Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
- Royce Williams list is different, listed by vendors responses:
- https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/
- TBD
Apache Druid : apache/druid#12051
Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html
Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html
Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
Apache Struts : https://struts.apache.org/announce-2021#a20211212-2
Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/
APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976
Avantra SYSLINK : https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability
AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310
BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability
BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/
BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability
Boomi DELL : https://community.boomi.com/s/question/0D56S00009UQkx4SAD/is-boomi-installation-moleculegateway-protected-from-cve202144228-log4j
Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793
CarbonBlack : https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134
Cerberus FTP : https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability
CheckPoint : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS
Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
CommVault https://community.commvault.com/technical-q-a-2/log4j-been-used-in-commvault-1985?postid=11745#post11745
Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1
ConnectWise : https://www.connectwise.com/company/trust/advisories
ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/4412612486548
CouchBase : https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402
Cybereason : https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228
Dell : https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability
Docusign : https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability
DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282
Eclipse Foundation : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992521
Elastic : https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
ESRI : https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/
EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2
F5 Networks : https://support.f5.com/csp/article/K19026212
ForcePoint : https://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-Forcepoint-Security-Manager
Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228
Ghidra : https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning
Google Cloud Global Products coverage : https://cloud.google.com/log4j2-security-advisory
Google Cloud Armor WAF : https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability
GratWiFi WARNING I can't confirm it: https://www.facebook.com/GratWiFi/posts/396447615600785
Guidewire : https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products
Ignite Realtime : https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108
Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/
Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day
Informatica : https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update
Ivanti : https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
JazzSM DASH IBM : https://www.ibm.com/support/pages/node/6525552
JetBrains Teamcity : https://youtrack.jetbrains.com/issue/TW-74298
Jitsi : https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md
Kafka Connect CosmosDB : https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md
Kaseya : https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment
Keycloak : keycloak/keycloak#9078
LogRhythm CISO email I can't confirmed : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992599
MailCow : mailcow/mailcow-dockerized#4375
Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37
Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition
NELSON : https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala
NextGen Healthcare Mirth : nextgenhealthcare/connect#4892 (comment)
Newrelic : newrelic/newrelic-java-agent#605
OpenHab : openhab/openhab-distro#1343
OpenNMS : https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/
OpenMRS TALK : https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341
Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228
Parse.ly : https://blog.parse.ly/parse-ly-log4shell/
Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability
Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116
Progress / IpSwitch : https://www.progress.com/security
Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/
Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)
Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368
Quest KACE : https://support.quest.com/kace-systems-management-appliance/kb/335869/is-the-kace-sma-affected-by-cve-2021-44228
Revenera / Flexera : https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905
RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/
RSA : https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501
SAFE FME Server : https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j
SailPoint : https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681
SAP BusinessObjects : https://launchpad.support.sap.com/#/notes/3129956
SAP Global coverage : https://launchpad.support.sap.com/#/notes/3129930
SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html
Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html
Skillable : https://skillable.com/log4shell/
SLF4J : http://slf4j.org/log4shell.html
Splunk : https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html
Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544
Swingset : https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10
Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228
TealiumIQ : https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824
TrendMicro : https://success.trendmicro.com/solution/000289940
Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1
USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability
Veeam : https://forums.veeam.com/veeam-backup-for-azure-f59/log4j-cve-2021-44228-vulnerability-t78225.html#p438231
Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md
WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/
WSO2 : wso2/security-tools#169
Yandex-Cloud : https://github.com/yandex-cloud/docs/blob/6ff6c676787756e7dd6101c53b051e4cd04b3e85/ru/overview/security-bulletins/index.md#10122021--cve-2021-44228--%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5-%D0%BA%D0%BE%D0%B4%D0%B0-log4shell-apache-log4j
ZSCALER : https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak