Mitsubishi Netcom 2


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

MobileIron Core


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US

Community Resources

Resource Link
source https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function.
CISAGov The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function.
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US. Updated community note. Updated community note.
Expand Details

MobileIron Core Connector


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US

Community Resources

Resource Link
source https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function.
CISAGov The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function.
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US. Updated community note. Updated community note.
Expand Details

MobileIron Reporting Database (RDB)


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US

Community Resources

Resource Link
source https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function.
CISAGov The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function.
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US. Updated community note. Updated community note.
Expand Details

MobileIron Sentry


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US

Community Resources

Resource Link
source https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function.
CISAGov The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function.
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US. Updated community note. Updated community note.
Expand Details

MongoDB All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb.
Expand Details

MongoDB Atlas


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Including Atlas Database, Data Lake, Charts

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

MongoDB Atlas Search


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered.

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb.
Expand Details

MongoDB Community Edition


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Including Community Server, Cloud Manager, Community Kubernetes Operators.

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2022-01-03 12:43:47 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb.
Expand Details

MongoDB Drivers


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb.
Expand Details

MongoDB Enterprise Advanced


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators.

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2022-01-03 12:43:47 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb.
Expand Details

MongoDB Realm


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL including Realm Database, Sync, Functions, APIs

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

MongoDB Realm (including Realm Database, Sync, Functions, APIs)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2022-01-03 12:43:47 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb.
Expand Details

MongoDB Tools


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Resources

Resource Link
source https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2022-01-03 12:43:47 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb.
Expand Details

Moodle (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Moodle Discussion https://moodle.org/mod/forum/discuss.php?d=429966

Community Resources

Resource Link
source https://moodle.org/mod/forum/discuss.php?d=429966

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendor link Moodle Discussion.
Expand Details

MoogSoft (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
MoogSoft Vulnerability Information https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228

Community Resources

Resource Link
MoogSoft Vulnerability Information https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link MoogSoft Vulnerability Information.
2021-12-30 21:31:50 CISAGov Updated vendor link MoogSoft Vulnerability Information.
Expand Details

Motorola Avigilon (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Motorola Avigilon Technical Notification https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US

Community Resources

Resource Link
Motorola Avigilon Technical Notification https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Motorola Avigilon Technical Notification.
2021-12-30 21:31:50 CISAGov Updated vendor link Motorola Avigilon Technical Notification.
Expand Details

Moxa (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

Mulesoft (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Mulesoft Statement https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

Community Resources

Resource Link
Mulesoft Statement https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

Community Notes

Source Note
NCSC-NL This advisory is available to customers only and has not been reviewed by CISA
CISAGov This advisory is available to customers only and has not been reviewed by CISA

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Mulesoft Statement. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link Mulesoft Statement. Updated community note.
Expand Details

Mulesoft Anypoint Studio


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Apache Log4j2 vulnerability - December 2021 https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

Community Resources

Resource Link
Apache Log4j2 vulnerability - December 2021 https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL This advisory is available to account holders only and has not been reviewed by CISA.
CISAGov This advisory is available to account holders only and has not been reviewed by CISA.
CISAGov Last Update: 12/15/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link Apache Log4j2 vulnerability - December 2021. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Apache Log4j2 vulnerability - December 2021. Updated community note. Updated community note.
Expand Details

Mulesoft Cloudhub


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Apache Log4j2 vulnerability - December 2021 https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

Community Resources

Resource Link
Apache Log4j2 vulnerability - December 2021 https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL This advisory is available to account holders only and has not been reviewed by CISA.
CISAGov This advisory is available to account holders only and has not been reviewed by CISA.
CISAGov Last Update: 12/15/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link Apache Log4j2 vulnerability - December 2021. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Apache Log4j2 vulnerability - December 2021. Updated community note. Updated community note.
Expand Details

Mulesoft Mule Agent


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Apache Log4j2 vulnerability - December 2021 https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

Community Resources

Resource Link
Apache Log4j2 vulnerability - December 2021 https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL This advisory is available to account holders only and has not been reviewed by CISA.
CISAGov This advisory is available to account holders only and has not been reviewed by CISA.
CISAGov Last Update: 12/15/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link Apache Log4j2 vulnerability - December 2021. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Apache Log4j2 vulnerability - December 2021. Updated community note. Updated community note.
Expand Details

Mulesoft Mule Runtime


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Apache Log4j2 vulnerability - December 2021 https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

Community Resources

Resource Link
Apache Log4j2 vulnerability - December 2021 https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL This advisory is available to account holders only and has not been reviewed by CISA.
CISAGov This advisory is available to account holders only and has not been reviewed by CISA.
CISAGov Last Update: 12/15/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link Apache Log4j2 vulnerability - December 2021. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Apache Log4j2 vulnerability - December 2021. Updated community note. Updated community note.
Expand Details

Nakivo Backup & Replication


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
source /NCSC-NL/log4shell/blob/main/software/vendor-statements/nakivo_email.png

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Workaround
NCSC-NL “manual fix by removing JndiLookup.class located in libs\log4j-core-2.2.jar. <a href=““https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/#comment-9145"" rel=““nofollow”">source”

Sources

Date Attribution Description
2022-01-03 12:53:57 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

Nelson (Multiple Products)


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
source https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround is available, but not released yet.

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
Expand Details

Neo4j (Multiple Products)


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856
source_fix https://neo4j.com/security/log4j/?_gl=121owwo_gaMjE0NzMyNTYxMy4xNjM4MTE2NTM0_ga_DL38Q8KGQC*MTYzOTY1NTgyMS4yNS4wLjE2Mzk2NTU4MjEuMA..&_ga=2.221851932.50302124.1639655825-2147325613.1638116534

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix

Sources

Date Attribution Description
2022-01-03 12:53:57 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community link source_fix.
Expand Details

Neo4j Graph Database


Vendor Data
Community Data Vulnerable

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
CISAGov Last Update: 12/13/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated community note.
Expand Details

NetApp Multiple NetApp products


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
https://security.netapp.com/advisory/ntap-20211210-0007/ https://security.netapp.com/advisory/ntap-20211210-0007/

Community Resources

Resource Link
source https://security.netapp.com/advisory/ntap-20211210-0007/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link https://security.netapp.com/advisory/ntap-20211210-0007/.
Expand Details

NetCore Unimus


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://download.unimus.net/unimus/Changelog.txt

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
Expand Details

Netcup (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Netcup Statement https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/

Community Resources

Resource Link
Netcup Statement https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Netcup Statement.
2021-12-30 21:31:50 CISAGov Updated vendor link Netcup Statement.
Expand Details

NetGate PFSense (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
NetGate PFSense Forum https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35

Community Resources

Resource Link
NetGate PFSense Forum https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35

Sources

Date Attribution Description
2022-01-03 12:53:57 NCSC-NL Updated community link NetGate PFSense Forum.
2021-12-30 21:31:50 CISAGov Updated vendor link NetGate PFSense Forum.
Expand Details

Netgear (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://community.netgear.com/t5/Smart-Plus-and-Smart-Pro-Managed/Has-Netgear-GS748TS-been-affected-by-Log4J/m-p/2173582#M19998

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

NetIQ eDirectory


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://portal.microfocus.com/s/article/KM000003035

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

NetIQ Identity Manager


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://portal.microfocus.com/s/article/KM000003035

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

NetIQ iManager


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://portal.microfocus.com/s/article/KM000003035

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

New Relic Containerized Private Minion (CPM)


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
NR21-04 https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/

Community Resources

Resource Link
source https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/
Security Bulletin NR21-04 https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
CISAGov New Relic is in the process of revising guidance/documentation, however the fix version remains sufficient.
CISAGov Last Update: 12/18/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link NR21-04. Updated community link Security Bulletin NR21-04. Updated community note. Updated community note.
Expand Details

New Relic Java Agent


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/

Community Resources

Resource Link
source https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-03/
New Relic tracking https://github.com/newrelic/newrelic-java-agent/issues/605

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
CISAGov Initially fixed in 7.4.2, but additional vulnerability found
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/. Updated community link New Relic tracking. Updated community note. Updated community note.
Expand Details

NextCloud (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
NextCloud Help https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244

Community Resources

Resource Link
source https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Invidivual plugins not developed as part of Nextcloud core may be vulnerable.

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link NextCloud Help.
Expand Details

Nextflow (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://www.nextflow.io/docs/latest/index.html

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

NI (National Instruments) (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
NI Support Link https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html

Community Resources

Resource Link
NI Support Link https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link NI Support Link.
2021-12-30 21:31:50 CISAGov Updated vendor link NI Support Link.
Expand Details

NiceLabel (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://help.nicelabel.com/hc/en-001/articles/4413846986385-Apache-Log4j-Vulnerability-Log4Shell-CVE-2021-44228-does-not-affect-NiceLabel-applications

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2022-01-03 12:53:57 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

NinjaRMM (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
NinjaRMM Article https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j-

Community Resources

Resource Link
NinjaRMM Article https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j-

Community Notes

Source Note
NCSC-NL This advisory is available to customers only and has not been reviewed by CISA
CISAGov This advisory is available to customers only and has not been reviewed by CISA

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link NinjaRMM Article. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link NinjaRMM Article. Updated community note.
Expand Details

Nomachine (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Nomachine Forums https://forums.nomachine.com/topic/apache-log4j-notification

Community Resources

Resource Link
source https://forums.nomachine.com/topic/apache-log4j-notification

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendor link Nomachine Forums.
Expand Details

NSA Ghidra


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning
fix https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.1_build

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community link fix.
Expand Details

Nulab Backlog


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
Nulab Blog Post https://nulab.com/blog/company-news/log4shell/

Community Resources

Resource Link
source https://nulab.com/blog/company-news/log4shell/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix ; CVE-2021-45105: Fix

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendor link Nulab Blog Post.
Expand Details

Nulab Backlog Enterprise (On-premises)


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
Nulab Blog Post https://nulab.com/blog/company-news/log4shell/

Community Resources

Resource Link
source https://nulab.com/blog/company-news/log4shell/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix ; CVE-2021-45105: Fix

Sources

Date Attribution Description
2022-01-03 12:53:57 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link Nulab Blog Post.
Expand Details

Nulab Cacoo


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
Nulab Blog Post https://nulab.com/blog/company-news/log4shell/

Community Resources

Resource Link
source https://nulab.com/blog/company-news/log4shell/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix ; CVE-2021-45105: Fix

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendor link Nulab Blog Post.
Expand Details

Nulab Cacoo Enterprise (On-premises)


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
Nulab Blog Post https://nulab.com/blog/company-news/log4shell/

Community Resources

Resource Link
source https://nulab.com/blog/company-news/log4shell/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix ; CVE-2021-45105: Fix

Sources

Date Attribution Description
2022-01-03 12:53:57 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link Nulab Blog Post.
Expand Details