leetxyz/CVE-2021-44228-Advisories

List of company advisories log4j

CVE-2021-44228-Advisories

Please open Issues to include an advisory / No PRs.

Please check out this list, got more traction than mine :)

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

This list includes all advisories of companies, even if they're just confirming that they're not using log4j at all.

Company/Product	Link to advisory	Do you have to do something
Amazon Web Service	https://aws.amazon.com/de/security/security-bulletins/AWS-2021-005/	Yes
Atlassian	https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html	Maybe, depending on your configuration
Checkpoint	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176865&partition=General&product=IPS	No
Cisco	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Check later, they're currently investigating
Citrix	https://support.citrix.com/article/CTX335705	Check later, they're currently investigating
Elastic	https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476	Yes
F5	https://support.f5.com/csp/article/K19026212	No
Jenkins	https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/	Maybe, depending on your configuration
JFrog	https://twitter.com/jfrog/status/1469385793823199240	No
Minecraft	https://help.minecraft.net/hc/en-us/articles/4416199399693-Security-Vulnerability-in-Minecraft-Java-Edition	Yes
OpenMRS	https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341	Yes
N-Able	https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability	Maybe
NetApp	https://security.netapp.com/advisory/ntap-20211210-0007/	Yes, but nothing available yet
NSA Ghidra	https://github.com/NationalSecurityAgency/ghidra#warning	Yes
Paloalto Networks	https://security.paloaltonetworks.com/CVE-2021-44228	No
PulseSecure	https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/	No
Red Hat	https://access.redhat.com/security/vulnerabilities/RHSB-2021-009?sc_cid=701f2000000tyBjAAI	Yes
SalesForce	https://help.salesforce.com/s/articleView?id=000363736&type=1	Check later, they're currently investigating
SonarQube	https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721	Check later, they're currently investigating
Sonatype	https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild	Check later, they're currently investigating
Sophos	https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce	No
VMware	https://www.vmware.com/security/advisories/VMSA-2021-0028.html	Yes