mac | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Endpoint Security (ENS) for Windows | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Enterprise Security Manager (ESM) | 11.x | Not vuln | Workaround | | | | source |
| McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | | | Not vuln | | | | source |
| McAfee | ePolicy Orchestrator Application Server (ePO) | <= 5.10 CU10 | | Not vuln | | | | source |
| McAfee | ePolicy Orchestrator Application Server (ePO) | 5.10 CU11 | Not vuln | Workaround | | | | source |
| McAfee | Host Intrusion Prevention (Host IPS) | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Management of Native Encryption (MNE) | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Network Security Manager (NSM) | | | Not vuln | | | | source |
| McAfee | Network Security Platform (NSP) | | | Not vuln | | | | source |
| McAfee | Policy Auditor | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Security for Microsoft Exchange (MSME) | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Security for Microsoft SharePoint (MSMS) | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| McAfee | Threat Intelligence Exchange (TIE) | 2.2, 2.3, 3.0 | Not vuln | Workaround | | | | source |
| McAfee | Web Gateway (MWG) | | Not vuln | Fix | | | | source |
| Medtronic | All | | | Investigation | | | | Medtronic Advisory Link |
| Meinberg | LANTIME | All | | Not vuln | | | | source |
| Meinberg | microSync | All | | Not vuln | | | | source |
| Meltano | All | | Not vuln | Not vuln | Not vuln | Not vuln | Project is written in Python | Meltano |
| Memurai | All | | | Not vuln | | | | source |
| messageconcept | PeopleSync | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Metabase | All | <0.41.4 | Not vuln | Fix | | | Mitigations available for earlier versions | source |
| Micro Focus | ArcSight Connectors | 8.2 and above | | Vulnerable | | | | source |
| Micro Focus | ArcSight ESM | 7.2, 7.5 | | Vulnerable | | | | source |
| Micro Focus | ArcSight Intelligence | All | | Vulnerable | | | | source |
| Micro Focus | ArcSight Logger | 7.2 and above | | Vulnerable | | | | source |
| Micro Focus | ArcSight Recon | All | | Vulnerable | | | | source |
| Micro Focus | ArcSight Transformation Hub | All | | Vulnerable | | | | source |
| Micro Focus | Data Protector | All | | Vulnerable | | | Workaround only for supported versions. Earlier versions are not checked/worked on. | workaround source |
| Micro Focus | Silk Performer | 21.0 | | Vulnerable | | | Workaround | source workaround |
| Micro Focus | Silk Test | 20.0 up to 21.0.1 (included) | | Vulnerable | | | Workaround | source workaround |
| MicroFocus | All | | | | | | | MicroFocus Statement |
| Microsoft | Azure AD | | | Not vuln | | | ADFS itself is not vulnerable, federation providers may be | source |
| Microsoft | Azure API Gateway | | Not vuln | Not vuln | Not vuln | Not vuln | | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 |
| Microsoft | Azure App Service | | | Not vuln | | | This product itself is not vulnerable, Microsoft provides guidance on remediation for hosted applications | source |
| Microsoft | Azure Application Gateway | | | Not vuln | | | | source |
| Microsoft | Azure Data Lake Store Java | < 2.3.10 | Not vuln | Not vuln | Not vuln | Not vuln | Fix has been made to upgrade log4j-core. But this dependency has scope 'test' meaning it is not part of the final product/artifact. So there's no risk for end users here. | source |
| Microsoft | Azure DevOps | | | Not vuln | | | | source |
| Microsoft | Azure DevOps Server | 2019-2020.1 | | Vulnerable | | | When Azure DevOps Server Search is configured. Uses Elasticsearch OSS 6.2.4 (vulnerable) see Elasticsearch above for mitigation | source |
| Microsoft | Azure Front Door | | | Not vuln | | | | source |
| Microsoft | Azure Traffic Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 |
| Microsoft | Azure WAF | | | Not vuln | | | | source |
| Microsoft | Cosmos DB Kafka Connector | 1.2.1 | | Fix | | | | source |
| Microsoft | Defender for IoT | 10.5.2 | Not vuln | Fix | | | | source |
| Microsoft | Events Hub Extension | 3.3.1 | | Fix | | | | source |
| Microsoft | Kafka Connect for Azure Cosmo DB | < 1.2.1 | Not vuln | Fix | | | | source |
| Microsoft | Minecraft Java Edition | 1.18.1 | Not vuln | Fix | | | | source fix |
| Microsoft | Team Foundation Server | 2018.2+ | | Vulnerable | | | When Team Foundation Server Search is configured. Uses Elasticsearch OSS 5.4.1 (vulnerable) see Elasticsearch above for mitigation | source |
| MicroStrategy | Secure Enterprise | 11.1.7+ 11.2.x 11.3.x | Not vuln | Workaround | | | Workaround available, Update scheduled for Week 51/2021 | source |
| MIDITEC | All | | Not vuln | Not vuln | Not vuln | Not vuln | MTZ Time uses Log4j v1.x | source |
| Midori Global | All | | | | | | | Midori Global Statement |
| Mikrotik | All | | | | | | | Mikrotik Statement |
| Milestone | VMS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Milestone sys | All | | | | | | | Milestone sys Statement |
| Mimecast | All | | | | | | | Mimecast Information |
| Minecraft | All | | | | | | | Minecraft Vulnerability Message |
| Mirantis | Container Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mirantis | Container Runtime | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mirantis | K0s | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mirantis | Kubernetes Engine | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mirantis | Lens | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mirantis | OpenStack | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mirantis | Secure Registry | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Miro | All | | | | | | | Miro Log4j Updates |
| MISP | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | CMG Suite | All | | Investigation | | | | source |
| Mitel | InAttend | All | | Investigation | | | | source |
| Mitel | Interaction Recording (MIR) | 6.3 to 6.7 | Not vuln | Fix | | | see SA211213-17 | source |
| Mitel | Management Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | Management Portal | All | | Investigation | | | | source |
| Mitel | MiCollab | >=7.1 to <=9.4 | Not vuln | Workaround | Workaround | | Below v7.0 not vuln, https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/log4j_micollab_remediation_details.pdf Fix | source |
| Mitel | MiContact Center Enterprise | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | MiContact Center Business | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | MiVoice 5000 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | MiVoice Border Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | MiVoice Business | All (excluding EX) | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | MiVoice Business EX and MiConfig Wizard | 9.2 only | Not vuln | Fix | | | | source |
| Mitel | MiVoice Call Recording | All | | Investigation | | | | source |
| Mitel | MiVoice Connect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | MiVoice MX-ONE | 7.4 only | Not vuln | Fix | | | | source |
| Mitel | MiVoice Office 400 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | Mobility Router | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | Open Integration Gateway (OIG) | All | | Investigation | | | | source |
| Mitel | Performance Analytics Server and Probe | All | | Investigation | | | | source |
| Mitel | Standard Linux (MSL) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mitel | Virtual Reception | All | | Investigation | | | | source |
| Mitsubishi | CS-141 | Not vuln | Not vuln | Not vuln | Not vuln | | https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png | |
| Mitsubishi | LookUPS N002 | Not vuln | Not vuln | Not vuln | Not vuln | | https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png | |
| Mitsubishi | LookUPS N003 | Not vuln | Not vuln | Not vuln | Not vuln | | https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png | |
| Mitsubishi | MUCM | Not vuln | Not vuln | Not vuln | Not vuln | | https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png | |
| Mitsubishi | Netcom | Not vuln | Not vuln | Not vuln | Not vuln | | https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png | |
| Mitsubishi | Netcom 2 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| MobileIron | Core | All | Not vuln | Fix | | | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source |
| MobileIron | Core Connector | All | Not vuln | Fix | | | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source |
| MobileIron | Reporting Database (RDB) | All | Not vuln | Fix | | | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source |
| MobileIron | Sentry | 9.13, 9.14 | Not vuln | Fix | | | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source |
| MONARC | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| MongoDB | Atlas | | Not vuln | Not vuln | Not vuln | Not vuln | Including Atlas Database, Data Lake, Charts | source |
| MongoDB | Atlas Search | | Not vuln | Fix | | | Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered. | source |
| MongoDB | Community Edition | | Not vuln | Not vuln | Not vuln | Not vuln | Including Community Server, Cloud Manager, Community Kubernetes Operators. | source |
| MongoDB | Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| MongoDB | Drivers | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| MongoDB | Enterprise Advanced | | Not vuln | Not vuln | Not vuln | Not vuln | Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators. | source |
| MongoDB | Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| MongoDB | Realm | | Not vuln | Not vuln | Not vuln | Not vuln | including Realm Database, Sync, Functions, APIs | source |
| MongoDB | Realm (including Realm Database, Sync, Functions, APIs) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| MongoDB | Tools | | Not vuln | Not vuln | Not vuln | Not vuln | Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors | source |
| MongoDB | Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Moodle | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| MoogSoft | All | | | | | | | MoogSoft Vulnerability Information |
| Motorola Avigilon | All | | | | | | | Motorola Avigilon Technical Notification |
| Moxa | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Mulesoft | All | | | | | | This advisory is available to customers only and has not been reviewed by CISA | Mulesoft Statement |
| Mulesoft | Anypoint Studio | 7.x | Not vuln | Fix | | | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 |
| Mulesoft | Cloudhub | | Not vuln | Fix | | | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 |
| Mulesoft | Mule Agent | 6.x | Not vuln | Fix | | | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 |
| Mulesoft | Mule Runtime | 3.x,4.x | Not vuln | Fix | | | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| Panasonic | KX-HDV100 | | | Not vuln | | | | link |
| Panasonic | KX-HDV130 | | | Not vuln | | | | link |
| Panasonic | KX-HDV230 | | | Not vuln | | | | link |
| Panasonic | KX-HDV330 | | | Not vuln | | | | link |
| Panasonic | KX-HDV340 | | | Not vuln | | | | link |
| Panasonic | KX-HDV430 | | | Not vuln | | | | link |
| Panasonic | KX-HDV800 | | | Not vuln | | | | link |
| Panasonic | KX-TGP500 | | | Not vuln | | | | link |
| Panasonic | KX-TGP550 | | | Not vuln | | | | link |
| Panasonic | KX-TGP600 | | | Not vuln | | | | link |
| Panasonic | KX-TGP700 | | | Not vuln | | | | link |
| Panasonic | KX-UDS124 | | | Not vuln | | | | link |
| Panasonic | KX-UT113 | | | Not vuln | | | | link |
| Panasonic | KX-UT123 | | | Not vuln | | | | link |
| Panasonic | KX-UT133 | | | Not vuln | | | | link |
| Panasonic | KX-UT136 | | | Not vuln | | | | link |
| Panasonic | KX-UT248 | | | Not vuln | | | | link |
| Panasonic | KX-UT670 | | | Not vuln | | | | link |
| Procentec (HMS Group) | All | | | Not vuln | | | | link |
| Paessler | PRTG | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PagerDuty | Rundeck | 3.3+ | Not vuln | Fix | | | | source fix |
| PagerDuty | SaaS | | Not vuln | Fix | | | We currently see no evidence of compromises on our platform. Our teams continue to monitor for new developments and for impacts on sub-processors and dependent systems. PagerDuty SaaS customers do not need to take any additional action for their PagerDuty SaaS environment | PagerDuty Log4j Zero-Day Vulnerability Updates |
| Palantir | AI Inference Platform (AIP) | All | Not vuln | Fix | | | Fully remediated as of 1.97.0. Disconnected customer instances may require manual updates. | Palantir Response to Log4j Vulnerability (palantir.com) |
| Palantir | Apollo | All | Not vuln | Not vuln | Not vuln | Not vuln | No impact, and updates have been deployed for full remediation. | Palantir Response to Log4j Vulnerability (palantir.com) |
| Palantir | Foundry | All | Not vuln | Fix | | | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | Palantir Response to Log4j Vulnerability (palantir.com) |
| Palantir | Gotham | All | Not vuln | Fix | | | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | Palantir Response to Log4j Vulnerability (palantir.com) |
| Palo Alto | Bridgecrew | | | Not vuln | | | | source |
| Palo Alto | CloudGenix | | | Not vuln | | | | source |
| Palo Alto | Cortex XDR Agent | | | Not vuln | | | | source |
| Palo Alto | Cortex XSOAR | | | Not vuln | | | | source |
| Palo Alto | Exact Data Matching CLI | < 1.2 | | Vulnerable | | | >= 1.2 Not vuln | source |
| Palo Alto | GlobalProtect App | | | Not vuln | | | | source |
| Palo Alto | PAN-OS for Firewall and Wildfire | | | Not vuln | | | | source |
| Palo Alto | PAN-OS for Panorama | < 9.0.15, < 10.0.8-h8, < 9.1.12-h3 | | Fix | Fix | Fix | 8.1., 10.1., >= 9.0.15, >= 10.0.8-h8, >= 9.1.12-h3 Not vuln | source |
| Palo Alto | Prisma Cloud | | | Not vuln | | | | source |
| Palo Alto | Prisma Cloud Compute | | | Not vuln | | | | source |
| Palo Alto | WildFire Appliance | | | Not vuln | | | | source |
| Palo-Alto Networks | Bridgecrew | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | CloudGenix | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Cortex Data Lake | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Cortex XDR Agent | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Cortex Xpanse | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Cortex XSOAR | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Exact Data Matching CLI | 1.2 | Not vuln | Fix | Fix | Investigation | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Expedition | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | GlobalProtect App | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | IoT Security | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Okyo Grade | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | PAN-DB Private Cloud | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | PAN-OS for Firewall and Wildfire | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | PAN-OS for Panorama | 9.0.15, 9.1.12-h3, 10.0.8-h8 | Not vuln | Fix | | | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Prisma Access | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Prisma Cloud | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Prisma Cloud Compute | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | Prisma SD-WAN (CloudGenix) | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | SaaS Security | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | User-ID Agent | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | WildFire Appliance | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Palo-Alto Networks | WildFire Cloud | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com) |
| Panopto | All | | | | | | | Panopto Support Link |
| PaperCut | Hive | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PaperCut | MF | >= 21.0 | Not vuln | Workaround | | | | source |
| PaperCut | MobilityPrint | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PaperCut | MultiVerse | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PaperCut | NG | >= 21.0 | Not vuln | Workaround | | | | source |
| PaperCut | Online Services | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PaperCut | Pocket | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PaperCut | Print Logger | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PaperCut | Views | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Parallels | Remote Application Server | All | | Not vuln | | | | source |
| Parse.ly | All | | | | | | | Parse.ly Blog Post |
| PBXMonitor | RMM for 3CX PBX | | Not vuln | Not vuln | Not vuln | Not vuln | Mirror Servers were also checked to ensure Log4J was not installed or being used by any of our systems. | PBXMonitor Changelog |
| PDQ | Deploy | All | | Investigation | | | | source |
| PDQ | Inventory | All | | Investigation | | | | source |
| Pega | Platform | 7.3.x - 8.6.x | Not vuln | Fix | | | Hotfixes made available for registered customers by Pega. When using Stream nodes, the embedded Kafka instances require a separate hotfix to be installed. | source |
| Pentaho | All | | | | | | | Pentaho Support Link |
| Pepperl+Fuchs | All | | | Investigation | | | | Pepperl+Fuchs Advisory Link |
| Percona | All | | | | | | | Percona Blog Post |
| Personio | All | | | Fix | Investigation | | | source |
| Pexip | Endpoint Activation | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Pexip | Eptools | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Pexip | Infinity | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Pexip | Infinity Connect client | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Pexip | Microsoft Teams Connector | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Pexip | My Meeting Video | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Pexip | Reverse Proxy and TURN Server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Pexip | Service | All | Not vuln | Fix | | | | source |
| Pexip | VMR self-service portal | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Phenix Id | All | | | | | | | Phenix Id Support Link |
| Philips | Event Analytics (All Vue PACS Versions) | All | | Vulnerable | | | | source |
| Philips | HealthSuite Marketplace | 1.2 | | Fix | | | Philips hosting environment has deployed a patch. | source |
| Philips | IntelliBridge Enterprise | B.13 and B.15 | | Vulnerable | | | Software only products with customer owned Operating Systems. For products solutions where the server was provided it is customer responsibility to validate and deploy patches. | source |
| Philips | IntelliSite Pathology Solution 5.1 | L1 | | Vulnerable | | | | source |
| Philips | IntelliSpace Enterprise | v11 and above | | Fix | | | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | source |
| Philips | IntelliSpace PACS | | Not vuln | Workaround | | | Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers. | source |
| Philips | IntelliSpace Portal Server/workstation | v9 and above | | | | | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | |
| Philips | IntelliSpace Precision Medicine | | | Vulnerable | | | Software only products with customer owned Operating Systems. For products solutions where the server was provided it is customer responsibility to validate and deploy patches. | source |
| Philips | Multiple products | | | | | | | Philips Security Advisory |
| Philips | Pathology De-identifier 1.0 | L1 | | Vulnerable | | | | source |
| Philips | Performance Bridge | 2.0 with Practice | | Fix | | | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | source |
| Philips | Performance Bridge | 3.0 | | Fix | | | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | source |
| Philips | Pinnacle | 18.x | | Vulnerable | | | | source |
| Philips | Protocol Analytics | 1.1 | | Fix | | | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | source |
| Philips | Protocol Applications | 1.1 | | Vulnerable | | | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. | source |
| Philips | Report Analytics (All Vue PACS Versions) | All | | Vulnerable | | | | source |
| Philips | RIS Clinic | | | Vulnerable | | | | source |
| Philips | Scanner Protocol Manager | 1.1 | | Vulnerable | | | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. | source |
| Philips | Tasy EMR | | | Vulnerable | | | Software only products with customer owned Operating Systems. For products solutions where the server was provided it is customer responsibility to validate and deploy patches. | source |
| Philips | Universal Data Manager (UDM) | | | Vulnerable | | | Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers. | source |
| Philips | VuePACS | 12.2.8 | | Vulnerable | | | | source |
| Phoenix Contact | Cloud Services | | | Fix | Fix | Fix | Cloud Services were either not vulnerable or are completely fixed. No exploits observed. | source |
| Phoenix Contact | Physical products containing firmware | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Phoenix Contact | Software products | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Ping Identity | PingAccess | 4.0 <= version <= 6.3.2 | Not vuln | Fix | | | | Log4j2 vulnerability CVE-2021-44228 |
| Ping Identity | PingCentral | | Not vuln | Fix | | | | Log4j2 vulnerability CVE-2021-44228 |
| Ping Identity | PingFederate | 8.0 <= version <= 10.3.4 | Not vuln | Fix | | | | Log4j2 vulnerability CVE-2021-44228 |
| Ping Identity | PingFederate Java Integration Kit | < 2.7.2 | Not vuln | Fix | | | | Log4j2 vulnerability CVE-2021-44228 |
| Ping Identity | PingFederate OAuth Playground | < 4.3.1 | Not vuln | Fix | | | | Log4j2 vulnerability CVE-2021-44228 |
| Ping Identity | PingIntelligence | | Not vuln | Fix | | | | Log4j2 vulnerability CVE-2021-44228 |
| Pitney Bowes | All | | | | | | | Pitney Bowes Support Link |
| Planmeca | All | | | | | | | Planmeca Link |
| Planon Software | Planon Universe | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Platform.SH | All | | | | | | | Platform.SH Blog Post |
| Plesk | All | | | | | | | Plesk Support Link |
| Plex | Industrial IoT | | Not vuln | Not vuln | Not vuln | Not vuln | Mitigation already applied, patch will be issued today | source |
| Plex | Media Server | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Polycom | Cloud Relay (OTD and RealConnect hybrid use case) | | | Investigation | | | | source |
| Polycom | Poly Clariti Core/Edge (a.k.a. DMA/CCE) | 9.0 and above | Not vuln | Fix | | | | source |
| Polycom | Poly Clariti Relay version 1.x | 1.0.2 | Not vuln | Fix | | | | source |
| Polycom | Poly RealConnect for Microsoft Teams and Skype for Business | | Not vuln | Workaround | | | | source |
| Polycom | RealAccess | | Not vuln | Workaround | | | | source |
| Portainer | All | | | | | | | Portainer Blog Post |
| Portex | All | <3.0.2 | Not vuln | Fix | | | | source |
| PortSwigger | All | | | | | | | PortSwigger Forum |
| Postgres | PostgreSQL JDBC | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PostGreSQL | All | | | | | | | PostGreSQL News |
| Postman | All | | | | | | | Postman Support Link |
| Power Admin LLC | PA File Sight | NONE | Not vuln | Not vuln | Not vuln | Not vuln | | Update December 2021: None of our products (PA Server Monitor, PA Storage Monitor, PA File Sight and PA WatchDISK), and none of our websites, use log4j. One less thing to worry about |
| Power Admin LLC | PA Server Monitor | NONE | Not vuln | Not vuln | Not vuln | Not vuln | | Update December 2021: None of our products (PA Server Monitor, PA Storage Monitor, PA File Sight and PA WatchDISK), and none of our websites, use log4j. One less thing to worry about |
| Power Admin LLC | PA Storage Monitor | NONE | Not vuln | Not vuln | Not vuln | Not vuln | | Update December 2021: None of our products (PA Server Monitor, PA Storage Monitor, PA File Sight and PA WatchDISK), and none of our websites, use log4j. One less thing to worry about |
| PowerDNS | Authoritative | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PowerDNS | dnsdist | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PowerDNS | Recursor | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Pretix | All | | | | | | | Pretix Blog Post |
| PrimeKey | All | | | | | | | PrimeKey Support Link |
| Procentec (HMS Group | All | | Not vuln | Not vuln | Not vuln | Not vuln | | Procentec Product Notification |
| Progress | DataDirect Hybrid Data Pipeline | | Not vuln | Workaround | | | | source mitigations |
| Progress | OpenEdge | | Not vuln | Workaround | | | | source mitigations |
| Progress / IpSwitch | All | | | | | | | Progress / IpSwitch Link |
| Proofpoint | Archiving Appliance | | | Vulnerable | | | | source |
| Proofpoint | Archiving Backend | | Not vuln | Fix | | | | source |
| Proofpoint | Cloud App Security Broker | | | Fix | | | | source |
| Proofpoint | Cloudmark Cloud/Cloudmark Hybrid | | Not vuln | Fix | | | | source |
| Proofpoint | Cloudmark on Premise | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Compliance Gateway | | Not vuln | Fix | | | | source |
| Proofpoint | Content Patrol | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Data Discover | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | DLP Core Engine | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Email Continuity | | Not vuln | Fix | | | | source |
| Proofpoint | Email Fraud Defense (EFD) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Email Protection on Demand (PoD), including Email DLP and Email Encryption | | Not vuln | Fix | | | | source |
| Proofpoint | Email Security Relay | | Not vuln | Fix | | | | source |
| Proofpoint | Endpoint DLP | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Essentials Archive | | Not vuln | Fix | | | | source |
| Proofpoint | Essentials Email | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Insider Threat Management On-prem | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Insider Threat Management SaaS | | Not vuln | Fix | | | | source |
| Proofpoint | Isolation | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | ITM SaaS Endpoint Agents | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | mail Protection On-Premises (PPS), including Email DLP and Email Encryption | | Not vuln | Fix | | | | source |
| Proofpoint | Meta/ZTNA | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Nexus People Risk Explorer | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Secure Email Relay | | Not vuln | Fix | | | | source |
| Proofpoint | Secure Share | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Security Awareness Training | | Not vuln | Fix | | | | source |
| Proofpoint | Sentrion | | Not vuln | Fix | | | Version 4.4 and earlier are not vulnerable. For version 4.5 patches have been made available to remediate the vulnerability. | source |
| Proofpoint | Social Discover | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | SocialPatrol | | Not vuln | Fix | | | | source |
| Proofpoint | Targeted Attack Protection (TAP) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Threat Response (TRAP) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proofpoint | Web Gateway | | Not vuln | Fix | | | | source |
| Proofpoint | Web Security | | | Fix | | | | source |
| ProSeS | All | | | | | | | ProSeS Link |
| Prosys | All | | | | | | | Prosys News Link |
| Proxmox | Backup Server | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proxmox | Mail Gateway | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Proxmox | VE | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PRTG Paessler | All | | | | | | | PRTG Paessler Link |
| PTC | ACA Client | | Not vuln | Workaround | | | | source |
| PTC | Adapter Toolkit | | Not vuln | Workaround | | | | source |
| PTC | AdaWorld | | | Not vuln | | | | source |
| PTC | ApexAda | | | Not vuln | | | | source |
| PTC | Arbortext Editor, Styler & Publishing Engine | >8.0.0.0 | Not vuln | Workaround | | | | source |
| PTC | Arena | | | Not vuln | | | | source |
| PTC | Axeda | | Not vuln | Workaround | | | | source |
| PTC | Axeda Platform | 6.9.2 | | Vulnerable | | | | source |
| PTC | Creo Elements/Direct Model Manager | | Not vuln | Workaround | | | | source |
| PTC | Creo Parametric | | Not vuln | | | | | source |
| PTC | Creo View | | | Not vuln | | | | source |
| PTC | Flexnet License Server | | Not vuln | Workaround | | | | source |
| PTC | FlexPLM | <= 11.1 M020, 11.2.1, 12.0.0 | | Not vuln | | | | source |
| PTC | FlexPLM | 12.0.2.0 (CPS01 and CPS02) | Not vuln | Workaround | | | | source |
| PTC | FlexPLM | 12.0.2.2 (CPS03), 12.0.2.3 | | Vulnerable | | | | source |
| PTC | Implementer | | | Investigation | | | | source |
| PTC | Intellicus | >=19.1 SP11 | Not vuln | Fix | | | | source |
| PTC | OnShape | | | Not vuln | | | | source |
| PTC | Servigistics Service Parts Management | 12.1, 12.2 | Not vuln | Fix | | | | source |
| PTC | Servigistics Service Parts Pricing | 12.1, 12.2 | Not vuln | Fix | | | | source |
| PTC | ThingsWorx Analytics | 8.5,9.0,9.1,9.2, All supported versions | | Vulnerable | | | | ThingWorx Apache log4j vulnerability - Incident Response |
| PTC | ThingsWorx Platform | 8.5,9.0,9.1,9.2, All supported versions | | Vulnerable | | | | ThingWorx Apache log4j vulnerability - Incident Response |
| PTC | ThingWorx Advisor Apps | | | Not vuln | | | | source |
| PTC | ThingWorx Agents | | | Not vuln | | | | source |
| PTC | ThingWorx Analytics | 8.5, 9.0, 9.1, 9.2 | Not vuln | Workaround | | | | source |
| PTC | ThingWorx DPM | | | Not vuln | | | | source |
| PTC | ThingWorx Extensions | | Not vuln | Workaround | | | | source |
| PTC | ThingWorx Flow | 8.5, 9.0, 9.1, 9.2 | | Not vuln | | | | source |
| PTC | ThingWorx Kepware | <=1.3 | Not vuln | Workaround | | | | source |
| PTC | ThingWorx Manufacturing Apps | | | Not vuln | | | | source |
| PTC | ThingWorx Navigate | 9.1, 9.2 | Not vuln | Workaround | | | | source |
| PTC | ThingWorx Ping Federate Integration | >=9.1 | Not vuln | Workaround | | | | source |
| PTC | ThingWorx Platform | >=8.5.7 | Not vuln | Workaround | | | | source |
| PTC | ThingWorx Platform High Availability | 9.0, 9.1, 9.2 | | Not vuln | | | | source |
| PTC | WCTK | | | Not vuln | | | | source |
| PTC | Windchill PDMLink | <=11.1 M020, 11.2.1 | | Not vuln | | | | source |
| PTC | Windchill PDMLink | 12.0.2.0 (CPS01 & CPS02) | Not vuln | Workaround | | | | source |
| PTC | Windchill PDMLink | 12.0.2.2 (CPS03) | | Vulnerable | | | | source |
| PTC | Windchill Performance Advisor | | | Not vuln | | | | source |
| PTC | Windchill Rest Services | | | Not vuln | | | | source |
| PTC | Windchill RV&S (Integrity Lifecycle Manager) | 4.6/ 8.6 4.6 SP0 to 12.5 | Not vuln | Workaround | | | | source |
| PTC | Windchill Workgroup Manager | | | Not vuln | | | | source |
| PTV Group | Map&Market | > 2017 | Not vuln | Vulnerable | Vulnerable | Vulnerable | | source |
| PTV Group | Map&Market | < 2018 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Arrival Board / Trip Creator / EM Portal | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Balance and PTV Epics | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Content Update Service | 2 (on prem) | Not vuln | Fix | Fix | Vulnerable | | source |
| PTV Group | PTV Developer | | Not vuln | Fix | Fix | Vulnerable | | source |
| PTV Group | PTV Drive&Arrive | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Drive&Arrive App | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Hyperpath | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV MaaS Modeller | | Not vuln | Vulnerable | Vulnerable | Vulnerable | | source |
| PTV Group | PTV Map&Guide internet | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Map&Guide intranet | | Not vuln | Not vuln | Not vuln | Not vuln | https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information | |
| PTV Group | PTV Navigator App | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Navigator Licence Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Optima | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Road Editor | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Route Optimiser CL | | Not vuln | Vulnerable | Vulnerable | Vulnerable | | source |
| PTV Group | PTV Route Optimiser ST | (on prem - xServer2) | Not vuln | Fix | Fix | Vulnerable | | source |
| PTV Group | PTV Route Optimiser ST (TourOpt) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Route Optimizer SaaS / Demonstrator | | Not vuln | Fix | Fix | Vulnerable | | source |
| PTV Group | PTV TLN planner internet | | Not vuln | Fix | Fix | Vulnerable | | source |
| PTV Group | PTV TRE and PTV Tre-Addin | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Vissim | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Vistad Euska | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Vistro | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Visum | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV Visum Publisher | | Not vuln | Fix | Fix | Vulnerable | | source |
| PTV Group | PTV Viswalk | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV xServer | 1.34 (on prem) | Not vuln | Fix | Fix | Vulnerable | | source |
| PTV Group | PTV xServer | < 1.34 (on prem) | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| PTV Group | PTV xServer | 2 (on prem) | Not vuln | Fix | Fix | Vulnerable | | source |
| PTV Group | PTV xServer internet 1 / PTV xServer internet 2 | | Not vuln | Fix | Fix | Vulnerable | | source |
| Pulse Secure | Ivanti Connect Secure (ICS) | | | Not vuln | | | | source |
| Pulse Secure | Ivanti Neurons for secure Access | | | Not vuln | | | | source |
| Pulse Secure | Ivanti Neurons for ZTA | | | Not vuln | | | | source |
| Pulse Secure | Pulse Connect Secure | | | Not vuln | | | | source |
| Pulse Secure | Pulse Desktop Client | | | Not vuln | | | | source |
| Pulse Secure | Pulse Mobile Client | | | Not vuln | | | | source |
| Pulse Secure | Pulse One | | | Not vuln | | | | source |
| Pulse Secure | Pulse Policy Secure | | | Not vuln | | | | source |
| Pulse Secure | Pulse ZTA | | | Not vuln | | | | source |
| Pulse Secure | Services Director | | | Not vuln | | | | source |
| Pulse Secure | Virtual Traffic Manager | | | Not vuln | | | | source |
| Pulse Secure | Web Application Firewall | | | Not vuln | | | | source |
| Puppet | agents | | | Not vuln | | | | source |
| Puppet | Continuous Delivery for Puppet Enterprise | 3.x, < 4.10.2 | Not vuln | Fix | | | Update available for version 4.x, mitigations for 3.x which is EOL | source workaround mitigations |
| Puppet | Enterprise | | | Not vuln | | | | source |
| Pure Storage | Cloud Block Store | All | | Vulnerable | | | See Link for planned Fixes | source |
| Pure Storage | Cloud Blockstore | CBS6.1.x, CBS6.2.x | | Vulnerable | | | Patch expected 12/27/2021 | Pure Storage Customer Portal |
| Pure Storage | Flash Array | 5.3.x, 6.0.x, 6.1.x, 6.2.x | | Vulnerable | | | Patch expected 12/20/2021 | Pure Storage Customer Portal |
| Pure Storage | FlashArray | All | | Vulnerable | | | See Link for planned Fixes | source |
| Pure Storage | FlashBlade | All | | Vulnerable | | | See Link for planned Fixes | source |
| Pure Storage | PortWorx | 2.8.0+ | Not vuln | Fix | | | | Pure Storage Customer Portal |
| Pure Storage | Pure1 | | Not vuln | Fix | | | | Pure Storage Customer Portal |
| Pure Storage | VM Analytics OVA Collector | <v3.1.4 | Not vuln | Fix | | | | source#The_OVA_Collector) |
| PuTTY | All | | | Not vuln | | | | source |
| Pyramid Analytics | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| R | All | 4.1.1 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| R2ediviewer | All | | | | | | | R2ediviewer Link |
| Radware | All | | | | | | | Radware Support Link |
| Rapid7 | AlcidekArt, kAdvisor, and kAudit | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | AppSpider Enterprise | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | AppSpider Pro | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | Insight Agent | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | InsightAppSec Scan Engine | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | InsightCloudSec/DivvyCloud | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | InsightConnect Orchestrator | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | InsightIDR Network Sensor | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | InsightIDR/InsightOps Collector & Event Sources | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | InsightOps DataHub | 2.0.1 | | Fix | | | | source Fix |
| Rapid7 | InsightOps non-Java logging libraries | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | InsightOps r77insight_java Logging Libary | 3.0.9 | | Fix | | | | source |
| Rapid7 | InsightOps r7insight_java logging library | <=3.0.8 | Not vuln | Fix | | | Upgrade r7insight_java to 3.0.9 | Rapid7 Statement |
| Rapid7 | InsightVM Kubernetes Monitor | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | InsightVM/Nexpose | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | InsightVM/Nexpose Console | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | Rapid7 Statement |
| Rapid7 | InsightVM/Nexpose Engine | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | Rapid7 Statement |
| Rapid7 | IntSights virtual appliance | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | Logentries DataHub | 1.2.0.822 | | Fix | | | | source Windows Fix Linux Fix |
| Rapid7 | Logentries le_java Logging Libary | All | | Vulnerable | | | Migrate to v3.0.9 of r7insight_java | source |
| Rapid7 | Logentries le_java logging library | All versions: this is a deprecated component | Not vuln | Fix | | | Migrate to version 3.0.9 of r7insight_java | Rapid7 Statement |
| Rapid7 | Metasploit Framework | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | Metasploit Pro | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | Metasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j. | Rapid7 Statement |
| Rapid7 | tCell Java Agent | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Rapid7 | Velociraptor | on-prem | Not vuln | Not vuln | Not vuln | Not vuln | | Rapid7 Statement |
| Raritan | All | | | | | | | Raritan Support Link |
| Ravelin | All | | | | | | | Ravelin Link |
| Real-Time Innovations (RTI) | Distributed Logger | | Not vuln | Not vuln | Not vuln | Not vuln | | RTI Statement |
| Real-Time Innovations (RTI) | Recording Console | | Not vuln | Not vuln | Not vuln | Not vuln | | RTI Statement |
| Real-Time Innovations (RTI) | RTI Administration Console | | Not vuln | Not vuln | Not vuln | Not vuln | | RTI Statement |
| Real-Time Innovations (RTI) | RTI Code Generator | | Not vuln | Not vuln | Not vuln | Not vuln | | RTI Statement |
| Real-Time Innovations (RTI) | RTI Code Generator Server | | Not vuln | Not vuln | Not vuln | Not vuln | | RTI Statement |
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Micro 3.0.0, 3.0.1, 3.0.2, 3.0.3 | | Vulnerable | | | | RTI Statement |
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Professional 6.0.0 and 6.0.1 | | Vulnerable | | | | RTI Statement |
| Real-Time Innovations (RTI) | RTI Monitor | | Not vuln | Not vuln | Not vuln | Not vuln | | RTI Statement |
| Red Hat | A-MQ Clients 2 | | | Not vuln | | | | source |
| Red Hat | build of Quarkus | | | Not vuln | | | | source |
| Red Hat | CodeReady Studio | 12.21.0 | Not vuln | Fix | | | CRS 12.21.1 Patch | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | CodeReady Studio 12 | | | Vulnerable | | | | source |
| Red Hat | Data Grid | 8 | Not vuln | Fix | | | RHSA-2021:5132 | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | Data Grid 8 | 8.2.2 | Not vuln | Fix | | | RHSA-2021:5132 | source |
| Red Hat | Decision Manager | 7 | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | Descision Manager 7 | | | Vulnerable | | | | source |
| Red Hat | Enterprise Linux | 6 | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | Enterprise Linux | 7 | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | Enterprise Linux | 8 | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | Integration Camel K | | | Vulnerable | | | | source |
| Red Hat | Integration Camel Quarkus | | | Vulnerable | | | | source |
| Red Hat | JBoss A-MQ Streaming | 1.6.5 | Not vuln | Fix | | | RHSA-2021:5133 | source |
| Red Hat | JBoss Enterprise Application Platform | 7 | Not vuln | Fix | | | Maven Patch - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | JBoss Enterprise Application Platform 6 | | | Not vuln | | | | source |
| Red Hat | JBoss Enterprise Application Platform Expansion Pack | | | Not vuln | | | | source |
| Red Hat | JBoss Fuse 7 | 7.10.0 | Not vuln | Fix | | | RHSA-2021:5134 | source |
| Red Hat | log4j-core | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | OpenShift Application Runtimes 1.0 | n.a. (see notes) | Not vuln | Fix | | | RHSA-2021:5093 - Red Hat build of Eclipse Vert.x 4.1.5 SP1 | source |
| Red Hat | OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5 | 3.11.z | Not vuln | Fix | | | RHSA-2021:5094 | source |
| Red Hat | OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6 | 4.6.z | Not vuln | Fix | | | RHSA-2021:5106 | source |
| Red Hat | OpenShift Container Platform 4 openshift4/ose-metering-hive | 4.8.z | Not vuln | Fix | | | RHSA-2021:5108 | source |
| Red Hat | OpenShift Container Platform 4.6 openshift4/ose-metering-presto | 4.6.52 | Not vuln | Fix | | | RHSA-2021:5141 | source |
| Red Hat | OpenShift Container Platform 4.7 openshift4/ose-metering-presto | 4.7.40 | Not vuln | Fix | | | RHSA-2021:5107 | source |
| Red Hat | OpenShift Container Platform 4.8 openshift4/ose-metering-presto | 4.8.24 | Not vuln | Fix | | | RHSA-2021:5148 | source |
| Red Hat | OpenShift Logging 5.0 openshift-logging/elasticsearch6-rhel8 | 5.0.10 | Not vuln | Fix | | | RHSA-2021:5137 | source |
| Red Hat | OpenShift Logging 5.0 openshift-logging/elasticsearch6-rhel8 | 5.3.1 | Not vuln | Fix | | | RHSA-2021:5129 | source |
| Red Hat | OpenShift Logging 5.1 openshift-logging/elasticsearch6-rhel8 | 5.1.5 | Not vuln | Fix | | | RHSA-2021:5128 | source |
| Red Hat | OpenShift Logging 5.2 openshift-logging/elasticsearch6-rhel8 | 5.2.4 | Not vuln | Fix | | | RHSA-2021:5127 | source |
| Red Hat | OpenStack Platform 13 (Queens) opendaylight | | | Vulnerable | | | | source |
| Red Hat | Process Automation | 7 | Not vuln | Fix | | | Maven Patch - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | Process Automation 7 | | | Vulnerable | | | | source |
| Red Hat | Satellite 5 | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | Single Sign-On | 7 | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | Single Sign-On 7 | | | Not vuln | | | | source |
| Red Hat | Spacewalk | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | Vert.X | 4 | Not vuln | Fix | | | RHSA-2021:5093 | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat | Virtualization 4 | | | Not vuln | | | | source |
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | | Not vuln | Fix | | | RHSA-2021:5094 | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch6 | | Not vuln | Fix | | | Please refer to Red Hat Customer Portal to find the left errata for your version. | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hive | | Not vuln | Fix | | | Please refer to Red Hat Customer Portal to find the left errata for your version. | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-presto | | Not vuln | Fix | | | Please refer to Red Hat Customer Portal to find the left errata for your version. | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat OpenShift Logging | logging-elasticsearch6-container | | Not vuln | Fix | | | Please refer to Red Hat Customer Portal to find the left errata for your version. | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | | | Vulnerable | | | End of Life | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat Software Collections | rh-java-common-log4j | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat Software Collections | rh-maven35-log4j12 | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red Hat Software Collections | rh-maven36-log4j12 | | Not vuln | Not vuln | Not vuln | Not vuln | | CVE-2021-44228- Red Hat Customer Portal |
| Red5Pro | All | | | | | | | Red5Pro Link |
| Redgate | Flyway | All | | Not vuln | | | Only vulnerable when using non-default config. | source |
| Redis | Enterprise & Open Source | All | | Not vuln | | | Redis Enterprise and Open Source Redis (self-managed software product) does not use Java and is therefore not impacted by this vulnerability | source |
| Redis | Jedis | 3.7.1, 4.0.0-rc2 | Not vuln | Fix | | | Jedis uses the affected library in test suites only. | source |
| Reiner SCT | All | | | | | | | Reiner SCT Forum |
| ReportURI | All | | | | | | | ReportURI Link |
| ResMed | AirView | | | Not vuln | | | | source |
| ResMed | myAir | | | Not vuln | | | | source |
| Respondus | All | | | | | | This advisory is available to customers only and has not been reviewed by CISA | Respondus Support Link |
| Revenera | FlexNet Publisher 64-bit License Server Manager | | | Vulnerable | | Vulnerable | | source |
| Revenera / Flexera | All | | | | | | | Revenera / Flexera Community Link |
| Ricoh | Commercial & Industrial Printing - Garment Printers | | | Not vuln | | | | source |
| Ricoh | Commercial & Industrial Printing - Production Printers | | | Investigation | | | | source |
| Ricoh | Office Products - Digital Duplicators | | | Not vuln | | | | source |
| Ricoh | Office Products - FAX | | | Not vuln | | | | source |
| Ricoh | Office Products - Interactive Whiteboards | | | Not vuln | | | | source |
| Ricoh | Office Products - Multifunction Printers/Copiers - Black & White MFP | | | Not vuln | | | | source |
| Ricoh | Office Products - Multifunction Printers/Copiers - Color MFP | | | Not vuln | | | | source |
| Ricoh | Office Products - Multifunction Printers/Copiers - Wide Format MFP | | | Not vuln | | | | source |
| Ricoh | Office Products - Printers - Black & White Laser Printers | | | Not vuln | | | | source |
| Ricoh | Office Products - Printers - Color Laser Printers | | | Not vuln | | | | source |
| Ricoh | Office Products - Printers - Gel Jet Printers | | | Not vuln | | | | source |
| Ricoh | Office Products - Printers - Handy Printers | | | Not vuln | | | | source |
| Ricoh | Office Products - Printers - Printer based MFP | | | Not vuln | | | | source |
| Ricoh | Office Products - Projectors | | | Not vuln | | | | source |
| Ricoh | Office Products - Video Conferencing | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - @Remote Connector NX | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Card Authentication Package Series | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Certificate Enrolment Service | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Device Manager NX Accounting | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Device Manager NX Enterprise | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Device Manager NX Lite | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Device Manager NX Pro | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Docuware | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Enhanced Locked Print Series | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - GlobalScan NX | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Intelligent Barcode Solution | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - myPrint | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Printer Driver Packager NX | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Ricoh Print Management Cloud | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Ricoh Smart Integration (RSI) applications | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Ricoh Smart Integration (RSI) Platform and its applications | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Ricoh Streamline NX V2 | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Ricoh Streamline NX V3 | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Scan Workflow Navigator | | | Not vuln | | | | source |
| Ricoh | Software & Solutions - Streamline NX Share | | | Not vuln | | | | source |
| RingCentral | All | | | | | | | RingCentral Security Bulletin |
| Riverbed | AppResponse11 | | | Not vuln | | | | source |
| Riverbed | Aternity | | | Investigation | | | See source for latest updates | source |
| Riverbed | Client Accelerator Controllers and Client Accelerator (aka SteelCentral Controller for SteelHead Mobile and SteelHead Mobile) | | | Not vuln | | | | source |
| Riverbed | Flow Gateway | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | FlowTraq | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | Modeler | | | Investigation | | | | source |
| Riverbed | NetAuditor Desktop | | | Investigation | | | | source |
| Riverbed | NetAuditor Web | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | NetCollector | | | Investigation | | | | source |
| Riverbed | NetExpress | | | Investigation | | | | source |
| Riverbed | NetIM 1.x | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | NetIM 2.x | | | Vulnerable | | | Patches planned | source |
| Riverbed | NetIM Test Engine | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | NetPlanner | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | NetProfiler | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | Packet Analyzer | | | Not vuln | | | | source |
| Riverbed | Packet Trace Warehouse | | | Not vuln | | | | source |
| Riverbed | Portal 1.x | | | Vulnerable | | | Includes Log4j 2.2 | source |
| Riverbed | Portal 3.x | | | Vulnerable | | | Includes Log4j 2.13 | source |
| Riverbed | SaaS Accelerator | | | Not vuln | | | | source |
| Riverbed | Scon CX | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | Scon EX Analytics | | | Vulnerable | | | Patches planned | source |
| Riverbed | Scon EX Director | | | Vulnerable | | | Patches planned | source |
| Riverbed | Scon EX FlexVNF | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | SteelCentral Controller for SteelHead | | | Not vuln | | | | source |
| Riverbed | SteelFusion Edge | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | SteelFusionCore (appliance, virtual) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Riverbed | SteelHead CX (appliance, virtual, cloud) | | | Not vuln | | | | source |
| Riverbed | SteelHead Interceptor | | | Not vuln | | | | source |
| Riverbed | Transaction Analyzer | | | Investigation | | | | source |
| Riverbed | Transaction Analyzer Agents | | Not vuln | Not vuln | Not vuln | Not vuln | Log4j not in use | source |
| Riverbed | UCExpert | | | Vulnerable | | | | source |
| Riverbed | WinSec Controller for SteelHead (WSC) | | | Not vuln | | | | source |
| RocketChat | All | All | | Not vuln | | | | source |
| Rockwell Automation | Data Scheduler | | Not vuln | | | | | source |
| Rockwell Automation | FactoryTalk Analytics DataFlowML | 4.00.01 | | Fix | | | | source |
| Rockwell Automation | FactoryTalk Analytics DataView | 3.03.01 | | Fix | | | | source |
| Rockwell Automation | FactoryTalk Analytics Information Platform | | Not vuln | | | | | source |
| Rockwell Automation | FactoryTalk Augmented Modeler | | Not vuln | | | | | source |
| Rockwell Automation | Fiix CMMS core V5 | | Not vuln | Fix | Fix | Fix | product has been updated; no user action required | source |
| Rockwell Automation | Firewall Managed Support - Cisco Firepower Thread Defense | 6.2.3 – 7.1.0 | | Workaround | | | Follow the mitigation instructions outlined by Cisco in CSCwa46963 | source |
| Rockwell Automation | Industrial Data Center | Gen 1, Gen 2, Gen 3, Gen 3.5 | Not vuln | Workaround | | | Follow the mitigation instructions outlined by VMware in VMSA-2021-0028 | source |
| Rockwell Automation | MES EIG | 3.03.00 | | Vulnerable | | | Product discontinued. Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions. | source |
| Rockwell Automation | Plex Industrial IoT | | Not vuln | Fix | Fix | Fix | product has been updated; no user action required | source |
| Rockwell Automation | VersaVirtual | Series A | Not vuln | Workaround | | | Follow the mitigation instructions outlined by VMware in VMSA-2021-0028 | source |
| Rockwell Automation | Warehouse Management | 4.02.03 | Not vuln | Fix | | | | source |
| Rollbar | All | | | | | | | Rollbar Blog Post |
| Rosette.com | All | | | | | | | Rosette.com Support Link |
| RSA | NetWitness Orchestrator | >= 6.0 | Not vuln | Workaround | | | Mitigation for the ThreatConnect Application server is available, no impact described | source |
| RSA | NetWitness Platform | 11.4 | Not vuln | Workaround | | | It is theoretically possible to exploit the vulnerability to gain shell access to the NetWitness Platform | source |
| RSA | NetWitness Platform | >= 11.5 | Not vuln | Workaround | | | It is possible to leak system configuration data | source |
| RSA | SecurID Authentication Manager | | | Not vuln | | | Version 8.6 Patch 1 contains a version of log4j that is vulnerable, but this vulnerability is not exploitable. | source |
| RSA | SecurID Authentication Manager Prime | | | Not vuln | | | | source |
| RSA | SecurID Authentication Manager WebTier | | | Not vuln | | | | source |
| RSA | SecurID Governance and Lifecycle | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| RSA | SecurID Governance and Lifecycle (SecurID G&L) | | | Not vuln | | | | source |
| RSA | SecurID Governance and Lifecycle Cloud | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| RSA | SecurID Governance and Lifecycle Cloud (SecurID G&L Cloud) | | | Not vuln | | | | source |
| RSA | SecurID Identity Router | | Not vuln | Not vuln | Not vuln | Not vuln | | |
| RSA | SecurID Identity Router (On-Prem component of Cloud Authentication Service) | | | Not vuln | | | | source |
| RSA Netwitness | All | | | | | | | RSA Netwitness Community Link |
| Rstudioapi | All | 0.13 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Rubrik | All | | | | | | This advisory is available to customers only and has not been reviewed by CISA | Rubrik Support Link |
| Ruckus | FlexMaster | | | Vulnerable | | | Additional details in PDF/Text (Sign-in Required) | source |
| Ruckus | SmartZone 100 (SZ-100) | 5.1 to 6.0 | | Vulnerable | | | Additional details in PDF/Text (Sign-in Required) | source |
| Ruckus | SmartZone 144 (SZ-144) | 5.1 to 6.0 | | Vulnerable | | | Additional details in PDF/Text (Sign-in Required) | source |
| Ruckus | SmartZone 300 (SZ-300) | 5.1 to 6.0 | | Vulnerable | | | Additional details in PDF/Text (Sign-in Required) | source |
| Ruckus | Unleashed | | | Vulnerable | | | Additional details in PDF/Text (Sign-in Required) | source |
| Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | | Vulnerable | | | Additional details in PDF/Text (Sign-in Required) | source |
| RunDeck by PagerDuty | All | | | | | | | RunDeck Docs Link |
| RuneCast | Analyzer | 6.0.4 | Not vuln | Fix | Fix | Fix | | source |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| SISCO | All | | | | | | | link |
| SMA Solar Technology AG | All | | | | | | | link |
| Samsung Electronics America | Knox Admin Portal | | | Not vuln | | | | link |
| Samsung Electronics America | Knox Asset Intelligence | | | Not vuln | | | | link |
| Samsung Electronics America | Knox Configure | | | Not vuln | | | | link |
| Samsung Electronics America | Knox E-FOTA One | | | Not vuln | | | | link |
| Samsung Electronics America | Knox Guard | | | Not vuln | | | | link |
| Samsung Electronics America | Knox License Management | | | Not vuln | | | | link |
| Samsung Electronics America | Knox Manage | | | Fix | | | | link |
| Samsung Electronics America | Knox Managed Services Provider (MSP) | | | Not vuln | | | | link |
| Samsung Electronics America | Knox Mobile Enrollment | | | Not vuln | | | | link |
| Samsung Electronics America | Knox Reseller Portal | | | Fix | | | | link |
| Securonix | Extended Detection and Response (XDR) | All | | Vulnerable | | | Patching ongoing as of 12/10/2021 | link |
| Securonix | Next Gen SIEM | All | | Vulnerable | | | Patching ongoing as of 12/10/2021 | link |
| Securonix | SNYPR Application | | | | | | | link |
| Securonix | Security Analytics and Operations Platform (SOAR) | All | | Vulnerable | | | Patching ongoing as of 12/10/2021 | link |
| Securonix | User and Entity Behavior Analytics(UEBA) | All | | Vulnerable | | | Patching ongoing as of 12/10/2021 | link |
| ServiceTitan | All | | | Fix | | | | link |
| Spacelabs Healthcare | ABP | | | Not vuln | | | | link |
| Spacelabs Healthcare | CardioExpress | | | Not vuln | | | | link |
| Spacelabs Healthcare | DM3 and DM4 Monitors | | | | | | | link |
| Spacelabs Healthcare | EVO | | | | | | | link |
| Spacelabs Healthcare | Eclipse Pro | | | | | | | link |
| Spacelabs Healthcare | Intesys Clinical Suite (ICS) | | | | | | | link |
| Spacelabs Healthcare | Intesys Clinical Suite (ICS) Clinical Access Workstations | | | | | | | link |
| Spacelabs Healthcare | Lifescreen Pro | | | | | | | link |
| Spacelabs Healthcare | Pathfinder SL | | | | | | | link |
| Spacelabs Healthcare | Qube | | | Not vuln | | | | link |
| Spacelabs Healthcare | Qube Mini | | | Not vuln | | | | link |
| Spacelabs Healthcare | SafeNSound | | | Fix | | | Version >4.3.1 - Not Affected | link |
| Spacelabs Healthcare | Sentinel | | | | | | | link |
| Spacelabs Healthcare | Spacelabs Cloud | | | | | | | link |
| Spacelabs Healthcare | Ultraview SL | | | Not vuln | | | | link |
| Spacelabs Healthcare | Xhibit Telemetry Receiver (XTR) | | | Not vuln | | | | link |
| Spacelabs Healthcare | Xhibit, XC4 | | | Not vuln | | | | link |
| Spacelabs Healthcare | XprezzNet | | | Not vuln | | | | link |
| Spacelabs Healthcare | Xprezzon | | | Not vuln | | | | link |
| SAE-IT | All | | | | | | | SAE-IT News Link |
| SAE IT-systems | codeIT Runtime | All | Not vuln | Not vuln | Not vuln | Not vuln | labeled product, Manufacturer: CODESYS GmbH | source |
| SAE IT-systems | codeIT Workbench | All | Not vuln | Not vuln | Not vuln | Not vuln | labeled product, Manufacturer: CODESYS GmbH | source |
| SAE IT-systems | connectIT | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SAE IT-systems | net-line series5 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SAE IT-systems | setIT | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SAE IT-systems | SG-50 / Kombisafe | All | | Not vuln | | | labeled product, Manufacturer: NSE AG | source |
| SAE IT-systems | Straton Runtime | All | | Not vuln | | | labeled product, Manufacturer STRATON AUTOMATION | source |
| SAE IT-systems | Straton Workbench | All | | Not vuln | | | labeled product, Manufacturer STRATON AUTOMATION | source |
| SAE IT-systems | System-4 | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SAE IT-systems | T10/T7 Touch panel | All | | Not vuln | | | labeled product, Manufacturer Garz & Fricke GmbH | source |
| SAE IT-systems | visIT Runtime | All | Not vuln | Not vuln | Not vuln | Not vuln | labeled product, Manufacturer Weidmüller GTI Software GmbH | source |
| SAE IT-systems | visIT Workbench | All | Not vuln | Not vuln | Not vuln | Not vuln | labeled product, Manufacturer Weidmüller GTI Software GmbH | source |
| Safe Software | FME Desktop | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Safe Software | FME Server | | | Investigation | | | | source |
| SAFE FME Server | All | | | | | | | SAFE FME Server Community Link |
| Sage | CRM | 2020 R2, 2021 R1, and 2021 R2 | Not vuln | Workaround | | | Sage has 3 patches in test | source |
| SailPoint | IdentityIQ | 8.0 or later | Not vuln | Workaround | | | | source |
| Salesforce | All | | | Investigation | | | | source |
| Sangoma | All | | | | | | | Sangoma Community Link |
| SAP | BusinessObjects Business Intelligence | | | Not vuln | | | (behind login) | source |
| SAP | BusinessObjects Data Services | | | Not vuln | | | (behind login) | source |
| SAP | BusinessObjects Explorer | | | Not vuln | | | (behind login) | source |
| SAP | BusinessObjects Financial Information Management | | | Not vuln | | | (behind login) | source |
| SAP | BusinessObjects Knowledge Accelerator | | | Not vuln | | | (behind login) | source |
| SAP | Commerce | 1905, 2005, 2105, 2011 | Not vuln | Fix | Fix | Fix | | source |
| SAP | Customer Checkout PoS / manager | 2.0 FP09, 2.0 FP10, 2.0 FP11 PL06 (or lower) and 2.0 FP12 PL04 (or lower) | Not vuln | Fix | Fix | | SAP note 3130499 | source |
| SAP | Data Intelligence | 3 | Not vuln | Fix | Fix | Fix | | source |
| SAP | Dynamic Authorization Management | 9.1.0.0, 2021.3 | Not vuln | Fix | Fix | | | source |
| SAP | Hana Cockpit | <1.1.23 | Not vuln | Fix | Fix | Fix | | source |
| SAP | HANA Database | | | Not vuln | | | (behind login) | source |
| SAP | HANA Smart Data Integration | | | Not vuln | | | (behind login) | source |
| SAP | HANA Spatial Service | | | Not vuln | | | (behind login) | source |
| SAP | HANA Streaming Analytics | | | Not vuln | | | (behind login) | source |
| SAP | Integrated Business Planning for Supply Chain – Customer systems | | | Not vuln | | | (behind login) | source |
| SAP | Internet of Things Edge Platform | 4.0 | Not vuln | Fix | Fix | Fix | | source |
| SAP | NetWeaver Application Server for ABAP | | | Not vuln | | | (behind login) | source |
| SAP | S/4 HANA Cloud Customer systems | | | Not vuln | | | (behind login) | source |
| SAP | S/4 HANA Digital Payments Add-On | | | Not vuln | | | (behind login) | source |
| SAP | S/4 HANA On-Premise on ABAP | | | Not vuln | | | | source |
| SAP | SuccessFactors Litmos | | | Not vuln | | | (behind login) | source |
| SAP | XS Advanced Runtime | 1.0.140 or lower | Not vuln | Fix | Fix | Fix | SAP note 3130698 | source |
| SAP Advanced Platform | All | | | | | | This advisory is available to customers only and has not been reviewed by CISA | SAP Advanced Platform Support Link |
| SAP BusinessObjects | All | | | | | | The support document is available to customers only and has not been reviewed by CISA | CVE-2021-44228 - Impact of Log4j vulnerability on SAP BusinessObjects SAP BusinessObjects Support Link |
| SAS | All | | | | | | | SAS Support Link |
| SAS Institute | JMP | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SAS Institute | SAS Cloud Solutions | | Not vuln | Workaround | | | | source |
| SAS Institute | SAS Profile | | Not vuln | Fix | | | | source |
| SASSAFRAS | All | | | | | | | SASSAFRAS Link |
| Savignano software solutions | All | | | | | | | Savignano Link |
| SBT | All | <1.5.6 | Not vuln | Fix | | | | Release 1.5.7 · sbt/sbt(github.com) |
| ScaleComputing | All | | | | | | This advisory is available to customers only and has not been reviewed by CISA | ScaleComputing Community Link |
| ScaleFusion MobileLock Pro | All | | | | | | | ScaleFusion MobileLock Pro Help |
| Schneider Electric | All other products | | | Investigation | Investigation | | | source |
| Schneider Electric | APC PowerChute Business Edition | 9.5,10.0,10.0.1-10.0.4 | Not vuln | Workaround | Workaround | | | source |
| Schneider Electric | APC PowerChute Network Shutdown | 4.2-4.4,4.4.1 | Not vuln | Workaround | Workaround | | | source |
| Schneider Electric | EASYFIT | Current software and earlier | | Vulnerable | Vulnerable | | no customer action required | source |
| Schneider Electric | Ecoreal XL | Current software and earlier | | Vulnerable | Vulnerable | | no customer action required | source |
| Schneider Electric | EcoStruxure IT Expert | | Not vuln | Fix | Fix | Fix | cloud-based offer; no customer action required | source |
| Schneider Electric | EcoStruxure IT Gateway | 1.13.2.3 | Not vuln | Fix | Fix | Fix | | source |
| Schneider Electric | Eurotherm Data Reviewer | V3.0.2 and prior | Not vuln | Workaround | | | | source |
| Schneider Electric | Facility Expert Small Business | | Not vuln | Fix | Fix | Fix | cloud-based offer; no customer action required | source |
| Schneider Electric | Harmony Configurator | 34 | Not vuln | Fix | Fix | Fix | | source |
| Schneider Electric | MSE Cloud | | Not vuln | Fix | Fix | Fix | no customer action required | source |
| Schneider Electric | NetBotz750/755 | 5.3.1 | Not vuln | Fix | Fix | | | source |
| Schneider Electric | NEW630 | Current software and earlier | | Vulnerable | Vulnerable | | no customer action required | source |
| Schneider Electric | SDK BOM | Current software and earlier | | Vulnerable | Vulnerable | | no customer action required | source |
| Schneider Electric | SDK-Docgen (Cloud) | | Not vuln | Fix | Fix | Fix | no customer action required | source |
| Schneider Electric | SDK-TNC | Current software and earlier | | Vulnerable | Vulnerable | | no customer action required | source |
| Schneider Electric | SDK-UMS (Cloud) | | Not vuln | Fix | Fix | Fix | no customer action required | source |
| Schneider Electric | SDK3D-2DRenderer | Current software and earlier | | Vulnerable | Vulnerable | | no customer action required | source |
| Schneider Electric | SDK3D-360Widget | Current software and earlier | | Vulnerable | Vulnerable | | no customer action required | source |
| Schneider Electric | SDK3D2DRenderer | Current software and earlier | | Vulnerable | | | | SE Cybersecurity Best Practices |
| Schneider Electric | SDK3D360Widget | Current software and earlier | | Vulnerable | | | | SE Cybersecurity Best Practices |
| Schneider Electric | Select and Config DATA (Cloud) | | Not vuln | Fix | Fix | Fix | no customer action required | source |
| Schneider Electric | SNC-API (Cloud) | | Not vuln | Fix | Fix | Fix | no customer action required | source |
| Schneider Electric | SNC-CMM (Cloud) | | Not vuln | Fix | Fix | Fix | no customer action required | source |
| Schneider Electric | SNC-SEMTECH (Cloud) | | Not vuln | Fix | Fix | Fix | no customer action required | source |
| Schneider Electric | SNCSEMTECH | Current software and earlier | | Vulnerable | | | | SE Cybersecurity Best Practices |
| Schneider Electric | SPIMV3 | Current software and earlier | | Vulnerable | Vulnerable | | no customer action required | source |
| Schneider Electric | SWBEditor | Current software and earlier | | Vulnerable | Vulnerable | | no customer action required | source |
| Schneider Electric | SWBEngine | Current software and earlier | | Vulnerable | Vulnerable | | no customer action required | source |
| Schneider Electric | TwinBus IP (formerly Digides 2.0) (Cloud) | | Not vuln | Fix | Fix | Fix | no customer action required | source |
| Schneider Electric | Wiser by SE platform (Cloud) | | Not vuln | Fix | Fix | Fix | cloud-based offer; no customer action required | source |
| Schneider Electric | Workplace Advisor | All | Not vuln | Vulnerable | Vulnerable | Vulnerable | | source |
| Schweitzer Engineering Laboratories | All | | Not vuln | Not vuln | Not vuln | Not vuln | | SEL Advisory Link |
| SCM Manager | All | | | | | | | SCM Manager Link |
| Scootersoftware | Beyond Compare | All | | Not vuln | | | | source |
| ScreenBeam | All | | | | | | | ScreenBeam Article |
| SDL worldServer | All | | | | | | | SDL worldServer Link |
| Seafile | Server | | Not vuln | Fix | | | | source |
| Seagull Scientific | BarTender | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SecurePoint | All | | | | | | | SecurePoint News Link |
| Security Onion | All | | | | | | | Security Onion Blog Post |
| Security Onion Solutions | Security Onion | 2.3.90 20211210 | Not vuln | Fix | | | | source |
| SecurityHive | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SecurityRoots | Dradis Professional | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Seeburger | All | | | | | | This advisory is avaiable to customers only and has not been reviewed by CISA | Seeburger Service Desk Link |
| SentinelOne | All | | | | | | | SentinelOne Blog Post |
| Sentry | All | | | | | | | Sentry Blog Post |
| Sentry.io | Self Hosted and SaaS | All | | Not vuln | | | Not affected as it is written in Python and Rust. Makes use of unaffected versions of log4j 1.x in Kafka and Zookeeper subsystems | source |
| SEP | All | | | | | | | SEP Support Link |
| Server Eye | All | | | | | | | Server Eye Blog Post |
| ServiceNow | All | | | | | | | ServiceNow Support Link |
| Shibboleth | All | Identity Provider>=3.0, All other software versions | Not vuln | Not vuln | Not vuln | Not vuln | | Log4j CVE (non)-impact |
| Shibboleth | IdP/SP | | | Not vuln | | | | source |
| Shopify | All | | | | | | | Shopify Community Link |
| Siebel | All | | | | | | | Siebel Link |
| Siemens | Affected Products | | | | | x | Siemens requested to directly refer to their website: See pdf for the complete list of affected products, CSAF for automated parsing of data | pdf CSAF |
| Siemens | Affected Products | | | x | x | | Siemens requested to directly refer to their website: See pdf for the complete list of affected products, CSAF for automated parsing of data | pdf CSAF |
| Siemens Energy | Affected Products | | | x | x | | Siemens requested to directly refer to their website: See pdf for the complete list of affected products, CSAF for automated parsing of data | pdf CSAF |
| Siemens Healthineers | ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 | | | Vulnerable | | | If you have determined that your Atellica Data Manager has a “Java communication engine” service, and you require an immediate mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative. | Siemens Healthineers |
| Siemens Healthineers | CENTRALINK v16.0.2 / v16.0.3 | | | Vulnerable | | | If you have determined that your CentraLink has a “Java communication engine” service, and you require a mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative. | Siemens Healthineers |
| Siemens Healthineers | Cios Flow S1 / Alpha / Spin VA30 | | | Vulnerable | | | evaluation ongoing | Siemens Healthineers |
| Siemens Healthineers | Cios Select FD/I.I. VA21 / VA21-S3P | | | Vulnerable | | | evaluation ongoing | Siemens Healthineers |
| Siemens Healthineers | DICOM Proxy VB10A | | | Vulnerable | | | Workaround: remove the vulnerable class from the .jar file | Siemens Healthineers |
| Siemens Healthineers | go.All, Som10 VA20 / VA30 / VA40 | | | Vulnerable | | | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | Siemens Healthineers |
| Siemens Healthineers | go.Fit, Som10 VA30 | | | Vulnerable | | | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | Siemens Healthineers |
| Siemens Healthineers | go.Now, Som10 VA10 / VA20 / VA30 / VA40 | | | Vulnerable | | | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | Siemens Healthineers |
| Siemens Healthineers | go.Open Pro, Som10 VA30 / VA40 | | | Vulnerable | | | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | Siemens Healthineers |
| Siemens Healthineers | go.Sim, Som10 VA30 / VA40 | | | Vulnerable | | | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | Siemens Healthineers |
| Siemens Healthineers | go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 | | | Vulnerable | | | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | Siemens Healthineers |
| Siemens Healthineers | go.Up, Som10 VA10 / VA20 / VA30 / VA40 | | | Vulnerable | | | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA 3T NUMARIS/X VA30A | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM Altea NUMARIS/X VA20A | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X VA31A | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM Amira NUMARIS/X VA12M | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM Free.Max NUMARIS/X VA40 | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM Lumina NUMARIS/X VA20A | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM Sempra NUMARIS/X VA12M | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM Sola fit NUMARIS/X VA20A | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM Sola NUMARIS/X VA20A | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM Vida fit NUMARIS/X VA20A | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | MAGNETOM Vida NUMARIS/X VA10A* / VA20A | | | Vulnerable | | | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | Siemens Healthineers |
| Siemens Healthineers | SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A | | | Vulnerable | | | evaluation ongoing | Siemens Healthineers |
| Siemens Healthineers | Somatom Emotion Som5 VC50 | | | Vulnerable | | | evaluation ongoing | Siemens Healthineers |
| Siemens Healthineers | Somatom Scope Som5 VC50 | | | Vulnerable | | | evaluation ongoing | Siemens Healthineers |
| Siemens Healthineers | Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A | | | Vulnerable | | | Workaround: remove the vulnerable class from the .jar file | Siemens Healthineers |
| Siemens Healthineers | Syngo MobileViewer VA10A | | | Vulnerable | | | The vulnerability will be patch/mitigated in upcoming releases\patches. | Siemens Healthineers |
| Siemens Healthineers | syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 | | | Vulnerable | | | Workaround: remove the vulnerable class from the .jar file | Siemens Healthineers |
| Siemens Healthineers | syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 | | | Vulnerable | | | Please contact your Customer Service to get support on mitigating the vulnerability. | Siemens Healthineers |
| Siemens Healthineers | syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 | | | Vulnerable | | | Workaround: remove the vulnerable class from the .jar file | Siemens Healthineers |
| Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | | | Vulnerable | | | Workaround: remove the vulnerable class from the .jar file | Siemens Healthineers |
| Siemens Healthineers | X.Ceed Somaris 10 VA40* | | | Vulnerable | | | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | Siemens Healthineers |
| Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | | Vulnerable | | | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | Siemens Healthineers |
| Sierra Wireless | All | | | | | | | Sierra Wireless Security Bulletin |
| Signald | All | | | | | | | Signald Gitlab |
| Silver Peak | Orchestrator, Silver Peak GMS | | | Vulnerable | | | Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit. | Security Advisory Notice Apache |
| SingleWire | All | | | | | | This advisory is available to customers only and has not been reviewed by CISA | SingleWire Support Link |
| Sitecore | Boxever | | | Not vuln | | | | source |
| Sitecore | CDP | | | Not vuln | | | | source |
| Sitecore | Content Hub | | | Not vuln | | | | source |
| Sitecore | Discover | | | Not vuln | | | | source |
| Sitecore | Managed Cloud | customers who bring their own Solr | Not vuln | Workaround | | | | source |
| Sitecore | Managed Cloud | customers who do not use Solr | | Not vuln | | | | source |
| Sitecore | Managed Cloud | customers who host Solr using SearchStax | | Not vuln | | | | source |
| Sitecore | Moosend | | | Not vuln | | | | source |
| Sitecore | OrderCloud | | | Not vuln | | | | source |
| Sitecore | Personalize | | | Not vuln | | | | source |
| Sitecore | Send | | | Not vuln | | | | source |
| Sitecore | XP | <= 9.1 (with SOLR as Content Search provider) | | Not vuln | | | | source |
| Sitecore | XP | >= 9.2 (with SOLR as Content Search provider) | Not vuln | Workaround | | | | source |
| Sitecore | XP | all (with Azure Search as Content Search provider) | | Not vuln | | | | source |
| Skillable | All | | | | | | | Skillable Link |
| SLF4J | All | | | | | | | SLF4J Link |
| Slurm | All | 20.11.8 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smartbear | SoapUI | <= 5.6.0 | | Vulnerable | | | | source |
| SmileCDR | All | | | | | | | SmileCDR Blog Post |
| Smiths Medical | CADD®-Solis Download Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | CADD-Solis Ambulatory Infusion Pump Model 2110 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | CADD-Solis Communication Module Model 2130 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | CADD-Solis Communication Module Model 2131 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | CADD-Solis Network Configuration Utility Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | Medfusion 3500 Pump Download Utility (DL3500) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | Medfusion 3500 Syringe Infusion Pump | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | Medfusion 4000 Syringe Infusion Pump | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | Medfusion® 4000 Pump Download Utility (DL4000) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | PharmGuard Administrator Medication Safety Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | PharmGuard Device Reports Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | PharmGuard Interoperability Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | PharmGuard Toolbox 2 Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Smiths Medical | PharmGuard® Server Infusion Management Software | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Sn0m | All | | | | | | | Sn0m Link |
| Snakemake | All | 6.12.1 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Snow Software | Snow Commander | 8.10.3 | Not vuln | Fix | Fix | Fix | | source |
| Snow Software | VM Access Proxy | 3.7 | Not vuln | Fix | Fix | Fix | | source |
| Snowflake | All | | Not vuln | Not vuln | Not vuln | Not vuln | | Snowflake Community Link |
| Snyk | Cloud Platform | | Not vuln | Not vuln | Not vuln | Not vuln | | Snyk Updates |
| Software AG | All | | | | | | | Software AG |
| SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | | Vulnerable | | | Workarounds available, hotfix under development | Apache Log4j Critical Vulnerability (CVE-2021-44228) Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228) |
| SolarWinds | Orion Platform core | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | | Vulnerable | | | Workarounds available, hotfix under development | Apache Log4j Critical Vulnerability (CVE-2021-44228) Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228) |
| Soliton Systems | MailZen Management - Cloud Service | All | Not vuln | Fix | | | | source |
| Soliton Systems | MailZen Management Portal - On-Premise | 2.36.2, 2.37.3, 2.38.2 | Not vuln | Fix | | | | source |
| Soliton Systems | MailZen Push Server | All | Not vuln | Fix | | | | source |
| Soliton Systems | Other products | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonarSource | SonarCloud | | Not vuln | Fix | | | | source |
| SonarSource | SonarQube | | Not vuln | Workaround | | | | source |
| Sonatype | All | | | | | | | Sonatype Vulnerability Statement |
| SonicWall | Access Points | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | Analytics | | | Not vuln | Not vuln | Not vuln | update based on v2.3 of advisory | source |
| SonicWall | Analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | Capture Client & Capture Client Portal | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | Capture Security Appliance | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | CAS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | Cloud Edge | | | Not vuln | Not vuln | Not vuln | based on v2.3 of advisory | source |
| SonicWall | CSCMA | | | Not vuln | Not vuln | Not vuln | based on v2.3 of advisory | source |
| SonicWall | Email Security | 10.0.13 | | Fix | Fix | Fix | based on version 2.3 of advisory | source |
| SonicWall | EPRS | | | Not vuln | Not vuln | Not vuln | based on version 2.3 of advisory | source |
| SonicWall | Gen5 Firewalls (EOS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | Gen6 Firewalls | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | Gen7 Firewalls | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | GMS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | MSW | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | NSM On-Premise | 2.3.2-R12-H2 | | Fix | Fix | Fix | based on version 2.3 of advisory | source |
| SonicWall | SMA 100 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | SMA 1000 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | SonicCore | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | Switch | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | WAF | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | WNM | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SonicWall | WXA | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Sophos | Central | | | Not vuln | | | | source |
| Sophos | Cloud Optix | | Not vuln | Fix | | | | source |
| Sophos | Firewall | All | | Not vuln | | | | source |
| Sophos | Firewall (all versions) | | Not vuln | Not vuln | Not vuln | Not vuln | Sophos Firewall does not use Log4j. | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos |
| Sophos | Home | | | Not vuln | | | | source |
| Sophos | Mobile | | | Not vuln | | | | source |
| Sophos | Mobile EAS Proxy | 9.7.2 | Not vuln | Fix | | | | source |
| Sophos | Reflexion | | | Not vuln | | | | source |
| Sophos | SG UTM | All | | Not vuln | | | | source |
| Sophos | SG UTM (all versions) | | Not vuln | Not vuln | Not vuln | Not vuln | Sophos SG UTM does not use Log4j. | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos |
| Sophos | SG UTM Manager (SUM) | All | | Not vuln | | | | source |
| Sophos | SG UTM Manager (SUM) (all versions) | All | Not vuln | Not vuln | Not vuln | Not vuln | SUM does not use Log4j. | Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos |
| Sophos | ZTNA | | | Not vuln | | | | source |
| SOS (Berlin) | Jobscheduler | 1.12.15, 1.13.10, 2.2.0, 2.1.3 | Not vuln | Fix | | | | source |
| SOS Berlin | All | | | | | | | SOS Berlin Link |
| Spambrella | All | | | | | | | Spambrella FAQ Link |
| Specops Software | All | | | Not vuln | | | | source |
| Spectralink | All | | | Not vuln | Not vuln | Not vuln | using version 1.2.17 | source |
| Spigot | All | | | | | | | Spigot Security Release |
| Splunk | Add-On for Java Management Extensions App ID 2647 | 5.2.0 and older | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Splunk | Add-On for JBoss App ID 2954 | 3.0.0 and older | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Splunk | Add-On for Tomcat App ID 2911 | 3.0.0 and older | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Splunk | Add-On: Java Management Extensions | 5.2.1 | Not vuln | Fix | | | | source |
| Splunk | Add-On: JBoss | 3.0.1 | Not vuln | Fix | | | | source |
| Splunk | Add-On: Tomcat | 3.0.1 | Not vuln | Fix | | | | source |
| Splunk | Admin Config Service | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Analytics Workspace | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Application Performance Monitoring | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Augmented Reality | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Behavior Analytics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Cloud Data Manager (SCDM) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Connect for Kafka | <2.0.4 | Not vuln | Fix | | | | source |
| Splunk | Connect for Kubernetes | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Connect for SNMP | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Connect for Syslog | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Dashboard Studio | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Data Stream Processor | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | | Vulnerable | | | | source |
| Splunk | DB Connect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Developer Tools: AppInspect | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Enterprise | All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used. | Not vuln | Workaround | | | | source |
| Splunk | Enterprise (including instance types like Heavy Forwarders) | All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. See Removing Log4j from Splunk Enterprise below for guidance on unsupported versions. | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Splunk | Enterprise Amazon Machine Image (AMI) | see Splunk Enterprise | Not vuln | Workaround | | | | source |
| Splunk | Enterprise Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Enterprise Docker Container | see Splunk Enterprise | Not vuln | Workaround | | | | source |
| Splunk | Enterprise Security | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Heavyweight Forwarder (HWF) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Infrastructure Monitoring | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Intelligence Management (TruSTAR) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | IT Essentials Work App ID 5403 | 4.11, 4.10.x (Cloud only), 4.9.x | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Splunk | IT Service Intelligence (ITSI) | 4.11.2, 4.10.4, 4.9.6, 4.7.4 | Not vuln | Fix | | | | source |
| Splunk | IT Service Intelligence (ITSI) App ID 1841 | 4.11.0, 4.10.x (Cloud only), 4.9.x, 4.8.x (Cloud only), 4.7.x, 4.6.x, 4.5.x | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Splunk | KV Service | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Log Observer | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Logging Library for Java | <1.11.1 | Not vuln | Fix | | | | source |
| Splunk | Mint | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Mission Control | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | MLTK | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Mobile | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Network Performance Monitoring | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | On-call / VictorOps | Current | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Splunk | On-Call/Victor Ops | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Open Telemetry Distributions | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Operator for Kubernetes | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | OVA for VMWare App ID 3216 | 4.0.3 and older | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Splunk | OVA for VMWare Metrics App ID 5096 | 4.2.1 and older | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Splunk | Profiling | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Real User Monitoring | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Secure Gateway (Spacebridge) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Security Analytics for AWS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | SignalFx Smart Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | SOAR (On-Premises) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | SOAR Cloud (Phantom) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | Stream Processor Service | Current | | Vulnerable | | | | source |
| Splunk | Synthetics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | TV | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | UBA OVA Software | 5.0.3a, 5.0.0 | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Splunk | Universal Forwarder (UF) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | User Behavior Analytics (UBA) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Splunk | VMWare OVA for ITSI App ID 4760 | 1.1.1 and older | | Vulnerable | | | | Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) |
| Sprecher Automation | SPRECON-E | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Sprecher Automation | SPRECON-EDIR | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Sprecher Automation | SPRECON-SG | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Sprecher Automation | SPRECON-V | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Spring | Boot | | | | | | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | source |
| Spring Boot | All | | | | | | | Spring Boot Vulnerability Statement |
| Stackstate | Agent | | Not vuln | Workaround | | | StackState Agent distributed as an RPM, DEB or MSI package contains a vulnerable Log4j library. | source |
| Stackstate | All | 4.3.x, 4.4.x, 4.5.x and SaaS | Not vuln | Workaround | | | StackState ships with a version of Elasticsearch that contains a vulnerable Log4j library. | source |
| Stardog | All | <7.8.1 | Not vuln | Fix | | | | source |
| STERIS | Advantage | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | Advantage Plus | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO 2000 SERIES WASHER DISINFECTORS | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO 3000 SERIES WASHER DISINFECTORS | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO 400 MEDIUM STEAM STERILIZER | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO 400 SMALL STEAM STERILIZERS | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO 5000 SERIES WASHER DISINFECTORS | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO 600 MEDIUM STEAM STERILIZER | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO 7000 SERIES WASHER DISINFECTORS | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO CENTURY MEDIUM STEAM STERILIZER | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO CENTURY SMALL STEAM STERILIZER | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | AMSCO EVOLUTION MEDIUM STEAM STERILIZER | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | Canexis 1.0 | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | CELERITY HP INCUBATOR | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | CELERITY STEAM INCUBATOR | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | CER Optima | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | Clarity Software | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | Connect Software | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | ConnectAssure Technology | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | ConnectoHIS | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | CS-iQ Sterile Processing Workflow | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | DSD Edge | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | DSD-201, | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | EndoDry | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | Endora | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | Harmony iQ Integration Systems | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | Harmony iQ Perspectives Image Management System | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | HexaVue | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | HexaVue Integration System | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | IDSS Integration System | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | RapidAER | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | ReadyTracker | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | RealView Visual Workflow Management System | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | RELIANCE 444 WASHER DISINFECTOR | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | RELIANCE SYNERGY WASHER DISINFECTOR | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | Renatron | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | ScopeBuddy+ | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | SecureCare ProConnect Technical Support Services | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | Situational Awareness for Everyone Display (S.A.F.E.) | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | SPM Surgical Asset Tracking Software | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| STERIS | VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS | | Not vuln | Not vuln | Not vuln | Not vuln | | STERIS Advisory Link |
| Sterling Order IBM | All | | | | | | | IBM Statement |
| Storagement | All | | | | | | | Storagement |
| StormShield | All other products | | | | Not vuln | Not vuln | Advisory only mentions CVE-2021-44228, CVE-2021-45046 | StormShield Security Alert |
| StormShield | Visibility Center | v1.6.1 | Not vuln | Fix | Fix | Not vuln | | source |
| StrangeBee TheHive & Cortex | All | | | | | | | StrangeBee Statement |
| Stratodesk | NoTouch | 4.5.231 | Not vuln | Fix | | | | source |
| Strimzi | All | | | | | | | Strimzi Statement |
| Stripe | All | | | | | | | Stripe Support) |
| Styra | All | | | | | | | Styra Security Notice |
| Sumo logic | Sumu logic | 19.361-12 | Not vuln | Fix | | | | source |
| SumoLogic | All | | | | | | | Sumologic Release Notes |
| Sumologic | All | | | | | | | Sumologic Statement |
| SuperMicro | BIOS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | BMC | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | SCC Analytics | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | SCC PODM | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | SMCIPMITool | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | SUM Service (SUM_SERVER) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | Super Diagnostics Offline | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | SuperCloud Composer (SCC) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | Supermicro Power Manager (SPM) | All | | Vulnerable | | | Upgrade to Log4j 2.15.0. Release pending ASAP | source |
| SuperMicro | Supermicro Server Manager (SSM) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | Supermicro SuperDoctor (SD5) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | Supermicro Update Manager (SUM) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SuperMicro | vCenter Plug-in | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Superna EYEGLASS | All | | | | | | | Superna EYEGLASS Technical Advisory |
| Suprema Inc | All | | | | | | | Suprema Inc |
| SUSE | Linux Enterprise server | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SUSE | Manager | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| SUSE | Openstack Cloud | All | | Vulnerable | | | will get update | source |
| SUSE | Rancher | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Sweepwidget | All | | | | | | | Sweepwidget Statement |
| Swyx | All | | | | | | | Swyx Advisory |
| Synacor | Zimbra | 8.8.15 and 9.x | Not vuln | Not vuln | Not vuln | Not vuln | Zimbra stated (in their private support portal) they're not vulnerable. Currently supported Zimbra versions ship 1.2.6 | source |
| Synchro MSP | All | | | | | | | Synchro MSP Advisory |
| Syncplify | All | | | | | | | Syncplify Advisory |
| SyncRO Soft SRL | Batch Document Converter | 3.2.1 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Git Client | 3.0.1 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen Feedback Enterprise | 2.0.1 build 2021122021 | Not vuln | Fix | Fix | Fix | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen License Server | 24.0 build 2021122016 | Not vuln | Fix | Fix | Fix | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen PDF Chemistry | 22.1 build 2021121712 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen PDF Chemistry | 23.1 build 2021121413 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen PDF Chemistry | 24.0 build 2021121611 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen SDK | 22.1.0.6 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen SDK | 23.1.0.4 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen SDK | 24.0.0.2 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen Web Author Test Server Add-on | 22.1.1 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen Web Author Test Server Add-on | 23.1.2 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen Web Author Test Server Add-on | 24.0.1 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Author | 16.1-22.0 | Not vuln | Workaround | Workaround | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Author | 22.1 build 2021121715 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Author | 23.1 build 2021121415 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Author | 24.0 build 2021121518 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Content Fusion | 2.0.3 build 2021121417 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Content Fusion | 3.0.1 build 2021121414 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Content Fusion | 4.1.4 build 2021121611 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Developer | 16.1-22.0 | Not vuln | Workaround | Workaround | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Developer | 22.1 build 2021121715 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Developer | 23.1 build 2021121415 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Developer | 24.0 build 2021121518 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Editor | 16.1-22.0 | Not vuln | Workaround | Workaround | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Editor | 22.1 build 2021121715 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Editor | 23.1 build 2021121415 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Editor | 24.0 build 2021121518 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Publishing Engine | 22.1 build 2021121712 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Publishing Engine | 23.1 build 2021121413 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Publishing Engine | 24.0 build 2021121611 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Web Author | 22.1.0.5 build 2021122014 | Not vuln | Fix | Fix | Fix | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Web Author | 23.1.1.3 build 2021122014 | Not vuln | Fix | Fix | Fix | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML Web Author | 24.0.0.3 build 2021122015 | Not vuln | Fix | Fix | Fix | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML WebHelp | 22.1 build 2021121712 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML WebHelp | 23.1 build 2021121412 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Oxygen XML WebHelp | 24.0 build 2021121511 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Web Author PDF Plugin | 23.1.1.2 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | Web Author PDF Plugin | 24.0.0.2 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | XSD to JSON Schema Converter | 22.1.1 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | XSD to JSON Schema Converter | 23.1.1 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| SyncRO Soft SRL | XSD to JSON Schema Converter | 24.0.1 | Not vuln | Fix | Fix | Vulnerable | | CVE-2021-44228 CVE-2021-45046 CVE-2021-450105 |
| Synology | DSM | | Not vuln | Not vuln | Not vuln | Not vuln | The base DSM is not affected. Software installed via the package manager may be vulnerable. | source |
| Synopsys | All | | | | | | | Synopsys Advisory |
| syntevo | DeepGit | >= 4.0 | Not vuln | Fix | | | 3.0.x and older are vulnerable | source |
| syntevo | SmartGit | >= 18.1 | Not vuln | Fix | | | 17.1.x and older are vulnerable | source |
| syntevo | SmartSVN | >= 9.3 | Not vuln | Fix | | | 9.2.x and older are vulnerable | source |
| syntevo | SmartSynchronize | >= 3.5 | Not vuln | Fix | | | 3.4.x and older are vulnerable | source |
| SysAid | All | | Not vuln | Fix | | | | source |
| Sysdig | All | | | | | | | source |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| Tridium | All | | | | | | Document access requires authentication. CISA is not able to validate vulnerability status. | link |
| Tripp Lite | LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) | | | | | | | link |
| Tripp Lite | PowerAlert Local (PAL) | | | | | | Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | link |
| Tripp Lite | PowerAlert Network Management System (PANMS) | | | | | | Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | link |
| Tripp Lite | PowerAlert Network Shutdown Agent (PANSA) | | | | | | Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | link |
| Tripp Lite | PowerAlertElement Manager (PAEM) | 1.0.0 | | Vulnerable | | | Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which will contain a patched version of Log4j2 | link |
| Tripp Lite | SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or embedded SNMPWEBCARD | | | | | | | link |
| Tripp Lite | TLNETCARD and associated software | | | | | | | link |
| Tableau | Bridge | 20214.21.1214.2057 | Not vuln | Fix | | | | source fix |
| Tableau | Desktop | 2021.4 | | Vulnerable | | | | source |
| Tableau | Desktop | 2021.4.1 | Not vuln | Fix | | | | source fix |
| Tableau | Prep | 2021.4.2 | Not vuln | Fix | | | | source fix |
| Tableau | Prep Builder | The following versions and lower: 22021.4.1, 2021.3.2, 2021.2.2, 2021.1.4, 2020.4.1, 2020.3.3, 2020.2.3, 2020.1.5, 2019.4.2, 2019.3.2, 2019.2.3, 2019.1.4, 2018.3.3 | Not vuln | Fix | | | | Apache Log4j2 vulnerability (Log4shell) |
| Tableau | Public Desktop Client | The following versions and lower: 2021.4 | Not vuln | Fix | | | | Apache Log4j2 vulnerability (Log4shell) |
| Tableau | Reader | unkown | Not vuln | Fix | | | | source fix |
| Tableau | Server | 2021.2.5 | | Vulnerable | | | | source |
| Tableau | Server | 2021.4.1 | Not vuln | Fix | | | | source fix |
| Tailscale | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Talend | Component Kit | | Not vuln | Fix | | | | source |
| Tanium | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TARGIT | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tealium | All | | Not vuln | Fix | | | | source |
| TealiumIQ | All | | | | | | | TealiumIQ Security Update |
| TeamPasswordManager | All | | | | | | | TeamPasswordManager Blog |
| Teamviewer | All | | Not vuln | Fix | | | Server-side hotfix deployed. No user interaction required | source |
| Tech Software | OneAegis (f/k/a IRBManager) | All | Not vuln | Not vuln | Not vuln | Not vuln | OneAegis does not use Log4j. | Log4j CVE-2021-44228 Vulnerability Impact Statement |
| Tech Software | SMART | All | Not vuln | Not vuln | Not vuln | Not vuln | SMART does not use Log4j. | Log4j CVE-2021-44228 Vulnerability Impact Statement |
| Tech Software | Study Binders | All | Not vuln | Not vuln | Not vuln | Not vuln | Study Binders does not use Log4j. | Log4j CVE-2021-44228 Vulnerability Impact Statement |
| TechSmith | All | | | | | | | TechSmith Article |
| TECLIB | GLPI | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TECLIB | GLPI Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TECLIB | GLPI Android Agent | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Telestream | All | | | | | | | Telestream Bulletin |
| Tenable | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tesorion | Immunity-appliances and software | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tesorion | SOC-appliances and software | All | Not vuln | Fix | | | Potential Log4j impact mitigated | source |
| Thales | CADP/SafeNet Protect App (PA) - JCE | | | Vulnerable | | | | Thales Support |
| Thales | CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | CipherTrust Batch Data Transformation (BDT) 2.3 | | | Vulnerable | | | | Thales Support |
| Thales | CipherTrust Cloud Key Manager (CCKM) Appliance | | | Vulnerable | | | | Thales Support |
| Thales | CipherTrust Cloud Key Manager (CCKM) Embedded | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | CipherTrust Database Protection | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | CipherTrust Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | CipherTrust Transparent Encryption (CTE/VTE/CTE-U) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager | | | Vulnerable | | | | Thales Support |
| Thales | CipherTrust Vaultless Tokenization (CTS, CT-VL) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | CipherTrust/SafeNet PDBCTL | | | Vulnerable | | | | Thales Support |
| Thales | Crypto Command Center (CCC) | | | Vulnerable | | | | Thales Support |
| Thales | Data Platform (TDP)(DDC) | | | Vulnerable | | | | Thales Support |
| Thales | Data Protection on Demand | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Data Security Manager (DSM) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | KeySecure | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Luna EFT | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Luna Network, PCIe, Luna USB HSM and backup devices | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Luna SP | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | payShield 10k | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | payShield 9000 | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | payShield Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | payShield Monitor | | | Investigation | | | | Thales Support |
| Thales | ProtectServer HSMs | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet Authentication Client | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet eToken (all products) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet IDPrime Virtual | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet IDPrime(all products) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet LUKS | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet PKCS#11 and TDE | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet ProtectApp (PA) CAPI, .Net & Net Core | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet ProtectDB (PDB) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Safenet ProtectFile and ProtectFile- Fuse | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet ProtectV | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet SQL EKM | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet Transform Utility (TU) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet Trusted Access (STA) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | SafeNet Vaultless Tokenization | | | Vulnerable | | | | Thales Support |
| Thales | SAS on Prem (SPE/PCE) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Sentinel Connect | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Sentinel EMS Enterprise aaS | | | Vulnerable | | | | Thales Support |
| Thales | Sentinel EMS Enterprise OnPremise | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Sentinel Envelope | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Sentinel ESDaaS | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Sentinel HASP, Legacy dog, Maze, Hardlock | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Sentinel LDK EMS (LDK-EMS) | | | Vulnerable | | | | Thales Support |
| Thales | Sentinel LDKaas (LDK-EMS) | | | Vulnerable | | | | Thales Support |
| Thales | Sentinel Professional Services components (both Thales hosted & hosted on-premises by customers) | | | Vulnerable | | | | Thales Support |
| Thales | Sentinel RMS | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Sentinel SCL | | | Vulnerable | | | | Thales Support |
| Thales | Sentinel Superdog, SuperPro, UltraPro, SHK | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Sentinel Up | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Vormetirc Key Manager (VKM) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Vormetric Application Encryption (VAE) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Vormetric Protection for Terradata Database (VPTD) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| Thales | Vormetric Tokenization Server (VTS) | | Not vuln | Not vuln | Not vuln | Not vuln | | Thales Support |
| The Linux Foundation | StackStorm (ST2) | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| The Linux Foundation | XCP-ng | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TheGreenBow | All | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TheHive | All | All | Not vuln | Not vuln | Not vuln | Not vuln | Safety release done removing log4j, despite not being vulnerable | source |
| TheHive | Cortex | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Thermo Fisher Scientific | All | | | | | | | Thermo Fisher Scientific Advisory Link |
| Thermo-Calc | All | 2018a and earlier | Not vuln | Not vuln | Not vuln | Not vuln | Use the program as normal | Thermo-Calc Advisory Link |
| Thermo-Calc | All | 2018b to 2021a | Not vuln | Not vuln | Not vuln | Not vuln | Use the program as normal, delete the Log4j 2 files in the program installation if required, see advisory for instructions. | Thermo-Calc Advisory Link |
| Thermo-Calc | All | 2021b | Not vuln | Not vuln | Not vuln | Not vuln | Use the program as normal | Thermo-Calc Advisory Link |
| Thermo-Calc | All | 2022a | Not vuln | Not vuln | Not vuln | Not vuln | Use the program as normal, Install the 2022a patch when available | Thermo-Calc Advisory Link |
| THK Group | FlinQ | All | | Not vuln | | | | source |
| THK Group | FlinQ Foresight | All | | Vulnerable | | | | source |
| THK Group | Fore! | All | | Not vuln | | | | source |
| THK Group | iProtect | All | | Not vuln | | | | source |
| THK Group | VDG Sense | All | | Not vuln | | | | source |
| Thomson Reuters | HighQ Appliance | <3.5 | Not vuln | Fix | | | Reported by vendor - Documentation is in vendor's client portal (login required). This advisory is available to customer only and has not been reviewed by CISA. | source |
| ThreatLocker | All | | | | | | | ThreatLocker Log4j Statement |
| ThycoticCentrify | Account Lifecycle Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit |
| ThycoticCentrify | Cloud Suite | | Not vuln | Not vuln | Not vuln | Not vuln | | ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit |
| ThycoticCentrify | Connection Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit |
| ThycoticCentrify | DevOps Secrets Vault | | Not vuln | Not vuln | Not vuln | Not vuln | | ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit |
| ThycoticCentrify | Password Reset Server | | Not vuln | Not vuln | Not vuln | Not vuln | | ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit |
| ThycoticCentrify | Privilege Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit |
| ThycoticCentrify | Privileged Behavior Analytics | | Not vuln | Not vuln | Not vuln | Not vuln | | ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit |
| ThycoticCentrify | Secret Server | | Not vuln | Not vuln | Not vuln | Not vuln | | ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit |
| Tibco | All | | | | | | | Tibco Support Link |
| Tools4ever | HelloID | All | | Not vuln | | | | source |
| Top Gun Technology (TGT) | All | | | | | | | TGT Bulletin |
| TOPdesk | On-Premises Classic | All | | Not vuln | | | Although the standard product is not vulnerable, we advise our customers to scan for vulnerabilies if they modified the product, installed add-ons or bespoke work | source |
| TOPdesk | On-Premises Virtual Appliance | All | | Not vuln | | | Although the standard product is not vulnerable, we advise our customers to scan for vulnerabilies if they modified the product, installed add-ons or bespoke work | source |
| TOPdesk | SaaS | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Topicus Security | Topicus KeyHub | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Topix | All | | | | | | | Topix Statement |
| Tosibox | All | | Not vuln | Fix | | | | source |
| TP-Link | Omada SDN Controller (Linux) | 4.4.8 | Not vuln | Fix | | | | source |
| TP-Link | Omada SDN Controller (Windows) | 5.0.29 | Not vuln | Fix | | | | source |
| TPLink | Omega Controller | Linux/Windows(all) | Not vuln | Fix | | | Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16 | Statement on Apache Log4j Vulnerability |
| Trend Micro | 5G Mobile Network Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | ActiveUpdate | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Apex Central (including as a Service) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Apex One (all versions including SaaS, Mac, and Edge Relay) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Cloud App Security | | | Fix | | | | source |
| Trend Micro | Cloud Edge | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Cloud One - Application Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Cloud One - Common Services | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Cloud One - Conformity | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Cloud One - Container Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Cloud One - File Storage Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Cloud One - Network Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Cloud One - Workload Secuity | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Cloud Sandbox | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Deep Discovery Analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Deep Discovery Director | 5.3 CP B1228, 5.2 CP B1400 | Not vuln | Fix | Fix | Fix | 5.3 CP1228 replaces the previous B1225. Customers may upgrade from any 5.3 build 1225 or below to the latest CP1228. Please note that all versions of Trend Micro Deep Discovery Director 5.1 SP1 and below have officially reached End-of-Life (EOL) and no patch will be made available. | source |
| Trend Micro | Deep Discovery Email Inspector | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Deep Discovery Inspector | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Deep Discovery Web Inspector | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Deep Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Email Security & HES | | Not vuln | Fix | | | | source |
| Trend Micro | Endpoint Encryption | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Endpoint Sensor | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Fraudbuster | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Home Network Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Housecall | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | ID Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Instant Messaging Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Internet Security for Mac (Consumer) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Interscan Messaging Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Interscan Messaging Security Virtual Appliance (IMSVA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Interscan Web Security Suite | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Interscan Web Security Virtual Appliance (IWSVA) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Mobile Security for Android | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Mobile Security for Enterprise | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Mobile Security for iOS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | MyAccount (Consumer Sign-on) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Network Viruswall | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | OfficeScan | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Password Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Phish Insight | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Policy Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Portable Security | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | PortalProtect | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Public Wifi Protection / VPN Proxy One Pro | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Remote Manager | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Rescue Disk | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Rootkit Buster | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Safe Lock (TXOne Edition) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Safe Lock 2.0 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Sandbox as a Service | | Not vuln | Fix | | | | source |
| Trend Micro | ScanMail for Domino | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | ScanMail for Exchange | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Security (Consumer) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Security for NAS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | ServerProtect (all versions) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Smart Home Network | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Smart Protection Complete | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Smart Protection for Endpoints | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Smart Protection Server (SPS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TippingPoint Accessories | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TippingPoint IPS (N-, NX- and S-series) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TippingPoint Network Protection (AWS & Azure) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TippingPoint SMS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TippingPoint Threat Management Center (TMC) | | Not vuln | Fix | | | | source |
| Trend Micro | TippingPoint ThreatDV | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TippingPoint TPS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TippingPoint TX-Series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TippingPoint Virtual SMS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TippingPoint Virtual TPS | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TMUSB | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TXOne (Edge Series) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | TXOne (Stekkar Series) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Virtual Patch for Endpoint | | | Investigation | | | | source |
| Trend Micro | Vision One | | Not vuln | Fix | | | | source |
| Trend Micro | Web Security | | Not vuln | Fix | | | | source |
| Trend Micro | Worry-Free Business Security (on-prem) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Trend Micro | Worry-Free Business Security Services | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TrendMicro | All | | | Investigation | | | | source |
| tribe29 | Check_MK | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tricentis Tosca | All | | | | | | | Tricentis Tosca Statement |
| Trimble | eCognition | 10.2.0 Build 4618 | | Vulnerable | | | Remediation steps provided by Trimble | |
| Tripwire | ® Enterprise | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tripwire | Anyware SCM | | | Vulnerable | | | | source |
| Tripwire | Apps | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tripwire | Configuration Compliance Manager (CCM) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tripwire | Configuration Manager SaaS | | | Vulnerable | | | | source |
| Tripwire | Connect (on-prem) | | | Vulnerable | | | | source |
| Tripwire | Connect SaaS (cloud) | | | Vulnerable | | | | source |
| Tripwire | for Servers (TFS) | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tripwire | Industrial Sentinel | | Not vuln | Workaround | | | | source |
| Tripwire | Industrial Visibility | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tripwire | IP360™ | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tripwire | LogCenter® | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tripwire | State Analyzer | | | Vulnerable | | | | source |
| TrueNAS | All | | | | | | | TrueNAS Statement |
| TRUMPF | all other TRUMPF machines and systems | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | PFO Smart Teach App | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | QDS 2.0 | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | redpowerDirect | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | Seamline Remote | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | Smart Power Tube | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | Smart View Services | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruBend Cell 5000 / 7000 | | | Investigation | | | | source |
| TRUMPF | TruBend Center | | | Investigation | | | | source |
| TRUMPF | TruConvert | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruDiode | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruDisk | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruFiber | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruHeat | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruLaser 5000 series | | | Investigation | | | | source |
| TRUMPF | TruLaser all other series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruLaser Center 7030 | | | Investigation | | | | source |
| TRUMPF | TruMark | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruMatic 1000 fiber | | | Investigation | | | | source |
| TRUMPF | TruMatic 3000 | | | Investigation | | | | source |
| TRUMPF | TruMatic all other series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruMicro series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruPlasma | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruPrint Monitoring Analyzer | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruPulse | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruPunch 1000 / 3000 | | | Investigation | | | | source |
| TRUMPF | TruPunch all other series | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops Boost | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops Calculate | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops Cell | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops Classic | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops FAB | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops I-PFO | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops Mark 3D | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops Monitor | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops PFO | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops Print | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | TruTops Print Multilaser Assistant | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| TRUMPF | Visionline | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Tufin | All | | | | | | | Tufin Statement |
| TYPO3 | All | | | | | | | TYPO3 Statement |
| Dodávateľ | Produkt | Verzia | Stav CVE-2021-4104 | Stav CVE-2021-44228 | Stav CVE-2021-45046 | Stav CVE-2021-45105 | Poznámky | Linky |
|---|
| VTScada | All | | | Not vuln | | | Java is not utilized within VTScada software, and thus our users are unaffected. | link |
| Video Insight Inc. | Video Insight | | | Not vuln | | | Video Insight is a part of Panasonic I-Pro. | link |
| Varian | Acuity | All | | Investigation | | | | Varian Advisory Link |
| Varian | ARIA Connect (Cloverleaf) | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | ARIA eDOC | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | ARIA oncology information system for Medical Oncology | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | ARIA oncology information system for Radiation Oncology | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | ARIA Radiation Therapy Management System (RTM) | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Authentication and Identity Server (VAIS) | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Bravos Console | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Clinac | All | | Investigation | | | | Varian Advisory Link |
| Varian | Cloud Planner | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | DITC | All | | Investigation | | | | Varian Advisory Link |
| Varian | DoseLab | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Eclipse treatment planning software | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | ePeerReview | All | | Investigation | | | | Varian Advisory Link |
| Varian | Ethos | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | FullScale oncology IT solutions | All | | Investigation | | | | Varian Advisory Link |
| Varian | Halcyon system | All | | Investigation | | | | Varian Advisory Link |
| Varian | ICAP | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Identify | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Information Exchange Manager (IEM) | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | InSightive Analytics | All | | Investigation | | | | Varian Advisory Link |
| Varian | Large Integrated Oncology Network (LION) | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Managed Services Cloud | All | | Investigation | | | | Varian Advisory Link |
| Varian | Mobile App | 2.0, 2.5 | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Mobius3D platform | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | PaaS | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | ProBeam | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Qumulate | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Real-time Position Management (RPM) | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Respiratory Gating for Scanners (RGSC) | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | SmartConnect solution | All | | Vulnerable | | | See Knowledge Article: 000038850 on MyVarian | Varian Advisory Link |
| Varian | SmartConnect solution Policy Server | All | | Vulnerable | | | See Knowledge Articles: 000038831 and 000038832 on MyVarian | Varian Advisory Link |
| Varian | TrueBeam radiotherapy system | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | UNIQUE system | All | | Investigation | | | | Varian Advisory Link |
| Varian | VariSeed | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Velocity | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | VitalBeam radiotherapy system | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | Vitesse | All | Not vuln | Not vuln | Not vuln | Not vuln | | Varian Advisory Link |
| Varian | XMediusFax for ARIA oncology information system for Medical Oncology | All | | Investigation | | | | Varian Advisory Link |
| Varian | XMediusFax for ARIA oncology information system for Radiation Oncology | All | | Investigation | | | | Varian Advisory Link |
| Variphy | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| VArmour | All | | | | | | | VArmour Statement |
| Varnish Software | All | | | | | | | Varnish Software Security Notice |
| Varonis | All | | | | | | | Varonis Notice |
| Vectra | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Veeam | All | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Venafi | All | | | | | | | Venafi Statement |
| Veritas | Aptare IT Analytics | 10.5 and 10.6 | Not vuln | Workaround | | | Version 10.4 and earlier are not affected. | source |
| Veritas | Media Server Deduplication Pool (MSDP) (on NB Appliance) | 3.1.2 and 3.2 | Not vuln | Workaround | | | | source |
| Veritas | NetBackup Appliance | 3.1.2 through 4.1.0.1 MR1 | Not vuln | Workaround | | | | source |
| Veritas | NetBackup Client | 7.7.3 through 9.1.0.1 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Veritas | NetBackup CloudPoint | 2.2.2, 8.3 through 9.1.0.1 | Not vuln | Workaround | | | | source |
| Veritas | NetBackup Flex Scale | 2.1 | Not vuln | Workaround | | | Veritas strongly recommends customers using version 1.3 or 1.3.1 to upgrade to NetBackup FlexScale 2.1 in order to be able to perform the mitigation steps. | source |
| Veritas | NetBackup Media Server | 8.1 through 9.1.0.1 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Veritas | NetBackup Media Server container on Flex Appliance | 8.1 through 9.1.0.1 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Veritas | NetBackup OpsCenter | 7.7 through 7.7.3 and 8.0 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Veritas | NetBackup OpsCenter | 8.1.2 through 9.1.0.1 | Not vuln | Workaround | | | Veritas has published updated versions of Log4j that replace the vulnerable libraries used by NetBackup OpsCenter 8.1.2 through 9.1.0.1. | source |
| Veritas | NetBackup Primary Server | 7.7 through 7.7.3 and 8.0 | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| Veritas | NetBackup Primary Server | 8.1.2 through 9.1.0.1 | Not vuln | Workaround | | | Veritas has published updated versions of Log4j that replace the vulnerable libraries used by NetBackup Primary Server 8.1.2 through 9.1.0.1. | source |
| Veritas | NetBackup Primary Server BYO (also known as Master Server) | 8.1 through 8.1.1 | Not vuln | Workaround | | | Veritas strongly recommends customers upgrade to NetBackup 8.1.2 or the latest release in order to be able to perform the mitigation steps. | source |
| Veritas | NetBackup Primary Server container on Flex Appliance | 8.1.2 through 9.1.0.1 | Not vuln | Workaround | | | | source |
| Veritas | NetBackup Resiliency Platform | 3.4 through 4.0 | Not vuln | Workaround | | | | source |
| Veritas NetBackup | All | | | | | | | Verita Statement |
| Vertica | All | | | | | | | Vertica Statement |
| Viso Trust | All | | | | | | | Viso Trust Statement |
| VMware | API Portal for VMware Tanzu | 1.0.8 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | App Metrics | 2.1.2 | Not vuln | Fix | Fix | Not vuln | | source fix |
| VMware | AppDefense Appliance | 2.x | Not vuln | Workaround | Workaround | Not vuln | Advisory requires a login | source KB |
| VMware | Carbon Black Cloud Workload Appliance | 1.1.2 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Carbon Black EDR server | 7.6.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Cloud Director Object Storage Extension | 2.1.0.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Cloud Director Object Storage Extension | 2.0.0.3 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | Cloud Foundation | 4.x, 3.x | Not vuln | Workaround | Workaround | Not vuln | | VMSA-2021-0028.1 (vmware.com) workaround |
| VMware | Cloud Provider Lifecycle Manager | 1.2.0.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Greenplum Text | 3.8.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Harbor Container Registry for TKGI | 2.4.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | HCX | 4.2.4, 4.1.0.3 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | HCX | 4.3 | Not vuln | Not vuln | Not vuln | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Healthwatch for Tanzu Application Service | 2.1.8, 1.8.7 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | Horizon | 2111, 7.13.1, 7.10.3 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Horizon Agents Installer | patch for 20.3.0, 20.3.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Horizon Cloud Connector | 1.x | Not vuln | Vulnerable | Vulnerable | Not vuln | Upgrade to 2.1.2 required | VMSA-2021-0028.1 (vmware.com) |
| VMware | Horizon Cloud Connector | 2.1.2 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | Horizon DaaS | 9.1.x,9.0.x | Not vuln | Workaround | Workaround | Not vuln | | VMSA-2021-0028.1 (vmware.com) workaround |
| VMware | Identity Manager | 3.3.6 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) source |
| VMware | Integrated OpenStack | 7.2 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) Fix |
| VMware | NSX Data Center for vSphere | 6.4.12 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | NSX-T Data Center | 3.1.3.5, 3.0.3.1, 2.5.3.4 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | NSX Intelligence | 1.2.1.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | SD-WAN VCO | Multiple Versions | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | Single Sign-On for VMware Tanzu Application Service | 1.14.6 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | Site Recovery Manager, vSphere Replication | 8.5.0.2, 8.4.0.4, 8.3.1.5 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Skyline Collector virtual appliance | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| VMware | Smart Assurance M&R | 6.8u5, 7.0u8, 7.2.0.1 | Not vuln | Workaround | Workaround | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Smart Assurance NCM | 10.1.6 | Not vuln | Workaround | Workaround | | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Smart Assurance SAM [Service Assurance Manager] | 10.1.5.5 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Spring Cloud Gateway for Kubernetes | 1.0.7 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Spring Cloud Gateway for VMware Tanzu | 1.1.4, 1.0.19 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Spring Cloud Services for VMware Tanzu | 3.1.27,2.1.10 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | Tanzu Application Services for VMs | 2.6.23, 2.7.44, 2.8.30, 2.9.30, 2.10.24, 2.11.12 and 2.12.5 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) workaround fix |
| VMware | Tanzu GemFire | 9.10.13, 9.9.7 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | Tanzu GemFire for VMs | 1.14.2, 1.13.5, 1.12.4, 1.10.9 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Tanzu Greenplum Platform Extension Framework | 6.2.2 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) workaround |
| VMware | Tanzu Kubernetes Grid Integrated Edition | 1.13.1, 1.10.8 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Tanzu Observability by Wavefront Nozzle | 3.0.4 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | Tanzu Observability Proxy | 10.12 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Tanzu Operations Manager | 2.8.19, 2.9.26, 2.10.25 | Not vuln | Fix | Fix | Fix | | VMSA-2021-0028.1 (vmware.com) workaround fix |
| VMware | Tanzu Scheduler | 1.6.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Tanzu SQL with MySQL for VMs | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| VMware | Telco Cloud Automation | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| VMware | Telco Cloud Operations | 1.4.0.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Unified Access Gateway (UAG) | 20.x | Not vuln | Workaround | Workaround | Not vuln | Upgrade to 2111.1 required | VMSA-2021-0028.1 (vmware.com) |
| VMware | Unified Access Gateway (UAG) | 2111.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | Unified Access Gateway (UAG) | 3.x | Not vuln | Workaround | Workaround | Not vuln | Upgrade to 2111.1 required | VMSA-2021-0028.1 (vmware.com) |
| VMware | vCenter Cloud Gateway | 1.x | Not vuln | Workaround | Workaround | Not vuln | | VMSA-2021-0028.1 (vmware.com) workaround |
| VMware | vCenter Server - OVA | 6.5 U3s | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.4 (vmware.com) fix |
| VMware | vCenter Server - OVA | 6.7 U3q | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.4 (vmware.com) fix |
| VMware | vCenter Server - OVA | 7.0U3c | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.4 (vmware.com) fix |
| VMware | vCenter Server - Windows | 6.5 U3s | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.4 (vmware.com) fix |
| VMware | vCenter Server - Windows | 6.7 U3q | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.4 (vmware.com) fix |
| VMware | vCloud Director | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| VMware | vCloud Workstation | All | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| VMware | Workspace ONE Access | patches for 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0 | | Fix | Fix | | | VMSA-2021-0028.1 (vmware.com) KB |
| VMware | vRealize Automation | 7.6 | Not vuln | Vulnerable | Vulnerable | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | vRealize Automation | 8.6.2 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | vRealize Business for Cloud | 7.x | Not vuln | Vulnerable | Vulnerable | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | vRealize Lifecycle Manager | 8.6.2 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) workaround fix |
| VMware | vRealize Log Insight | 8.2, 8.3, 8.4 | Not vuln | Vulnerable | Vulnerable | Not vuln | Upgrade to 8.6.2 required | VMSA-2021-0028.1 (vmware.com) |
| VMware | vRealize Log Insight | 8.6.2 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | vRealize Network Insight | 6.5 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | vRealize Operations | 8.6.2 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) |
| VMware | vRealize Operations Cloud Proxy | 8.6.2 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | vRealize Operations Tenant App for VMware Cloud Director | 2.5.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | vRealize Orchestrator | 8.6.2 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) fix |
| VMware | vRealize Orchestrator | 7.6 | Not vuln | Workaround | Workaround | Not vuln | | VMSA-2021-0028.1 (vmware.com) Workaround |
| VMware | vSphere ESXi | | Not vuln | Not vuln | Not vuln | Not vuln | | source |
| VMware | Workspace ONE Access Connector ( Identity Manager Connector) | patches for 21.08.0.1, 21.08.0.0, 20.10.0.0, 19.03.0.1 | Not vuln | Fix | Fix | Not vuln | | VMSA-2021-0028.1 (vmware.com) KB |
| Vuze | Torrent (desktop/server/mobile) | Revision 44261 | | Investigation | | | Also know as Azureus | source vendor |
| Vyaire | All | | Not vuln | Not vuln | Not vuln | Not vuln | | Vyaire Advisory Link |
| Vyaire medical | All | | | Not vuln | | | | source |
| Vyaire medical | Mirth Connect | | Vulnerable | Not vuln | Not vuln | Not vuln | Mirth Connect does not make use of the vulnerable JMSAppender in its Log4j configuration by default. | source |
