DEV Community

Timur Galeev
Timur Galeev

Posted on

2 2

Critical New 0-day Vulnerability in Popular Log4j Library - List of applications

Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability

Apache Druid : https://github.com/apache/druid/pull/12051

Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html

Apache LOG4J : https://logging.apache.org/log4j/2.x/security.html

Apache Kafka : https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv

Apache Solr : https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228

Apache Struts : https://struts.apache.org/announce-2021#a20211212-2

Apero CAS : https://apereo.github.io/2021/12/11/log4j-vuln/

APPSHEET : https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976

Aptible : https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4

Atlassian : https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

Automox : https://blog.automox.com/log4j-critical-vulnerability-scores-a-10

Avantra SYSLINK : https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability

Avaya : https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609

AWS New : https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

AWS OLD: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/

AZURE Datalake store java : https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310

BACKBLAZE : https://twitter.com/backblaze/status/1469477224277368838

BitDefender : https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability

BitNami By VMware : https://docs.bitnami.com/general/security/security-2021-12-10/

BMC Software : https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability

Boomi DELL : https://community.boomi.com/s/question/0D56S00009UQkx4SAD/is-boomi-installation-moleculegateway-protected-from-cve202144228-log4j

Broadcom : https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793

CarbonBlack : https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134

Cerberus FTP : https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability

CheckPoint : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS

Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

Citrix : https://support.citrix.com/article/CTX335705

CloudFlare : https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/

CPanel : https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/

CommVault https://community.commvault.com/technical-q-a-2/log4j-been-used-in-commvault-1985?postid=11745#post11745

ConcreteCMS.com : https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit

Connect2id : https://connect2id.com/blog/connect2id-server-12-5-1

ConnectWise : https://www.connectwise.com/company/trust/advisories

ContrastSecurity : https://support.contrastsecurity.com/hc/en-us/articles/4412612486548

ControlUp : https://status.controlup.com/incidents/qqyvh7b1dz8k

Coralogix : https://twitter.com/Coralogix/status/1469713430659559425

CouchBase : https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402

CyberArk : https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228

Cybereason : https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228

Datto : https://www.datto.com/blog/dattos-response-to-log4shell

Debian : https://security-tracker.debian.org/tracker/CVE-2021-44228

Dell : https://www.dell.com/support/kbdoc/fr-fr/000194372/dsn-2021-007-dell-response-to-apache-log4j-remote-code-execution-vulnerability

Docker : https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/

Docusign : https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability

DRAW.IO : https://twitter.com/drawio/status/1470061320066277382

DropWizard : https://twitter.com/dropwizardio/status/1469285337524580359

DynaTrace : https://community.dynatrace.com/t5/Dynatrace-Open-Q-A/Impact-of-log4j-zero-day-vulnerability/m-p/177259/highlight/true#M19282

Eclipse Foundation : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992521

Elastic : https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

ESET : https://forum.eset.com/topic/30691-log4j-vulnerability/?do=findComment&comment=143745

ESRI : https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/

EVLLABS JGAAP : https://github.com/evllabs/JGAAP/releases/tag/v8.0.2

F5 Networks : https://support.f5.com/csp/article/K19026212

F-Secure https://status.f-secure.com/incidents/sk8vmr0h34pd

Fastly : https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j

ForcePoint : https://support.forcepoint.com/s/article/CVE-2021-44228-Java-log4j-vulnerability-mitigation-with-Forcepoint-Security-Manager

Forescout : https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228

ForgeRock : https://backstage.forgerock.com/knowledge/kb/book/b21824339

Fortinet : https://www.fortiguard.com/psirt/FG-IR-21-245

FusionAuth : https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/

Genesys : https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability

Ghidra : https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning

GitHub : https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

GoAnywhere : https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps

Google Cloud Global Products coverage : https://cloud.google.com/log4j2-security-advisory

Google Cloud Armor WAF : https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability

GrayLog : https://www.graylog.org/post/graylog-update-for-log4j

GratWiFi WARNING I can't confirm it: https://www.facebook.com/GratWiFi/posts/396447615600785

GuardedBox : https://twitter.com/GuardedBox/status/1469739834117799939

Guidewire : https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products

HackerOne : https://twitter.com/jobertabma/status/1469490881854013444

HCL Software : https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486

Huawei : https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en

HostiFi : https://twitter.com/hostifi_net/status/1469511114824339464

I2P : https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228

Ignite Realtime : https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108

Imperva : https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/

Inductive Automation : https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day

Informatica : https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update

Ivanti : https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US

JAMF NATION : https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740

JazzSM DASH IBM : https://www.ibm.com/support/pages/node/6525552

Jenkins : https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/

JetBrains Teamcity : https://youtrack.jetbrains.com/issue/TW-74298

JFROG : https://twitter.com/jfrog/status/1469385793823199240

Jitsi : https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md

Kafka Connect CosmosDB : https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md

Kaseya : https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment

Keycloak : https://github.com/keycloak/keycloak/discussions/9078

Leanix : https://www.leanix.net/en/blog/log4j-vulnerability-log4shell

LucentSKY : https://twitter.com/LucentSky/status/1469358706311974914

Lightbend : https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275

LogRhythm CISO email I can't confirmed : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592#gistcomment-3992599

Macchina io : https://twitter.com/macchina_io/status/1469611606569099269

MailCow : https://github.com/mailcow/mailcow-dockerized/issues/4375

McAfee : https://kc.mcafee.com/corporate/index?page=content&id=KB95091

Metabase : https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37

Microsoft : https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Minecraft : https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition

MISP : https://twitter.com/MISPProject/status/1470051242038673412

Mulesoft : https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021

N-able : https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability

NELSON : https://github.com/getnelson/nelson/blob/f4d3dd1f1d4f8dfef02487f67aefb9c60ab48bf5/project/custom.scala

NEO4J : https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856

NetApp : https://security.netapp.com/advisory/ntap-20211210-0007/

Netflix : https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits

NextGen Healthcare Mirth : https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526

Newrelic : https://github.com/newrelic/newrelic-java-agent/issues/605

Nutanix : https://download.nutanix.com/alerts/Security_Advisory_0023.pdf

Okta : https://sec.okta.com/articles/2021/12/log4shell

OpenHab : https://github.com/openhab/openhab-distro/pull/1343

OpenNMS : https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/

OpenMRS TALK : https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341

OpenSearch : https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950

Oracle : https://www.oracle.com/security-alerts/alert-cve-2021-44228.html

OxygenXML : https://www.oxygenxml.com/security/advisory/CVE-2019-17571.html

Palo-Alto Networks : https://security.paloaltonetworks.com/CVE-2021-44228

PaperCut : https://www.papercut.com/support/known-issues/#PO-684

Parse.ly : https://blog.parse.ly/parse-ly-log4shell/

Pega : https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability

PingIdentity : https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228

Positive Technologies : https://twitter.com/ptsecurity/status/1469398376978522116

Progress / IpSwitch : https://www.progress.com/security

Pulse Secure : https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR

Puppet : https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/

Pure Storage : https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)

Qlik : https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368

Quest KACE : https://support.quest.com/kace-systems-management-appliance/kb/335869/is-the-kace-sma-affected-by-cve-2021-44228

Radware : https://support.radware.com/app/answers/answer_view/a_id/1029752

Red5Pro : https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/

RedHat : https://access.redhat.com/security/cve/cve-2021-44228

Revenera / Flexera : https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905

RunDeck by PagerDuty : https://docs.rundeck.com/docs/history/CVEs/

RSA : https://community.rsa.com/t5/general-security-advisories-and/rsa-customer-advisory-apache-vulnerability-log4j2-cve-2021-44228/ta-p/660501

Rubrik : https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK

SAFE FME Server : https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j

SailPoint : https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681

Salesforce : https://help.salesforce.com/s/articleView?id=000363736&type=1

SAP BusinessObjects : https://launchpad.support.sap.com/#/notes/3129956

SAP Global coverage : https://launchpad.support.sap.com/#/notes/3129930

SAS : https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html

Security Onion : https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html

ServiceNow : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959

Sesam Info : https://twitter.com/sesam_info/status/1469711992122486791

Shibboleth : http://shibboleth.net/pipermail/announce/2021-December/000253.html

Signald : https://gitlab.com/signald/signald/-/issues/259

Skillable : https://skillable.com/log4shell/

SLF4J : http://slf4j.org/log4shell.html

SmileCDR : https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228

Software AG : https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849

SolarWinds : https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228

SonarSource : https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721

Sonatype : https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild

SonicWall : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

Sophos : https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

Splunk : https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

Spring Boot : https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot

SUSE : https://www.suse.com/security/cve/CVE-2021-44228.html

Sterling Order IBM : https://www.ibm.com/support/pages/node/6525544

Swingset : https://github.com/bpangburn/swingset/blob/017452b2d0d8370871f43a68043dacf53af7f759/swingset/CHANGELOG.txt#L10

Synopsys : https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228

Talend : https://jira.talendforge.org/browse/TCOMP-2054

TealiumIQ : https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824

TrendMicro : https://success.trendmicro.com/solution/000289940

Ubiquiti-UniFi-UI : https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1

Ubuntu : https://ubuntu.com/security/CVE-2021-44228

USSIGNAL MSP : https://ussignal.com/blog/apache-log4j-vulnerability

Varonis : https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228

Veeam : https://forums.veeam.com/veeam-backup-for-azure-f59/log4j-cve-2021-44228-vulnerability-t78225.html#p438231

Vespa ENGINE : https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md

VMware : https://www.vmware.com/security/advisories/VMSA-2021-0028.html

Wallarm : https://lab.wallarm.com/cve-2021-44228-mitigation-update/

WatchGuard / Secplicity / https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/

WitFoo : https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/

Wowza : https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve

WSO2 : https://github.com/wso2/security-tools/pull/169

XCP-ng : https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact

Yandex-Cloud : https://github.com/yandex-cloud/docs/blob/6ff6c676787756e7dd6101c53b051e4cd04b3e85/ru/overview/security-bulletins/index.md#10122021--cve-2021-44228--%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B2%D1%8B%D0%BF%D0%BE%D0%BB%D0%BD%D0%B5%D0%BD%D0%B8%D0%B5-%D0%BA%D0%BE%D0%B4%D0%B0-log4shell-apache-log4j

ZAMMAD : https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256

Zaproxy : https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/

Zerto : https://help.zerto.com/kb/000004822

Zesty : https://www.zesty.io/mindshare/company-announcements/log4j-exploit/

ZSCALER : https://www.zscaler.fr/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021

Speedy emails, satisfied customers

Postmark Image

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more