Security
Which all software is affected by log4j shell vulnerability
The recently announced Log4j Shell affects a lot of enterprise applications and systems that use Java or use other software components that use Java. Here is a list of software that has an identified Log4j Shell vulnerability and the corresponding remedial measure. This list is current as of 2021-12-14
The link in the status column will take you to the announcement related to the software with details about remedial measure available for the same.
List of software affected by Log4j Shell Vulnerability
A
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Accellence Technologies | EBÜS | All | Workaround |
| Akamai | Siem Splunk Connector | <1.4.10 | Workaround |
| Alertus | Console | 5.15.0 | Fix |
| Amazon | AMS | Fix | |
| Amazon | API Gateway | Fix | |
| Amazon | AWS CloudHSM | 3.4.1 | Fix |
| Amazon | AWS Glue | Fix | |
| Amazon | AWS Greengrass | Fix | |
| Amazon | AWS Lambda | Fix | |
| Amazon | Cloudfront | Fix | |
| Amazon | Connect | Fix | |
| Amazon | DynamoDB | Fix | |
| Amazon | EC2 | Fix - source, fix | |
| Amazon | Kafka | Fix | |
| Amazon | Keyspaces (for Apache Cassandra) | Fix | |
| Amazon | Kinesis Data Analytics | Fix | |
| Amazon | Lake Formation | Fix | |
| Amazon | MQ | Fix | |
| Amazon | NICE | Fix | |
| Amazon | OpenSearch | Fix | |
| Amazon | RDS | Fix | |
| Amazon | S3 | Fix | |
| Apache | Druid | 0.22.1 | Fix |
| Apache | Dubbo | All versions | Fix |
| Apache | Flink | 1.15.0, 1.14.1, 1.13.4 | Fix |
| Apache | Geode | 1.14.0 | Fix |
| Apache | Hadoop | 3.3.1 | Vulnerable |
| Apache | James | 3.6.0 | Vulnerable |
| Apache | Log4j | 2.15.0 | Fix |
| Apache | SOLR | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Workaround |
| Apache | Spark | 2.4.2 | Vulnerable |
| Apache | Struts | 2.5.28 | Vulnerable |
| Apache | Tapestry | 5.7.3 | Vulnerable |
| Apache | Tika | 2.0.0 and up | Vulnerable |
| APC | PowerChute Business Edition | Unknow to 10.0.2.301 | Vulnerable |
| APC | PowerChute Network Shutdown | Unknow to 4.2.0 | Vulnerable |
| Apereo | CAS | 6.3.x & 6.4.x | Fix |
| Apereo | Opencast | < 9.10, < 10.6 | Fix |
| Aptible | Aptible | ElasticSearch 5.x | Fix |
| Arduino | Arduino IDE | 1.8.17 | Fix |
| Arista Networks | CloudVision Portal | >2019.1.0 | Vulnerable |
| Arista Networks | CloudVision Wi-Fi, virtual appliance or physical appliance | >8.8 | Vulnerable |
| Arista Networks | Analytics Node for DANZ Monitoring Fabric (formerly Big Monitoring Fabric) | >7.0.0 | Vulnerable |
| Arista Networks | Analytics Node for Converged Cloud Fabric (formerly Big Cloud Fabric) | >7.0.0 | Vulnerable |
| Arista Networks | Embedded Analytics for Converged Cloud Fabric (formerly Big Cloud Fabric) | >5.3.0 | Vulnerable |
| Arista Networks | CloudVision Portal | >2019.1.0 | Vulnerable |
| Arista Networks | CloudVision Wi-Fi, virtual appliance or physical appliance | >8.8 | Vulnerable |
| Atlassian | Bamboo Server & Data Center | On prem | Vulnerable |
| Atlassian | BitBucket Server | On prem | Workaround |
| Atlassian | Confluence Server & Data Center | On prem | Vulnerable |
| Atlassian | Crowd Server & Data Center | On prem | Vulnerable |
| Atlassian | Crucible | On prem | Vulnerable |
| Atlassian | Fisheye | On prem | Vulnerable |
| Atlassian | Jira Server & Data Center | On prem | Vulnerable |
| Avaya |
B
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Backblaze | Cloud | N/A (SaaS) | Fix |
| BMC Software | Bladelogic Database Automation | Vulnerable | Fix expected on Dec 15th |
| BMC Software | BMC AMI Ops Common Rest API (CRA) | Vulnerable | Fix expected on Dec 14th |
| BMC Software | BMC AMI Ops Infrastructure (MVI) - CRA component | Vulnerable | Fix expected on Dec 14th |
| BMC Software | BMC AMI Ops Insight | Vulnerable | Fix expected on Dec 14th |
| BMC Software | BMC AMI Ops UI | Vulnerable | Fix expected on Dec 14th |
| BMC Software | BMC Client Management | Vulnerable | Fix expected on Dec 14th |
| BMC Software | BMC Discovery | Fix | Fix available in BMC’s Electronic Product Download site (EPD) |
| BMC Software | BMC Helix Continuous Optimization | Vulnerable | Fix expected on Dec 15th |
| BMC Software | BMC License Usage Collection Utility | Vulnerable | Fix expected on Dec 14th |
| BMC Software | CMDB | Vulnerable | |
| BMC Software | Control-M | Vulnerable | |
| BMC Software | Helix Data Manager | Vulnerable | |
| BMC Software | KMs - Sybase KM & Linux (RHEV) | Fix | Fix available in BMC’s Electronic Product Download site (EPD) |
| BMC Software | MainView Middleware Monitor | Vulnerable | Fix expected on Dec 20th |
| BMC Software | Remedy Smart Reporting | Vulnerable | |
| BMC Software | TrueSight App Visibility Manager | Vulnerable | Fix expected on Dec 15th |
| BMC Software | TrueSight Automation Console | Vulnerable | Fix expected on Dec 17th |
| BMC Software | TrueSight Automation for Networks | Vulnerable | Fix expected on Dec 13th |
| BMC Software | TrueSight Automation for Servers - Data Warehouse | Vulnerable | Fix expected on Dec 17th |
| BMC Software | TrueSight Automation for Servers | Vulnerable | Fix expected on Dec 17th |
| BMC Software | TrueSight Infrastructure Management | Vulnerable | |
| BMC Software | TrueSight IT Data Analytics | Vulnerable | Fix expected on Dec 15th |
| BMC Software | TrueSight Operations Management | Vulnerable | Fix expected on Dec 16th |
| BMC Software | TrueSight Smart Reporting | Vulnerable | Fix expected on Dec 14th |
| BMC Software | TSOM Smart Reporting | Vulnerable | Fix expected on Dec 14th |
| Brian Pangburn | SwingSet | < 4.0.6 | Fix |
| Broadcom | CA Advanced Authentication | 9.1 & 9.1.01 & 9.1.02 | Workaround |
| Broadcom | SiteMinder (CA Single Sign-On) | 12.8.x Policy Server, 12.8.04 or later Administrative UI, 12.8.x Access Gateway, 12.8.x SDK, 12.7 and 12.8 ASA Agents | Fix, Workaround |
| Broadcom | Symantec Endpoint Protection Manager (SEPM) | 14.3 | Workaround |
C
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Cisco | General Cisco Disclaimer | Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly | |
| Cisco | AppDynamics | <21.12.0 | Fix |
| Cisco | Network Services Orchestrator (NSO) | < nso-5.3.5.1, nso-5.4.5.2, nso-5.5.4.1, nso-5.6.3.1 | Vulnerable |
| Cisco | Nexus Dashboard (formerly Cisco Application Services Engine) | <2.1.2 | Vulnerable |
| Cisco | Video Surveillance Operations Manager | <7.14.4 | Vulnerable |
| Cisco | Webex Meetings Server | CWMS-3.0MR4SP2, CWMS-4.0MR4SP2 | Vulnerable |
| CIS-CAT | CSAT Pro | < 1.7.1 | Vulnerable |
| CIS-CAT | CIS-CAT Pro Assessor v4 | < 4.13.0 | Vulnerable |
| CIS-CAT | CIS-CAT Pro Assessor Service v4 | < 1.13.0 | Vulnerable |
| CIS-CAT | CIS-CAT Pro Assessor v3 | < 3.0.77 | Vulnerable |
| Commvault | Cloud Apps & Oracle & MS-SQL | All supported versions | Fix |
| Connect2id | Connect2id server | < 12.5.1 | Fix |
| Contrast | Hosted SaaS Enviroments | All | Fix |
| Contrast | On-premises (EOP) Environments | All | Fix/Mitigation |
| Contrast | Scan | All | Fix |
| ControlUp | All products | All versions | Fix |
| Couchbase | Couchbase ElasticSearch connector | < 4.3.3 & < 4.2.13 | Fix |
| Cyberark | Identity - Secure Web Sessions (SWS) | Fix | |
| Cyberark | Privilege Cloud - Service (SaaS) | Fix | |
| Cyberark | Privileged Threat Analytics (PTA) | Workaround - source, workaround | |
| Cyberark | Remote Access (Alero) - Connector | Fix | |
| Cyberark | Remote Access (Alero) - Service (SaaS) | Fix |
D
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| DatadogHQ | Datadog Agent | 6 < 6.32.2, 7 < 7.32.2 | Fix/workaround |
| Dataverse | The Dataverse Project | Vulnerable | |
| Debian | Apache-log4j.1.2 | stretch, buster, bullseye | Fix |
| Debian | Apache-log4j2 | stretch, buster, bullseye | Fix |
| Dynatrace | ActiveGates | 1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926 | Fix |
E
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| EclecticIQ | TIP | < 2.11 | Vulnerable |
| Elastic | APM Java Agent | 1.17.0-1.28.0 | Workaround |
| Elastic | Elasticsearch | < 6.8.21, < 7.16.1 | Workaround |
| Elastic | Elasticsearch | => 7.16.1 | Fixed |
| Elastic | Logstash | < 6.8.21, < 7.16.1 | Workaround |
| Esri | ArcGIS Enterprise and related products | < 10.8.0 | Vulnerable |
| EVL Labs | JGAAP | <8.0.2 | Fix |
| Extreme Networks | IQVA | Vulnerable |
F
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Fiix | CMMS core | V5 | Fix |
| FileCap | All products | <5.1.0 | Vulnerable |
| Forcepoint | DLP Manager | Workaround | |
| Forcepoint | Next Generation Firewall Security Management Center, and virtual SMC appliances (NGFW) | Workaround | |
| Forcepoint | Security Manager (Web, Email and DLP) | Workaround | |
| ForgeRock | Autonomous Identity | Workaround | |
| Fortinet | FortiAIOps | Vulnerable | |
| Fortinet | FortiCASB | Vulnerable | |
| Fortinet | FortiConvertor | Vulnerable | |
| Fortinet | FortiEDR Cloud | Vulnerable | |
| Fortinet | FortiNAC | Vulnerable | |
| Fortinet | FortiNAC | Vulnerable | |
| Fortinet | FortiPolicy | Vulnerable | |
| Fortinet | FortiPortal | Vulnerable | |
| Fortinet | FortiSIEM | Vulnerable | |
| Fortinet | FortiSOAR | Vulnerable | |
| Fortinet | ShieldX | Vulnerable | |
| F-Secure | Endpoint Proxy | 13-15 | Fix |
| F-Secure | Policy Manager | 13-15 | Fix |
| F-Secure | Policy Manager Proxy | 13-15 | Fix |
G
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| GeoSolutions | Geonetwork | All versions | Workaround |
| GFI Software | Kerio Connect | Vulnerable | |
| GitHub | Github Enterprise Server | 3.3.1, 3.2.6, 3.1.14, 3.0.22 | Fix |
| Gradle | Gradle Enterprise | 2021.3.6 | Fix |
| Gradle | Gradle Enterprise Test Distribution Agent | 1.6.2 | Fix |
| Gradle | Gradle Enterprise Build Cache Node | 10.1 | Fix |
| Graylog | Graylog | < 3.3.15,<4.0.14,<4.1.9,<4.2.3 | Fix |
| GuardedBox | GuardedBox | <3.1.2 | Fix |
H
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| HCL Software | BigFix Compliance | > 2.0.1 ; < 2.0.4 | Workaround |
| HCL Software | BigFix Inventory | < 10.0.7 | Workaround |
| HPE | Silver Peak Orchestrator | Workaround - source, workaround |
I
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| IBM | Curam SPM | 8.0.0, 7.0.11 | Vulnerable |
| IBM | VM Manager Tool (part of License Metric Tool) | >9.2.21,<9.2.26 | Vulnerable |
| IBM | Websphere | 8.5 | Vulnerable |
| IBM | Websphere | 9.0 | Vulnerable |
| IGEL | Universal Management Suite | Workaround | |
| Informatica | Axon | 7.2.x | Workaround |
| Informatica | Data Privacy Management | 10.5, 10.5.1 | Workaround |
| Informatica | Information Deployment Manager | Fix | |
| Informatica | Metadata Manager | 10.4, 10.4.1, 10.5, 10.5.1 | Workaround |
| Informatica | PowerCenter | 10.5.1 | Workaround |
| Informatica | PowerExchange for CDC (Publisher) and Mainframe | 10.5.1 | Workaround |
| Informatica | Product 360 | All versions | Workaround |
J
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Jamf Nation | Jamf Pro (hosted on-prem) | < 10.34.1 | See notes |
| JetBrains | YouTrack Standalone | >= 2019.2 <= 2021.4.34389 | Vuln |
| Jitsi | jitsi-videobridge | v2.1-595-g3637fda42 | Fix |
| Juniper Networks | Junos Space Network Management Platform | Unspecified | Vulnerable |
| Juniper Networks | Northstar Controller | Unspecified | Vulnerable |
| Juniper Networks | Paragon Insights | >= 21 version 21.1 ; >= 22 version 22.2 | Vulnerable |
| Juniper Networks | Paragon Pathfinder | >= 21 version 21.1 ; >= 22 version 22.2 | Vulnerable |
| Juniper Networks | Paragon Planner | >= 21 version 21.1 ; >= 22 version 22.2 | Vulnerable |
K
| Supplier | Product | Version (see Status) | Status |
|---|
L
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| LeanIX | All products | All versions | Fix |
| Lyrasis | DSpace | 7.x | Fix/Workaround |
M
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Mailcow | Mailcow Solr Docker | < 1.8 | Fix |
| McAfee | Enterprise Security Manager (ESM) | 11.x | Workaround |
| McAfee | Threat Intelligence Exchange (TIE) | 2.2, 2.3, 3.0 | Workaround |
| McAfee | ePolicy Orchestrator Application Server (ePO) | 5.10 CU11 | Workaround |
| Metabase | Metabase | <0.41.4 | Fix |
| Micro Focus | ArcSight ESM | 7.2, 7.5 | Vulnerable |
| Micro Focus | ArcSight Logger | 7.2 and above | Vulnerable |
| Micro Focus | ArcSight Recon | All Versions | Vulnerable |
| Micro Focus | ArcSight Intelligence | All Versions | Vulnerable |
| Micro Focus | ArcSight Connectors | 8.2 and above | Vulnerable |
| Micro Focus | ArcSight Transformation Hub | All Versions | Vulnerable |
| Microsoft | Kafka Connect for Azure Cosmo DB | < 1.2.1 | Fix |
| Minecraft | Java edition | <1.18.1 | Fix |
| Mitel | Mitel Interaction Recording (MIR) | 6.3 to 6.7 | Fix |
N
| Supplier | Product | Version (See Status) | Status |
|---|---|---|---|
| Nelson | Nelson | 0.16.185 | Vulnerable |
| Neo4j | Neo4j | > 4.2 | Vulnerable |
| Netflix | atlas | 1.6.6 | Workaround |
| Netflix | dgs-framework | < 4.9.11 | Fix |
| Netflix | spectator | < 1.0.9 | Fix |
| NetIQ | Access Manager | >= 4.5.x & >= 5.0.x | Workaround |
| New Relic | Java Agent | 6.5.1 & 7.4.1 | Fix |
| NSA | Ghidra | < 10.1 | Fix - source, fix |
| Nutanix | General Guidance | Nutanix updating Security Advisory #23 multiple times per day, please check source link for absolute latest status | |
| Nutanix | AOS (STS) | All supported versions | Workaround |
| Nutanix | Flow Security Central | SaaS | Fix |
| Nutanix | Frame | SaaS Public | Fix |
| Nutanix | Prism Central | All supported versions | Vulnerable |
| Nutanix | Sizer | SaaS | Fix |
O
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| OCLC | all | all | Fix |
| Okta | On-Prem MFA Agent | <1.4.6 | Fix - source, fix |
| Okta | Radius Server Agent | 2.17.0 | Fix |
| Okta | RADIUS Server Agent | <2.17.0 | Fix - source, fix |
| openHAB | openHAB | 3.0.4, 3.1.1 | Fix |
| OpenMRS | Talk | 2.4.0-2.4.1 | Vulnerable |
| OpenNMS | Horizon (including derived Sentinels) | < 29.0.3 | Fix |
| OpenNMS | Meridian (including derived Minions and Sentinels) | < 2021.1.8, 2020.1.15, 2019.1.27 | Fix |
| OpenSearch | OpenSearch | < 1.2.1 | Fix |
| Oracle | Oracle Data Integrator (ODI) | >= 12.2.1.3.210119, Marketplace - >= 2.1.0 | Workaround - source, Support note 2827611.1, Support Note 2827793.1 |
| Oracle | Oracle WebCenter Portal | 12.2.1.3 & 12.2.1.4 | Workaround - source, Support note 2827611.1 |
| OWASP | ZAP | < 2.11.1 | Fix |
P
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| PagerDuty | Rundeck | 3.3+ | Fix |
| PaperCut | PaperCut MF | >= 21.0 | Workaround |
| PaperCut | PaperCut NG | >= 21.0 | Workaround |
| Pega | Pega Platform | On Prem | Fix |
| Pexip | Pexip Service | all | Fix |
| Portex | Portex | <3.0.2 | Fix |
| Progress | DataDirect Hybrid Data Pipeline | Workaround - source, mitigations | |
| Progress | OpenEdge | Workaround - source, mitigations | |
| Puppet | Continuous Delivery for Puppet Enterprise | 3.x, < 4.10.2 | Fix - source, workaround,mitigations |
Q
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| QOS.ch | SLF4J Simple Logging Facade for Java |
R
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Red Hat | Red Hat CodeReady Studio 12 | Vulnerable | |
| Red Hat | Red Hat Data Grid 8 | Vulnerable | |
| Red Hat | Red Hat Descision Manager 7 | Vulnerable | |
| Red Hat | Red Hat Integration Camel K | Vulnerable | |
| Red Hat | Red Hat Integration Camel Quarkus | Vulnerable | |
| Red Hat | Red Hat JBoss A-MQ Streaming | Vulnerable | |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | Vulnerable | |
| Red Hat | Red Hat JBoss Fuse 7 | Vulnerable | |
| Red Hat | Red Hat OpenShift Application Runtimes | Vulnerable | |
| Red Hat | Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5 | Vulnerable | |
| Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6 | Vulnerable | |
| Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive | Vulnerable | |
| Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto | Vulnerable | |
| Red Hat | Red Hat OpenShift Logging logging-elasticsearch6-container | Vulnerable | |
| Red Hat | Red Hat OpenStack Platform 13 (Queens) opendaylight | Vulnerable | |
| Red Hat | Red Hat Process Automation 7 | Vulnerable | |
| Redis | Jedis | 3.7.1, 4.0.0-rc2 | Fix |
| Riverbed | NetIM 2.x | Vulnerable | |
| Riverbed | Portal 1.x | Vulnerable | |
| Riverbed | Portal 3.x | Vulnerable | |
| Riverbed | Scon EX Analytics | Vulnerable | |
| Riverbed | Scon EX Director | Vulnerable | |
| Riverbed | UCExpert | Vulnerable | |
| RSA | NetWitness Orchestrator | >= 6.0 | Workaround |
| RSA | NetWitness Platform | 11.4 | Workaround |
| RSA | NetWitness Platform | >= 11.5 | Workaround |
| Ruckus | FlexMaster | Vuln | |
| Ruckus | SmartZone 100 (SZ-100) | Vuln | |
| Ruckus | SmartZone 144 (SZ-144) | Vuln | |
| Ruckus | SmartZone 300 (SZ-300) | Vuln | |
| Ruckus | Unleashed | Vuln | |
| Ruckus | Virtual SmartZone (vSZ) | Vuln |
S
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| SailPoint | IdentityIQ | 8.0 or later | Workaround |
| SAP | Customer Checkout PoS / manager | 2.0 FP09, 2.0 FP10, 2.0 FP11 PL06 (or lower) and 2.0 FP12 PL04 (or lower) | Fix |
| SAP | XS Advanced Runtime | 1.0.140 or lower | Fix |
| SAS Institute | SAS Cloud Solutions | Workaround | |
| SAS Institute | SAS Profile | Fix | |
| Security Onion Solutions | Security Onion | 2.3.90 20211210 | Fix |
| Siemens | E-Car OC Cloud Application | Fix | |
| Siemens | EnergyIP Prepay | 3.7, 3.8 | Vulnerable |
| Siemens | Industrial Edge Management App (IEM-App) | all | Vulnerable |
| Siemens | Industrial Edge Management OS (IEM-OS) | all | Vulnerable |
| Siemens | Industrial Edge Manangement Hub | all | Vulnerable |
| Siemens | LOGO! Soft Comfort | all | Vulnerable |
| Siemens | Mendix Applications | all | Vulnerable |
| Siemens | Mindsphere Cloud Application | Fix | |
| Siemens | Operation Scheduler | >= V1.1.3 | Vulnerable |
| Siemens | SIGUARD DSA | V4.2, V4.3, V4.4 | Workaround |
| Siemens | SIMATIC WinCC V7.4 | V7.4 SP1 | Fix |
| Siemens | Siveillance Command | >= 4.16.2.1 | Vulnerable |
| Siemens | Siveillance Control Pro | < V2.1 | Vulnerable |
| Siemens | Siveillance Control Pro | >= V2.1 | Workaround |
| Siemens | Siveillance Vantage | all | Vulnerable |
| SolarWinds | Database Performance Analyzer | 2021.1.x, 2021.3.x, 2022.1.x | Workaround - source, workaround |
| SolarWinds | Server & Application Monitor | >= 2020.2.6 | Workaround - source, workaround |
| SonarSource | SonarCloud | Fix | |
| SonarSource | SonarQube | Workaround | |
| SonicWall | Email Security | 10.x | Vulnerable |
| Sophos | Cloud Optix | Fix | |
| Sophos | Sophos Mobile EAS Proxy | 9.7.2 | Fix |
| Splunk | Add-On: Java Management Extensions | 3.0.0, 2.1.0 | Vulnerable |
| Splunk | Add-On: JBoss | 3.0.0, 2.1.0 | Vulnerable |
| Splunk | Add-On: Tomcat | 3.0.0, 2.1.0 | Vulnerable |
| Splunk | Data Stream Processor | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | Vulnerable |
| Splunk | IT Service Intelligence (ITSI) | 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x | Vulnerable |
| Splunk | Splunk Connect for Kafka | <2.0.4 | Fix |
| Splunk | Splunk Enterprise | All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used. | Workaround |
| Splunk | Splunk Enterprise Amazon Machine Image (AMI) | see Splunk Enterprise | Workaround |
| Splunk | Splunk Enterprise Docker Container | see Splunk Enterprise | Workaround |
| Splunk | Splunk Logging Library for Java | <1.11.1 | Fix |
| Splunk | Stream Processor Service | Current | Vulnerable |
| Stardog | Stardog | <7.8.1 | Fix |
| Stratodesk | NoTouch | 4.5.231 | Fix |
| Sumo logic | Sumu logic | 19.361-12 | Fix |
| SUSE | SUSE Openstack Cloud | all | Vuln |
| syntevo | DeepGit | >= 4.0 | Fix |
| syntevo | SmartGit | >= 18.1 | Fix |
| syntevo | SmartSVN | >= 9.3 | Fix |
| syntevo | SmartSynchronize | >= 3.5 | Fix |
| SysAid | All products | Fix |
T
| Supplier | Product | Version | Status |
|---|---|---|---|
| Talend | Talend Component Kit | Fix | |
| Tealium | All products | Fix | |
| Teamviewer | All products | Fix | |
| Tosibox | All products | Fix | |
| TrendMicro | Trend Micro Email Security & HES | Fix | |
| TrendMicro | Vision One | Fix |
U
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Ubiquiti | UniFi Network Application | 6.5.54 | Fix |
| Unify | First Response OpenScape Policy Store | Vulnerable | |
| Unify | Hipath DS-Win | Vulnerable | |
| Unify | OpenScape Contact Center | Vulnerable | |
| Unify | OpenScape Contact Media Service | Vulnerable | |
| Unify | OpenScape UC | >= 10.2.9.0 | Vulnerable |
| Unify | OpenScape Voice | simplex deployments | Vulnerable |
| US Signal | Remote Management and Monitoring platform | Workaround | |
| USoft | USoft | 9.1.1F | Vulnerable |
V
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| VMware | API Portal for VMware Tanzu | 1.x | Fix - source, fix |
| VMware | AppDefense Appliance | 2.x | Workaround - source, workaround |
| VMware | App Metrics | 2.1.1 | Fix - source, fix |
| VMware | Carbon Black Cloud Workload Appliance | 1.x | Fix - source, workaround |
| VMware | Carbon Black EDR Server | 7.x, 6.x | Fix - source, workaround, fix |
| VMware | Cloud Director Object Storage Extension | 2.1.x, 2.0.x | Fix - source, fix |
| VMware | Cloud Foundation | 4.x, 3.x | Workaround - source, workaround |
| VMware | HCX | 4.2.3, 4.1.0.2 | Fix |
| VMware | Healthwatch for Tanzu Application Service | 2.1.7, 1.8.6 | Fix - source, fix |
| VMware | Horizon | 8.x, 7.x | Workaround - source, workaround |
| VMware | Horizon Cloud Connector | 1.x, 2.x | Fix - source, fix |
| VMware | Horizon DaaS | 9.1.x, 9.0.x | Workaround - source, workaround |
| VMware | Identity Manager | 3.3.x | Workaround - source, workaround |
| VMware | NSX Data Center for vSphere | 6.x | Workaround - source, workaround |
| VMware | NSX-T Data Center | 3.x, 2.x | Workaround - source, workaround |
| VMware | Single Sign-On for VMware Tanzu Application Service | 1.x | Fix - source, fix |
| VMware | Site Recovery Manager | 8.x | Vuln - source, workaround |
| VMware | Spring Boot | < 2.5.8, < 2.6.2 | Workaround |
| VMware | Spring Cloud Gateway for Kubernetes | 1.x | Vulnerable |
| VMware | Spring Cloud Gateway for VMware Tanzu | 1.x | Fix - source, fix |
| VMware | Spring Cloud Services for VMware Tanzu | 3.x | Fix - source, fix |
| VMware | Tanzu Application Service for VMs | 2.x | Fix - source, workaround, fix |
| VMware | Tanzu GemFire | 1.14.x, 1.13.x, 1.10.x | Fix - source, fix |
| VMware | Tanzu Greenplum | 6.x | Workaround - source, workaround |
| VMware | Tanzu Kubernetes Grid Integrated Edition | 2.x | Workaround - source, workaround |
| VMware | Tanzu Observability by Wavefront Nozzle | 3.x, 2.x | Fix - source, fix |
| VMware | Tanzu Operations Manager | 2.x | Fix - source, workaround, fix |
| VMware | Tanzu SQL with MySQL for VMs | 2.x, 1.x | Vulnerable |
| VMware | Telco Cloud Automation | 2.x, 1.x | Vulnerable |
| VMware | Unified Access Gateway | 21.x, 20.x, 3.x | Workaround - source, workaround |
| VMware | vCenter Cloud Gateway | 1.x | Workaround - source, workaround |
| VMware | vCenter Server | 6.x | Workaround - source, workaround |
| VMware | vCenter Server | 7.x, 6.x | Workaround - source, workaround |
| VMware | vRealize Automation | 8.x, 7.x | Vulnerable |
| VMware | vRealize Lifecycle Manager | 8.x | Workaround - source, workaround |
| VMware | vRealize Log Insight | 8.x | Workaround - source, workaround |
| VMware | vRealize Operations | 8.x | Workaround - source, workaround |
| VMware | vRealize Operations Cloud Proxy | Any | Workaround - source, workaround |
| VMware | vRealize Orchestrator | 8.x, 7.x | Vulnerable |
| VMware | Workspace ONE Access | 21.x, 20.x | Workaround - source, workaround |
| VMware | Workspace ONE Access Connector (VMware Identity Manager Connector) | 19.03.0.1, 20.x, 21.x | Workaround - source, workaround |
W
| Supplier | Product | Version | Status |
|---|---|---|---|
| WitFoo | WitFoo Precinct | 6.x | Fix |
| Wowza | Wowza Streaming Engine | 4.7.8, 4.8.x | Workaround |
X
Y
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Y Soft | SAFEQ 6 | <= 6.0.63 | Workaround |
Z
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Zammad | Zammad | Workaround |
Ref: https://github.com/NCSC-NL/log4shell/tree/main/software
Zyxware Technologies , a leading Drupal development company that has its operations in the US, UK, Canada, Australia, and the Middle East.Check out our career page, if you are looking to build a career in Drupal.
