Amazon VPC


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Community Resources

Resource Link
source https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendor link https://aws.amazon.com/security/security-bulletins/AWS-2021-006/.
Expand Details

Amazon WorkSpaces/AppStream 2.0


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL “Not affected with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info”

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
Expand Details

AMD (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
AMD Advisory Link https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034

Community Resources

Resource Link
AMD Advisory Link https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Currently, no AMD products have been identified as affected. AMD is continuing its analysis.
CISAGov Currently, no AMD products have been identified as affected. AMD is continuing its analysis.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link AMD Advisory Link. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link AMD Advisory Link. Updated community note. Updated community note.
Expand Details

Apache ActiveMQ Artemis


Vendor Data Vendor Patch Exists
Community Data Not Vulnerable

Vendor Resources

Resource Link
ApacheMQ - Update on CVE-2021-4428 https://activemq.apache.org/news/cve-2021-44228

Community Resources

Resource Link
ApacheMQ - Update on CVE-2021-4428 https://activemq.apache.org/news/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL “ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. <a href=""/cisagov/log4j-affected-db/blob/develop/web/console.war/WEB-INF/lib”">web/console.war/WEB-INF/lib). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See <a href=““https://issues.apache.org/jira/browse/ARTEMIS-3612"" rel=““nofollow”">ARTEMIS-3612 for more information on that task.”
CISAGov ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. web/console.war/WEB-INF/lib). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See ARTEMIS-3612 for more information on that task.
CISAGov Last Update: 12/21/2021

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link ApacheMQ - Update on CVE-2021-4428. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendorPatchExists. Updated vendor link ApacheMQ - Update on CVE-2021-4428. Updated community note. Updated community note.
Expand Details

Apache Airflow


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Apache Airflow https://github.com/apache/airflow/tree/main/airflow

Community Resources

Resource Link
Apache Airflow https://github.com/apache/airflow/tree/main/airflow

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Airflow is written in Python
CISAGov Airflow is written in Python

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link Apache Airflow. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link Apache Airflow. Updated community note.
Expand Details

Apache Archiva


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://blogs.apache.org/security/entry/cve-2021-44228
fix https://lists.apache.org/thread/bmvhs0jxhf4vxcjxyhozm058pchykcqx

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Fixed in 2.2.6

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community link fix. Updated community note.
Expand Details

Apache Camel


Vendor Data Vendor Patch Exists
Community Data Vulnerability Disputed

Vendor Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Resources

Resource Link
source https://camel.apache.org/blog/2021/12/log4j2/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4.
CISAGov Last Update: 12/13/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link APACHE CAMEL AND CVE-2021-44228 (LOG4J). Updated community note. Updated community note.
Expand Details

Apache Camel 2


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/13/2021

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link APACHE CAMEL AND CVE-2021-44228 (LOG4J).
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link APACHE CAMEL AND CVE-2021-44228 (LOG4J). Updated community note.
Expand Details

Apache Camel JBang


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
CISAGov Last Update: 12/13/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link APACHE CAMEL AND CVE-2021-44228 (LOG4J).
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link APACHE CAMEL AND CVE-2021-44228 (LOG4J). Updated community note.
Expand Details

Apache Camel K


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/13/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link APACHE CAMEL AND CVE-2021-44228 (LOG4J).
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link APACHE CAMEL AND CVE-2021-44228 (LOG4J). Updated community note.
Expand Details

Apache Camel Karaf


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j.
CISAGov The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j.
CISAGov Last Update: 12/13/2021

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link APACHE CAMEL AND CVE-2021-44228 (LOG4J). Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link APACHE CAMEL AND CVE-2021-44228 (LOG4J). Updated community note. Updated community note.
Expand Details

Apache Camel Quarkus


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/13/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link APACHE CAMEL AND CVE-2021-44228 (LOG4J).
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link APACHE CAMEL AND CVE-2021-44228 (LOG4J). Updated community note.
Expand Details

Apache CamelKafka Connector


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Resources

Resource Link
APACHE CAMEL AND CVE-2021-44228 (LOG4J) https://camel.apache.org/blog/2021/12/log4j2/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/13/2021

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link APACHE CAMEL AND CVE-2021-44228 (LOG4J).
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link APACHE CAMEL AND CVE-2021-44228 (LOG4J). Updated community note.
Expand Details

Apache Cassandra


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

Apache Druid


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Release druid-0.22.1 · apache/druid · GitHub https://github.com/apache/druid/releases/tag/druid-0.22.1

Community Resources

Resource Link
source https://github.com/apache/druid/pull/12051

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Release druid-0.22.1 · apache/druid · GitHub. Updated community note.
Expand Details

Apache Dubbo


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://github.com/apache/dubbo/issues/9380

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
Expand Details

Apache Flink


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228) https://flink.apache.org/2021/12/10/log4j-cve.html

Community Resources

Resource Link
source https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html
https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
CISAGov To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228). Updated community link https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html. Updated community note. Updated community note.
Expand Details

Apache Fortress


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://blogs.apache.org/security/entry/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Fixed in 2.0.7

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache Geode


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=66849544#ReleaseNotes-1.14.1

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Fixed in 1.12.6, 1.13.5, 1.14.1

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache Guacamole


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://guacamole.apache.org/security/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

Apache Hadoop


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://blogs.apache.org/security/entry/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL “Uses log4j 1.x. Are <a href=““https://issues.apache.org/jira/plugins/servlet/mobile#issue/HADOOP-12956"" rel=““nofollow”">plans to migrate to log4j2 but never performed”

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache HBase


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
source https://github.com/apache/hbase/pull/3933

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Fix is committed, but not yet released

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache Hive


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://issues.apache.org/jira/browse/HIVE-25795

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Fix in 4.x

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache Jena


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://blogs.apache.org/security/entry/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Fixed in 4.3.1

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache Kafka


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Log4j – Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html

Community Resources

Resource Link
source https://kafka.apache.org/cve-list

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Workaround ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Uses Log4j 1.2.17
CISAGov Only vulnerable in certain configuration(s)

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Log4j – Apache Log4j Security Vulnerabilities. Updated community note.
Expand Details

Apache Karaf


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
source https://mail-archives.apache.org/mod_mbox/karaf-dev/202112.mbox/browser

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “Depends on <a href=““https://github.com/ops4j/org.ops4j.pax.logging/issues/414"">PAX logging which is affected”

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache Log4j


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Log4j – Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html

Community Resources

Resource Link
Log4j – Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link Log4j – Apache Log4j Security Vulnerabilities.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Log4j – Apache Log4j Security Vulnerabilities.
Expand Details

Apache Log4j 1.x


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
source https://access.redhat.com/security/cve/CVE-2021-4104

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Workaround ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source.
Expand Details

Apache Log4j 2


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://logging.apache.org/log4j/2.x/security.html

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix ; CVE-2021-45105: Fix

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
Expand Details

Apache NiFi


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://issues.apache.org/jira/browse/NIFI-9474

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Fixed in 1.15.1, 1.16.0

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache OFBiz


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://blogs.apache.org/security/entry/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Fixed in 18.12.03

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache Ozone


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://blogs.apache.org/security/entry/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Fixed in 1.2.1

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache SOLR


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
Apache Solr Security https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228

Community Resources

Resource Link
source https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
Apache Solr 8.11.1 downloads https://solr.apache.org/downloads.html

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations
CISAGov Update to 8.11.1 or apply fixes as described in Solr security advisory
CISAGov Last Update: 12/16/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link Apache Solr Security. Updated community link Apache Solr 8.11.1 downloads. Updated community note. Updated community note.
Expand Details

Apache Spark


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://lists.apache.org/thread/wwm13b9764vjms5t8n96j6jklys49cyr

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Uses log4j 1.x

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache Struts 2


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
Apache Struts Announcements https://struts.apache.org/announce-2021

Community Resources

Resource Link
Apache Struts Announcements https://struts.apache.org/announce-2021
Apache Struts Release Downloads https://struts.apache.org/download.cgi#struts-ga

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible).
CISAGov The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible).
CISAGov Last Update: 12/21/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link Apache Struts Announcements. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link Apache Struts Announcements. Updated community link Apache Struts Release Downloads. Updated community note. Updated community note.
Expand Details

Apache Tapestry


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
source https://tapestry.apache.org/logging.html

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Uses Log4j

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

Apache Tika


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
source https://tika.apache.org/2.0.0/index.html

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source.
Expand Details

Apache Tomcat

CPE: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

Vendor Data
Community Data Log4j Optional Not Vulnerable

Vendor Resources

Resource Link
Apache Tomcat Security Notes https://tomcat.apache.org/security-9.html
Usage https://tomcat.apache.org/tomcat-8.0-doc/logging.html#Using_Log4j

Community Resources

Resource Link
source https://tomcat.apache.org/tomcat-9.0-doc/logging.html

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcat’s internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcat’s internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the log4j 2.x security page
CISAGov Last Update: 12/21/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendor link Apache Tomcat Security Notes. Updated community note. Updated community note.
2021-12-13T22:46:00-07:00 Randori Updated cpe. Updated communityLog4jOptional. Updated vendor link Usage.
Expand Details

Apache Zookeeper


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://issues.apache.org/jira/browse/ZOOKEEPER-4423

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Zookeeper uses Log4j 1.2 version

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

APC by Schneider Electric Powerchute Business Edition


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345

Community Resources

Resource Link
source https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Mitigation instructions to remove the affected class.
CISAGov Mitigation instructions to remove the affected class.
CISAGov Last Update: 12/15/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345. Updated community note. Updated community note.
Expand Details

APC by Schneider Electric Powerchute Network Shutdown


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345

Community Resources

Resource Link
source https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Mitigation instructions to remove the affected class.
CISAGov Mitigation instructions to remove the affected class.
CISAGov Last Update: 12/15/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345. Updated community note. Updated community note.
Expand Details

Apereo CAS


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
CAS Log4J Vulnerability Disclosure – Apereo Community Blog https://apereo.github.io/2021/12/11/log4j-vuln/

Community Resources

Resource Link
source https://apereo.github.io/2021/12/11/log4j-vuln/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Other versions still in active maintainance might need manual inspection

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link CAS Log4J Vulnerability Disclosure – Apereo Community Blog.
Expand Details

Apereo Opencast


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Apache Log4j Remote Code Execution · Advisory · opencast/opencast · GitHub https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8

Community Resources

Resource Link
source https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Apache Log4j Remote Code Execution · Advisory · opencast/opencast · GitHub.
Expand Details

Apigee Edge and OPDK products


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://status.apigee.com/incidents/3cgzb0q2r10p

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

Appdynamics (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Appdynamics Advisory Link https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability

Community Resources

Resource Link
Appdynamics Advisory Link https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Appdynamics Advisory Link.
2021-12-30 21:31:50 CISAGov Updated vendor link Appdynamics Advisory Link.
Expand Details

Appeon PowerBuilder


Vendor Data
Community Data Vulnerable

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
CISAGov Last Update: 12/15/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated community note.
Expand Details

Appian Platform


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
KB-2204 Information about the Log4j2 security vulnerabilities (CVE-2021-44228 & CVE-2021-45046) https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046

Community Resources

Resource Link
KB-2204 Information about the Log4j2 security vulnerabilities (CVE-2021-44228 & CVE-2021-45046) https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link KB-2204 Information about the Log4j2 security vulnerabilities (CVE-2021-44228 & CVE-2021-45046).
2021-12-30 21:31:50 CISAGov Updated vendor link KB-2204 Information about the Log4j2 security vulnerabilities (CVE-2021-44228 & CVE-2021-45046). Updated community note.
Expand Details

Application Performance Ltd DBMarlin


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Common Vulnerabilities Apache log4j Vulnerability CVE-2021-4428 https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428

Community Resources

Resource Link
Common Vulnerabilities Apache log4j Vulnerability CVE-2021-4428 https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/15/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link Common Vulnerabilities Apache log4j Vulnerability CVE-2021-4428.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Common Vulnerabilities Apache log4j Vulnerability CVE-2021-4428. Updated community note.
Expand Details

APPSHEET (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
APPSHEET Community Link https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976

Community Resources

Resource Link
APPSHEET Community Link https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link APPSHEET Community Link.
2021-12-30 21:31:50 CISAGov Updated vendor link APPSHEET Community Link.
Expand Details

Aptible Aptible


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Aptible Status - Log4j security incident CVE-2021-27135 https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4

Sources

Date Attribution Description
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Aptible Status - Log4j security incident CVE-2021-27135.
Expand Details

Aqua Security (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Aqua Security Google Doc https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub

Community Resources

Resource Link
Aqua Security Google Doc https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Aqua Security Google Doc.
2021-12-30 21:31:50 CISAGov Updated vendor link Aqua Security Google Doc.
Expand Details

Arbiter Systems (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Arbiter Systems Advisory Link https://www.arbiter.com/news/index.php?id=4403

Community Resources

Resource Link
Arbiter Systems Advisory Link https://www.arbiter.com/news/index.php?id=4403

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link Arbiter Systems Advisory Link.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Arbiter Systems Advisory Link. Updated community note.
Expand Details

Arcserve Backup


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://support.storagecraft.com/s/article/Log4J-Update https://support.storagecraft.com/s/article/Log4J-Update

Community Resources

Resource Link
source https://support.storagecraft.com/s/article/Log4J-Update
https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/14/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://support.storagecraft.com/s/article/Log4J-Update. Updated community link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US. Updated community note.
Expand Details

Arcserve Continuous Availability


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://support.storagecraft.com/s/article/Log4J-Update https://support.storagecraft.com/s/article/Log4J-Update

Community Resources

Resource Link
source https://support.storagecraft.com/s/article/Log4J-Update
https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/14/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://support.storagecraft.com/s/article/Log4J-Update. Updated community link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US. Updated community note.
Expand Details

Arcserve Email Archiving


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://support.storagecraft.com/s/article/Log4J-Update https://support.storagecraft.com/s/article/Log4J-Update

Community Resources

Resource Link
source https://support.storagecraft.com/s/article/Log4J-Update
https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/14/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://support.storagecraft.com/s/article/Log4J-Update. Updated community link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US. Updated community note.
Expand Details

Arcserve ShadowProtect


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://support.storagecraft.com/s/article/Log4J-Update https://support.storagecraft.com/s/article/Log4J-Update

Community Resources

Resource Link
source https://support.storagecraft.com/s/article/Log4J-Update
https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/14/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://support.storagecraft.com/s/article/Log4J-Update. Updated community link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US. Updated community note.
Expand Details

Arcserve ShadowXafe


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://support.storagecraft.com/s/article/Log4J-Update https://support.storagecraft.com/s/article/Log4J-Update

Community Resources

Resource Link
source https://support.storagecraft.com/s/article/Log4J-Update
https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/14/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://support.storagecraft.com/s/article/Log4J-Update. Updated community link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US. Updated community note.
Expand Details

Arcserve Solo


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://support.storagecraft.com/s/article/Log4J-Update https://support.storagecraft.com/s/article/Log4J-Update

Community Resources

Resource Link
source https://support.storagecraft.com/s/article/Log4J-Update
https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/14/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://support.storagecraft.com/s/article/Log4J-Update. Updated community link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US. Updated community note.
Expand Details

Arcserve StorageCraft OneXafe


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://support.storagecraft.com/s/article/Log4J-Update https://support.storagecraft.com/s/article/Log4J-Update

Community Resources

Resource Link
source https://support.storagecraft.com/s/article/Log4J-Update
https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/14/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://support.storagecraft.com/s/article/Log4J-Update. Updated community link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US. Updated community note.
Expand Details

Arcserve UDP


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://support.storagecraft.com/s/article/Log4J-Update https://support.storagecraft.com/s/article/Log4J-Update

Community Resources

Resource Link
source https://support.storagecraft.com/s/article/Log4J-Update
https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/14/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://support.storagecraft.com/s/article/Log4J-Update. Updated community link https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US. Updated community note.
Expand Details

Arista (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Arista Advisory Notice https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070

Community Resources

Resource Link
Arista Advisory Notice https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Arista Advisory Notice.
2021-12-30 21:31:50 CISAGov Updated vendor link Arista Advisory Notice.
Expand Details

Aruba Networks (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Aruba Networks Notification https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security

Community Resources

Resource Link
Aruba Networks Notification https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated community link Aruba Networks Notification.
2021-12-30 21:31:50 CISAGov Updated vendor link Aruba Networks Notification.
Expand Details

Atlassian Bamboo Server & Data Center


Vendor Data
Community Data Vulnerability Disputed

Vendor Resources

Resource Link
Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228 https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html

Community Resources

Resource Link
source https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Only vulnerable when using non-default config, cloud version fixed
CISAGov This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration.

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228. Updated community note.
Expand Details

Atlassian Bitbucket Server & Data Center


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228 https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html

Community Resources

Resource Link
Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228 https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable.
CISAGov This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable.

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228. Updated community note.
Expand Details

Atlassian Confluence Server & Data Center


Vendor Data
Community Data Vulnerability Disputed

Vendor Resources

Resource Link
Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228 https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html

Community Resources

Resource Link
source https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Only vulnerable when using non-default config, cloud version fixed
CISAGov This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration.

Sources

Date Attribution Description
2022-01-03 11:01:35 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228. Updated community note.
Expand Details