banner-asp-mobile

Technology Impacted by Log4j2

Log4j2 Vulnerability (CVE-2021-44228)

logo

This is a list of technologies that are known (or likely) to be impacted by the Apache Log4j vulnerability (CVE-2021-44228). The extent of the impact of this vulnerability is an ongoing effort and this list will be updated as more information becomes available. 

Last updated 16 December 2021 2:05pm ET.

Vendor Product Status Vendor Advisory
Apache Solr Vulnerable
Apache Struts 2 Vulnerable
No advisory, only exploitable screenshot - https://github.com/YfryTchsGD/Log4jAttackSurface/blob/master/pages/ApacheStruts2.md
Apache Druid Vulnerable https://github.com/apache/druid/issues/12054
Apache Flink Vulnerable https://flink.apache.org/2021/12/10/log4j-cve.html
Elastic Logstash Vulnerable to DoS
VMWare Multiple Under Vendor Investigation https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Atlassian Cloud Instances Under Vendor Investigation
Microsoft Azure Azure Data lake store java Vulnerable
Cisco Multiple Vulnerable
Metabase Metabase Vulnerable
RedHat Multiple Vulnerable https://access.redhat.com/security/cve/cve-2021-44228
OpenNMS Multiple Vulnerable

https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/

SysAid SysAid Vulnerable

https://www.sysaid.com/lp/important-update-regarding-apache-log4j

Cloud Foundry UAA, Credhub, Cf-for-k8s, Cf-deployment, PHP buildpack, Java buildpack Under Vendor Investigation, mitigation available for some products

https://www.cloudfoundry.org/blog/log4j-vulnerability-cve-2021-44228-impact-on-cloud-foundry-products/

 

CVE-2021-44228 is a remote code execution vulnerability on versions 2.0-beta9 to 2.14.1 and is being actively exploited so anyone who is running the older versions of Apache Log4j2 should upgrade to Log4j 2.16.0 or apply other mitigation strategies immediately

Aggregated list of advisories: https://github.com/YfryTchsGD/Log4jAttackSurface 

mobile

Join our Live Webinar

Finding Apache Log4j Vulnerabilities In Your Attack Surface

December 21, 2021 | 9 AM PST

Register Now