Technology Impacted by Log4j2

Log4j2 Vulnerability (CVE-2021-44228)


This is a list of technologies that are known (or likely) to be impacted by the Apache Log4j vulnerability (CVE-2021-44228). The extent of the impact of this vulnerability is an ongoing effort and this list will be updated as more information becomes available. 

Last updated 16 December 2021 2:05pm ET.

Vendor Product Status Vendor Advisory
Apache Solr Vulnerable
Apache Struts 2 Vulnerable
No advisory, only exploitable screenshot -
Apache Druid Vulnerable
Apache Flink Vulnerable
Elastic Logstash Vulnerable to DoS
VMWare Multiple Under Vendor Investigation
Atlassian Cloud Instances Under Vendor Investigation
Microsoft Azure Azure Data lake store java Vulnerable
Cisco Multiple Vulnerable
Metabase Metabase Vulnerable
RedHat Multiple Vulnerable
OpenNMS Multiple Vulnerable

SysAid SysAid Vulnerable

Cloud Foundry UAA, Credhub, Cf-for-k8s, Cf-deployment, PHP buildpack, Java buildpack Under Vendor Investigation, mitigation available for some products


CVE-2021-44228 is a remote code execution vulnerability on versions 2.0-beta9 to 2.14.1 and is being actively exploited so anyone who is running the older versions of Apache Log4j2 should upgrade to Log4j 2.16.0 or apply other mitigation strategies immediately

Aggregated list of advisories: 


Join our Live Webinar

Finding Apache Log4j Vulnerabilities In Your Attack Surface

December 21, 2021 | 9 AM PST

Register Now