Searchable Log4j vulnerability list
Vulnerabilities in the Apache Log4j framework gained widespread attention from adversaries, defenders, and press in December, 2021, due to its prevalence, techincal impact, and ease of exploitation. The US Cybersecurity and Infrastructure Security Agency (CISA) tracks vulnerable components, products, and devices to help organizations identify whether and how they may be affected.
According to the Center for Internet Security, the vulnerability may affecgt over 100 million software applications, online services, and IoT devices globally. The Log4j framework is embedded so deeply in software supply chains, software vendors may not know it is in one of the products they provide and owners may not know they are exposed to risk from the systems they operate.
This searchable, sortable list contains vendors and products from the CISA Log4j (CVE-2021-44228) Affected Vendor & Software List. By default, products are sorted alphabetically by Vendor name. The Status field reveals what CISA has determined about whether each product contains a version of the Log4j package vulnerable to CVE-2021-44228.
Status | Description |
---|---|
Unknown | CISA has not been able to determine whether the product contains a version of Log4j vulnerable to CVE-2021-44228. |
Affected: Mitigated | The software product is reported to be affected by CVE-2021-44228 and a patch, fix, or workaround has been provided by the Vendor. |
Affected: Mitigated | The software product is reported to be affected by CVE-2021-44228 and no patch, fix, or workaround has been provided by the Vendor. |
Not Affected | The software product is reported to NOT be affected by CVE-2021-44228. |