Siemens Healthineers Somatom Scope Som5 VC50


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL evaluation ongoing
CISAGov evaluation ongoing
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: remove the vulnerable class from the .jar file
CISAGov Workaround: remove the vulnerable class from the .jar file
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers Syngo MobileViewer VA10A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL The vulnerability will be patch/mitigated in upcoming releases\patches.
CISAGov The vulnerability will be patch/mitigated in upcoming releases\patches.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: remove the vulnerable class from the .jar file
CISAGov Workaround: remove the vulnerable class from the .jar file
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Please contact your Customer Service to get support on mitigating the vulnerability.
CISAGov Please contact your Customer Service to get support on mitigating the vulnerability.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: remove the vulnerable class from the .jar file
CISAGov Workaround: remove the vulnerable class from the .jar file
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers syngo.via WebViewer VA13B / VA20A / VA20B


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: remove the vulnerable class from the .jar file
CISAGov Workaround: remove the vulnerable class from the .jar file
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers X.Ceed Somaris 10 VA40*


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers X.Cite Somaris 10 VA30*/VA40*


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Sierra Wireless (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Sierra Wireless Security Bulletin https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin—swi-psa-2021-007/

Community Resources

Resource Link
Sierra Wireless Security Bulletin https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin—swi-psa-2021-007/

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Sierra Wireless Security Bulletin.
2021-12-30 21:31:50 CISAGov Updated vendor link Sierra Wireless Security Bulletin.
Expand Details

Silver Peak Orchestrator, Silver Peak GMS


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Security Advisory Notice Apache https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf

Community Resources

Resource Link
Security Advisory Notice Apache https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit.
CISAGov Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit.
CISAGov Last Update: 12/14/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Security Advisory Notice Apache. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Security Advisory Notice Apache. Updated community note. Updated community note.
Expand Details

SingleWire (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
SingleWire Support Link https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228

Community Resources

Resource Link
SingleWire Support Link https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228

Community Notes

Source Note
NCSC-NL This advisory is available to customers only and has not been reviewed by CISA
CISAGov This advisory is available to customers only and has not been reviewed by CISA

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link SingleWire Support Link. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link SingleWire Support Link. Updated community note.
Expand Details

Slurm (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://slurm.schedmd.com/documentation.html

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

Snakemake (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://snakemake.readthedocs.io/en/stable/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

Snow Software Snow Commander


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
Snow Software Commmunity Link https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS

Community Resources

Resource Link
source https://community.snowsoftware.com/s/article/LOG4J-Vulnerability

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix ; CVE-2021-45105: Fix

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link Snow Software Commmunity Link.
Expand Details

Snow Software VM Access Proxy


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
Snow Software Commmunity Link https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS

Community Resources

Resource Link
source https://community.snowsoftware.com/s/article/LOG4J-Vulnerability

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix ; CVE-2021-45105: Fix

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link Snow Software Commmunity Link.
Expand Details

Snowflake (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Snowflake Community Link https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228

Community Resources

Resource Link
Snowflake Community Link https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link Snowflake Community Link.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Snowflake Community Link.
Expand Details

Snyk Cloud Platform


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Snyk Updates https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499

Community Resources

Resource Link
Snyk Updates https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link Snyk Updates.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Snyk Updates.
Expand Details

SolarWinds Database Performance Analyzer


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
source https://www.solarwinds.com/trust-left/security-advisories/cve-2021-44228
workaround https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Workaround

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community link workaround.
Expand Details

SolarWinds Database Performance Analyzer (DPA)


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Apache Log4j Critical Vulnerability (CVE-2021-44228) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228
Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228) https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228

Community Resources

Resource Link
Apache Log4j Critical Vulnerability (CVE-2021-44228) https://www.solarwinds.com/trust-left/security-advisories/cve-2021-44228
Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228) https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workarounds available, hotfix under development
CISAGov For more information, please see the following KB article: link
CISAGov Last Update: 12/23/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Apache Log4j Critical Vulnerability (CVE-2021-44228). Updated community link Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228). Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Apache Log4j Critical Vulnerability (CVE-2021-44228). Updated vendor link Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228). Updated community note. Updated community note.
Expand Details

SolarWinds Server & Application Monitor


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
source https://www.solarwinds.com/trust-left/security-advisories/cve-2021-44228
workaround https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Workaround

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community link workaround.
Expand Details

SolarWinds Server & Application Monitor (SAM)


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Apache Log4j Critical Vulnerability (CVE-2021-44228) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228
Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228) https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US

Community Resources

Resource Link
Apache Log4j Critical Vulnerability (CVE-2021-44228) https://www.solarwinds.com/trust-left/security-advisories/cve-2021-44228
Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228) https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workarounds available, hotfix under development
CISAGov For more information, please see the following KB article for the latest details specific to the SAM hotfix: link
CISAGov Last Update: 12/23/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Apache Log4j Critical Vulnerability (CVE-2021-44228). Updated community link Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228). Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Apache Log4j Critical Vulnerability (CVE-2021-44228). Updated vendor link Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228). Updated community note. Updated community note.
Expand Details

Soliton Systems MailZen Management Portal - On-Premise


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://blog.solitonsystems.com/news/update-on-log4j-vulnerability#:~:text=mailzen%20management%20portal%20%E2%80%93%20on-premise

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
Expand Details

Sonatype (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Sonatype Vulnerability Statement https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status

Community Resources

Resource Link
Sonatype Vulnerability Statement https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild

Community Notes

Source Note
CISAGov Sonatype uses logback as the default logging solution as opposed to log4j. This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the reported log4j vulnerabilities. We still advise keeping your software upgraded at the latest version.
CISAGov Last Update: 12/29/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Sonatype Vulnerability Statement.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Sonatype Vulnerability Statement. Updated community note. Updated community note.
Expand Details

SonicWall Access Points


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Log4j2 not used in the SonicWall Access Points
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall Analytics


Vendor Data Vendor Investigating
Community Data

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL update based on v2.3 of advisory
CISAGov Under Review
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-28 13:53:19 NCSC-NL Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendorInvestigating. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall Analyzer


Vendor Data Vendor Investigating
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Under Review
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorInvestigating. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall Capture Client & Capture Client Portal


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Sonic Wall Security Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Log4j2 not used in the Capture Client.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Sonic Wall Security Advisory. Updated community note. Updated community note.
Expand Details

SonicWall Capture Security Appliance


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Log4j2 not used in the Capture Security appliance.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall CAS


Vendor Data Vendor Investigating
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Under Review
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorInvestigating. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall Email Security


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Fix ; CVE-2021-45046: Fix ; CVE-2021-45105: Fix
NCSC-NL based on version 2.3 of advisory
CISAGov ES 10.0.11 and earlier versions are impacted
CISAGov Last Update: 12/17/2021

Sources

Date Attribution Description
2021-12-28 13:53:19 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall Gen5 Firewalls (EOS)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Log4j2 not used in the appliance.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall Gen6 Firewalls


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Log4j2 not used in the appliance.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall Gen7 Firewalls


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Log4j2 not used in the appliance.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall GMS


Vendor Data Vendor Investigating
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Under Review
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorInvestigating. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall MSW


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Mysonicwall service doesn’t use Log4j
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall NSM


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
CISAGov NSM On-Prem and SaaS doesn’t use a vulnerable version
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall NSM On-Premise


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Fix ; CVE-2021-45046: Fix ; CVE-2021-45105: Fix
NCSC-NL based on version 2.3 of advisory

Sources

Date Attribution Description
2021-12-28 13:53:19 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
Expand Details

SonicWall SMA 100


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Log4j2 not used in the SMA100 appliance.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall SMA 1000


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Version 12.1.0 and 12.4.1 doesn’t use a vulnerable version
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall SonicCore


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov SonicCore doesn’t use a Log4j2
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall Switch


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Log4j2 not used in the SonicWall Switch.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall WAF


Vendor Data Vendor Investigating
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Under Review
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorInvestigating. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall WNM


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Log4j2 not used in the WNM.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

SonicWall WXA


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Security Advisory (sonicwall.com) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Resources

Resource Link
source https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov WXA doesn’t use a vulnerable version
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Security Advisory (sonicwall.com). Updated community note. Updated community note.
Expand Details

Sophos Central


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Resources

Resource Link
source https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Not vuln
CISAGov Sophos Central does not run an exploitable configuration.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note. Updated community note.
Expand Details

Sophos Cloud Optix


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Resources

Resource Link
source https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
CISAGov Users may have noticed a brief outage around 12:30 GMT as updates were deployed. There was no evidence that the vulnerability was exploited and to our knowledge no customers are impacted.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendor link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note. Updated community note.
Expand Details

Sophos Firewall (all versions)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Sophos Firewall does not use Log4j.
CISAGov Sophos Firewall does not use Log4j.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note. Updated community note.
Expand Details

Sophos Home


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Resources

Resource Link
source https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Not vuln
CISAGov Sophos Home does not use Log4j.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note. Updated community note.
Expand Details

Sophos Mobile


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Resources

Resource Link
source https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Not vuln
CISAGov Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable configuration.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note. Updated community note.
Expand Details

Sophos Mobile EAS Proxy


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Resources

Resource Link
source https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
CISAGov The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers will need to download and install version 9.7.2, available from Monday December 13, 2021, on the same machine where it is currently running. PowerShell mode is not affected. Customers can download the Standalone EAS Proxy Installer version 9.7.2 from the Sophos website.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note. Updated community note.
Expand Details

Sophos Reflexion


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Resources

Resource Link
source https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Not vuln
CISAGov Reflexion does not run an exploitable configuration.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note. Updated community note.
Expand Details

Sophos SG UTM (all versions)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL Sophos SG UTM does not use Log4j.
CISAGov Sophos SG UTM does not use Log4j.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note. Updated community note.
Expand Details

Sophos SG UTM Manager (SUM) (all versions)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL SUM does not use Log4j.
CISAGov SUM does not use Log4j.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note. Updated community note.
Expand Details

Sophos ZTNA


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Resources

Resource Link
source https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Not vuln
CISAGov Sophos ZTNA does not use Log4j.
CISAGov Last Update: 12/12/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos. Updated community note. Updated community note.
Expand Details

Spambrella (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Spambrella FAQ Link https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/

Community Resources

Resource Link
Spambrella FAQ Link https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Spambrella FAQ Link.
2021-12-30 21:31:50 CISAGov Updated vendor link Spambrella FAQ Link.
Expand Details

Spectralink (Multiple Products)


Vendor Data
Community Data

Community Resources

Resource Link
source https://support.spectralink.com/system/tdf/resource_files/CS-21-04%20Security%20Vulnerability%20Log4j2.pdf?file=1&type=node&id=3242867

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL using version 1.2.17

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated community note. Updated community link source. Updated community note.
Expand Details

Spigot (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Spigot Security Release https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/

Community Resources

Resource Link
Spigot Security Release https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Spigot Security Release.
2021-12-30 21:31:50 CISAGov Updated vendor link Spigot Security Release.
Expand Details

Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647)


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

Community Notes

Source Note
CISAGov Last Update: 8:20 am PT, 12/30/21

Sources

Date Attribution Description
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046). Updated community note.
Expand Details

Splunk Add-On for Java Management Extensions App ID 2647


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046).
Expand Details

Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/)


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

Community Notes

Source Note
CISAGov Last Update: 8:20 am PT, 12/30/21

Sources

Date Attribution Description
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046). Updated community note.
Expand Details

Splunk Add-On for JBoss App ID 2954


Vendor Data
Community Data Vulnerable

Community Resources

Resource Link
Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046).
Expand Details

Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/)


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

Community Notes

Source Note
CISAGov Last Update: 8:20 am PT, 12/30/21

Sources

Date Attribution Description
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046). Updated community note.
Expand Details