As of 12-14-2021 – Zyxware’s most up to date list of Log4J vulnerabilities.
Use Control + F to search the page for your software.
A
| Supplier | Product | Version (see Status) | Status (Hover Mouse for Link) |
|---|---|---|---|
| Accellence Technologies | EBÜS | All | Workaround |
| Akamai | Siem Splunk Connector | <1.4.10 | Workaround |
| Alertus | Console | 5.15.0 | Fix |
| Amazon | AMS | Fix | |
| Amazon | API Gateway | Fix | |
| Amazon | AWS CloudHSM | 3.4.1 | Fix |
| Amazon | AWS Glue | Fix | |
| Amazon | AWS Greengrass | Fix | |
| Amazon | AWS Lambda | Fix | |
| Amazon | Cloudfront | Fix | |
| Amazon | Connect | Fix | |
| Amazon | DynamoDB | Fix | |
| Amazon | EC2 | Fix – source, fix | |
| Amazon | Kafka | Fix | |
| Amazon | Keyspaces (for Apache Cassandra) | Fix | |
| Amazon | Kinesis Data Analytics | Fix | |
| Amazon | Lake Formation | Fix | |
| Amazon | MQ | Fix | |
| Amazon | NICE | Fix | |
| Amazon | OpenSearch | Fix | |
| Amazon | RDS | Fix | |
| Amazon | S3 | Fix | |
| Apache | Druid | 0.22.1 | Fix |
| Apache | Dubbo | All versions | Fix |
| Apache | Flink | 1.15.0, 1.14.1, 1.13.4 | Fix |
| Apache | Geode | 1.14.0 | Fix |
| Apache | Hadoop | 3.3.1 | Vulnerable |
| Apache | James | 3.6.0 | Vulnerable |
| Apache | Log4j | 2.15.0 | Fix |
| Apache | SOLR | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Workaround |
| Apache | Spark | 2.4.2 | Vulnerable |
| Apache | Struts | 2.5.28 | Vulnerable |
| Apache | Tapestry | 5.7.3 | Vulnerable |
| Apache | Tika | 2.0.0 and up | Vulnerable |
| APC | PowerChute Business Edition | Unknow to 10.0.2.301 | Vulnerable |
| APC | PowerChute Network Shutdown | Unknow to 4.2.0 | Vulnerable |
| Apereo | CAS | 6.3.x & 6.4.x | Fix |
| Apereo | Opencast | < 9.10, < 10.6 | Fix |
| Aptible | Aptible | ElasticSearch 5.x | Fix |
| Arduino | Arduino IDE | 1.8.17 | Fix |
| Arista Networks | CloudVision Portal | >2019.1.0 | Vulnerable |
| Arista Networks | CloudVision Wi-Fi, virtual appliance or physical appliance | >8.8 | Vulnerable |
| Arista Networks | Analytics Node for DANZ Monitoring Fabric (formerly Big Monitoring Fabric) | >7.0.0 | Vulnerable |
| Arista Networks | Analytics Node for Converged Cloud Fabric (formerly Big Cloud Fabric) | >7.0.0 | Vulnerable |
| Arista Networks | Embedded Analytics for Converged Cloud Fabric (formerly Big Cloud Fabric) | >5.3.0 | Vulnerable |
| Arista Networks | CloudVision Portal | >2019.1.0 | Vulnerable |
| Arista Networks | CloudVision Wi-Fi, virtual appliance or physical appliance | >8.8 | Vulnerable |
| Atlassian | Bamboo Server & Data Center | On prem | Vulnerable |
| Atlassian | BitBucket Server | On prem | Workaround |
| Atlassian | Confluence Server & Data Center | On prem | Vulnerable |
| Atlassian | Crowd Server & Data Center | On prem | Vulnerable |
| Atlassian | Crucible | On prem | Vulnerable |
| Atlassian | Fisheye | On prem | Vulnerable |
| Atlassian | Jira Server & Data Center | On prem | Vulnerable |
| Avaya |
B
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Backblaze | Cloud | N/A (SaaS) | Fix |
| BMC Software | Bladelogic Database Automation | Vulnerable | Fix expected on Dec 15th |
| BMC Software | BMC AMI Ops Common Rest API (CRA) | Vulnerable | Fix expected on Dec 14th |
| BMC Software | BMC AMI Ops Infrastructure (MVI) – CRA component | Vulnerable | Fix expected on Dec 14th |
| BMC Software | BMC AMI Ops Insight | Vulnerable | Fix expected on Dec 14th |
| BMC Software | BMC AMI Ops UI | Vulnerable | Fix expected on Dec 14th |
| BMC Software | BMC Client Management | Vulnerable | Fix expected on Dec 14th |
| BMC Software | BMC Discovery | Fix | Fix available in BMC’s Electronic Product Download site (EPD) |
| BMC Software | BMC Helix Continuous Optimization | Vulnerable | Fix expected on Dec 15th |
| BMC Software | BMC License Usage Collection Utility | Vulnerable | Fix expected on Dec 14th |
| BMC Software | CMDB | Vulnerable | |
| BMC Software | Control-M | Vulnerable | |
| BMC Software | Helix Data Manager | Vulnerable | |
| BMC Software | KMs – Sybase KM & Linux (RHEV) | Fix | Fix available in BMC’s Electronic Product Download site (EPD) |
| BMC Software | MainView Middleware Monitor | Vulnerable | Fix expected on Dec 20th |
| BMC Software | Remedy Smart Reporting | Vulnerable | |
| BMC Software | TrueSight App Visibility Manager | Vulnerable | Fix expected on Dec 15th |
| BMC Software | TrueSight Automation Console | Vulnerable | Fix expected on Dec 17th |
| BMC Software | TrueSight Automation for Networks | Vulnerable | Fix expected on Dec 13th |
| BMC Software | TrueSight Automation for Servers – Data Warehouse | Vulnerable | Fix expected on Dec 17th |
| BMC Software | TrueSight Automation for Servers | Vulnerable | Fix expected on Dec 17th |
| BMC Software | TrueSight Infrastructure Management | Vulnerable | |
| BMC Software | TrueSight IT Data Analytics | Vulnerable | Fix expected on Dec 15th |
| BMC Software | TrueSight Operations Management | Vulnerable | Fix expected on Dec 16th |
| BMC Software | TrueSight Smart Reporting | Vulnerable | Fix expected on Dec 14th |
| BMC Software | TSOM Smart Reporting | Vulnerable | Fix expected on Dec 14th |
| Brian Pangburn | SwingSet | < 4.0.6 | Fix |
| Broadcom | CA Advanced Authentication | 9.1 & 9.1.01 & 9.1.02 | Workaround |
| Broadcom | SiteMinder (CA Single Sign-On) | 12.8.x Policy Server, 12.8.04 or later Administrative UI, 12.8.x Access Gateway, 12.8.x SDK, 12.7 and 12.8 ASA Agents | Fix, Workaround |
| Broadcom | Symantec Endpoint Protection Manager (SEPM) | 14.3 | Workaround |
C
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Cisco | General Cisco Disclaimer | Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly | |
| Cisco | AppDynamics | <21.12.0 | Fix |
| Cisco | Network Services Orchestrator (NSO) | < nso-5.3.5.1, nso-5.4.5.2, nso-5.5.4.1, nso-5.6.3.1 | Vulnerable |
| Cisco | Nexus Dashboard (formerly Cisco Application Services Engine) | <2.1.2 | Vulnerable |
| Cisco | Video Surveillance Operations Manager | <7.14.4 | Vulnerable |
| Cisco | Webex Meetings Server | CWMS-3.0MR4SP2, CWMS-4.0MR4SP2 | Vulnerable |
| CIS-CAT | CSAT Pro | < 1.7.1 | Vulnerable |
| CIS-CAT | CIS-CAT Pro Assessor v4 | < 4.13.0 | Vulnerable |
| CIS-CAT | CIS-CAT Pro Assessor Service v4 | < 1.13.0 | Vulnerable |
| CIS-CAT | CIS-CAT Pro Assessor v3 | < 3.0.77 | Vulnerable |
| Commvault | Cloud Apps & Oracle & MS-SQL | All supported versions | Fix |
| Connect2id | Connect2id server | < 12.5.1 | Fix |
| Contrast | Hosted SaaS Enviroments | All | Fix |
| Contrast | On-premises (EOP) Environments | All | Fix/Mitigation |
| Contrast | Scan | All | Fix |
| ControlUp | All products | All versions | Fix |
| Couchbase | Couchbase ElasticSearch connector | < 4.3.3 & < 4.2.13 | Fix |
| Cyberark | Identity – Secure Web Sessions (SWS) | Fix | |
| Cyberark | Privilege Cloud – Service (SaaS) | Fix | |
| Cyberark | Privileged Threat Analytics (PTA) | Workaround – source, workaround | |
| Cyberark | Remote Access (Alero) – Connector | Fix | |
| Cyberark | Remote Access (Alero) – Service (SaaS) | Fix |
D
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| DatadogHQ | Datadog Agent | 6 < 6.32.2, 7 < 7.32.2 | Fix/workaround |
| Dataverse | The Dataverse Project | Vulnerable | |
| Debian | Apache-log4j.1.2 | stretch, buster, bullseye | Fix |
| Debian | Apache-log4j2 | stretch, buster, bullseye | Fix |
| Dynatrace | ActiveGates | 1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926 | Fix |
E
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| EclecticIQ | TIP | < 2.11 | Vulnerable |
| Elastic | APM Java Agent | 1.17.0-1.28.0 | Workaround |
| Elastic | Elasticsearch | < 6.8.21, < 7.16.1 | Workaround |
| Elastic | Elasticsearch | => 7.16.1 | Fixed |
| Elastic | Logstash | < 6.8.21, < 7.16.1 | Workaround |
| Esri | ArcGIS Enterprise and related products | < 10.8.0 | Vulnerable |
| EVL Labs | JGAAP | <8.0.2 | Fix |
| Extreme Networks | IQVA | Vulnerable |
F
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Fiix | CMMS core | V5 | Fix |
| FileCap | All products | <5.1.0 | Vulnerable |
| Forcepoint | DLP Manager | Workaround | |
| Forcepoint | Next Generation Firewall Security Management Center, and virtual SMC appliances (NGFW) | Workaround | |
| Forcepoint | Security Manager (Web, Email and DLP) | Workaround | |
| ForgeRock | Autonomous Identity | Workaround | |
| Fortinet | FortiAIOps | Vulnerable | |
| Fortinet | FortiCASB | Vulnerable | |
| Fortinet | FortiConvertor | Vulnerable | |
| Fortinet | FortiEDR Cloud | Vulnerable | |
| Fortinet | FortiNAC | Vulnerable | |
| Fortinet | FortiNAC | Vulnerable | |
| Fortinet | FortiPolicy | Vulnerable | |
| Fortinet | FortiPortal | Vulnerable | |
| Fortinet | FortiSIEM | Vulnerable | |
| Fortinet | FortiSOAR | Vulnerable | |
| Fortinet | ShieldX | Vulnerable | |
| F-Secure | Endpoint Proxy | 13-15 | Fix |
| F-Secure | Policy Manager | 13-15 | Fix |
| F-Secure | Policy Manager Proxy | 13-15 | Fix |
G
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| GeoSolutions | Geonetwork | All versions | Workaround |
| GFI Software | Kerio Connect | Vulnerable | |
| GitHub | Github Enterprise Server | 3.3.1, 3.2.6, 3.1.14, 3.0.22 | Fix |
| Gradle | Gradle Enterprise | 2021.3.6 | Fix |
| Gradle | Gradle Enterprise Test Distribution Agent | 1.6.2 | Fix |
| Gradle | Gradle Enterprise Build Cache Node | 10.1 | Fix |
| Graylog | Graylog | < 3.3.15,<4.0.14,<4.1.9,<4.2.3 | Fix |
| GuardedBox | GuardedBox | <3.1.2 | Fix |
H
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| HCL Software | BigFix Compliance | > 2.0.1 ; < 2.0.4 | Workaround |
| HCL Software | BigFix Inventory | < 10.0.7 | Workaround |
| HPE | Silver Peak Orchestrator | Workaround – source, workaround |
I
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| IBM | Curam SPM | 8.0.0, 7.0.11 | Vulnerable |
| IBM | VM Manager Tool (part of License Metric Tool) | >9.2.21,<9.2.26 | Vulnerable |
| IBM | Websphere | 8.5 | Vulnerable |
| IBM | Websphere | 9.0 | Vulnerable |
| IGEL | Universal Management Suite | Workaround | |
| Informatica | Axon | 7.2.x | Workaround |
| Informatica | Data Privacy Management | 10.5, 10.5.1 | Workaround |
| Informatica | Information Deployment Manager | Fix | |
| Informatica | Metadata Manager | 10.4, 10.4.1, 10.5, 10.5.1 | Workaround |
| Informatica | PowerCenter | 10.5.1 | Workaround |
| Informatica | PowerExchange for CDC (Publisher) and Mainframe | 10.5.1 | Workaround |
| Informatica | Product 360 | All versions | Workaround |
J
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Jamf Nation | Jamf Pro (hosted on-prem) | < 10.34.1 | See notes |
| JetBrains | YouTrack Standalone | >= 2019.2 <= 2021.4.34389 | Vuln |
| Jitsi | jitsi-videobridge | v2.1-595-g3637fda42 | Fix |
| Juniper Networks | Junos Space Network Management Platform | Unspecified | Vulnerable |
| Juniper Networks | Northstar Controller | Unspecified | Vulnerable |
| Juniper Networks | Paragon Insights | >= 21 version 21.1 ; >= 22 version 22.2 | Vulnerable |
| Juniper Networks | Paragon Pathfinder | >= 21 version 21.1 ; >= 22 version 22.2 | Vulnerable |
| Juniper Networks | Paragon Planner | >= 21 version 21.1 ; >= 22 version 22.2 | Vulnerable |
K
| Supplier | Product | Version (see Status) | Status |
|---|
L
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| LeanIX | All products | All versions | Fix |
| Lyrasis | DSpace | 7.x | Fix/Workaround |
M
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Mailcow | Mailcow Solr Docker | < 1.8 | Fix |
| McAfee | Enterprise Security Manager (ESM) | 11.x | Workaround |
| McAfee | Threat Intelligence Exchange (TIE) | 2.2, 2.3, 3.0 | Workaround |
| McAfee | ePolicy Orchestrator Application Server (ePO) | 5.10 CU11 | Workaround |
| Metabase | Metabase | <0.41.4 | Fix |
| Micro Focus | ArcSight ESM | 7.2, 7.5 | Vulnerable |
| Micro Focus | ArcSight Logger | 7.2 and above | Vulnerable |
| Micro Focus | ArcSight Recon | All Versions | Vulnerable |
| Micro Focus | ArcSight Intelligence | All Versions | Vulnerable |
| Micro Focus | ArcSight Connectors | 8.2 and above | Vulnerable |
| Micro Focus | ArcSight Transformation Hub | All Versions | Vulnerable |
| Microsoft | Kafka Connect for Azure Cosmo DB | < 1.2.1 | Fix |
| Minecraft | Java edition | <1.18.1 | Fix |
| Mitel | Mitel Interaction Recording (MIR) | 6.3 to 6.7 | Fix |
N
| Supplier | Product | Version (See Status) | Status |
|---|---|---|---|
| Nelson | Nelson | 0.16.185 | Vulnerable |
| Neo4j | Neo4j | > 4.2 | Vulnerable |
| Netflix | atlas | 1.6.6 | Workaround |
| Netflix | dgs-framework | < 4.9.11 | Fix |
| Netflix | spectator | < 1.0.9 | Fix |
| NetIQ | Access Manager | >= 4.5.x & >= 5.0.x | Workaround |
| New Relic | Java Agent | 6.5.1 & 7.4.1 | Fix |
| NSA | Ghidra | < 10.1 | Fix – source, fix |
| Nutanix | General Guidance | Nutanix updating Security Advisory #23 multiple times per day, please check source link for absolute latest status | |
| Nutanix | AOS (STS) | All supported versions | Workaround |
| Nutanix | Flow Security Central | SaaS | Fix |
| Nutanix | Frame | SaaS Public | Fix |
| Nutanix | Prism Central | All supported versions | Vulnerable |
| Nutanix | Sizer | SaaS | Fix |
O
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| OCLC | all | all | Fix |
| Okta | On-Prem MFA Agent | <1.4.6 | Fix – source, fix |
| Okta | Radius Server Agent | 2.17.0 | Fix |
| Okta | RADIUS Server Agent | <2.17.0 | Fix – source, fix |
| openHAB | openHAB | 3.0.4, 3.1.1 | Fix |
| OpenMRS | Talk | 2.4.0-2.4.1 | Vulnerable |
| OpenNMS | Horizon (including derived Sentinels) | < 29.0.3 | Fix |
| OpenNMS | Meridian (including derived Minions and Sentinels) | < 2021.1.8, 2020.1.15, 2019.1.27 | Fix |
| OpenSearch | OpenSearch | < 1.2.1 | Fix |
| Oracle | Oracle Data Integrator (ODI) | >= 12.2.1.3.210119, Marketplace – >= 2.1.0 | Workaround – source, Support note 2827611.1, Support Note 2827793.1 |
| Oracle | Oracle WebCenter Portal | 12.2.1.3 & 12.2.1.4 | Workaround – source, Support note 2827611.1 |
| OWASP | ZAP | < 2.11.1 | Fix |
P
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| PagerDuty | Rundeck | 3.3+ | Fix |
| PaperCut | PaperCut MF | >= 21.0 | Workaround |
| PaperCut | PaperCut NG | >= 21.0 | Workaround |
| Pega | Pega Platform | On Prem | Fix |
| Pexip | Pexip Service | all | Fix |
| Portex | Portex | <3.0.2 | Fix |
| Progress | DataDirect Hybrid Data Pipeline | Workaround – source, mitigations | |
| Progress | OpenEdge | Workaround – source, mitigations | |
| Puppet | Continuous Delivery for Puppet Enterprise | 3.x, < 4.10.2 | Fix – source, workaround,mitigations |
Q
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| QOS.ch | SLF4J Simple Logging Facade for Java |
R
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Red Hat | Red Hat CodeReady Studio 12 | Vulnerable | |
| Red Hat | Red Hat Data Grid 8 | Vulnerable | |
| Red Hat | Red Hat Descision Manager 7 | Vulnerable | |
| Red Hat | Red Hat Integration Camel K | Vulnerable | |
| Red Hat | Red Hat Integration Camel Quarkus | Vulnerable | |
| Red Hat | Red Hat JBoss A-MQ Streaming | Vulnerable | |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | Vulnerable | |
| Red Hat | Red Hat JBoss Fuse 7 | Vulnerable | |
| Red Hat | Red Hat OpenShift Application Runtimes | Vulnerable | |
| Red Hat | Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5 | Vulnerable | |
| Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6 | Vulnerable | |
| Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive | Vulnerable | |
| Red Hat | Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto | Vulnerable | |
| Red Hat | Red Hat OpenShift Logging logging-elasticsearch6-container | Vulnerable | |
| Red Hat | Red Hat OpenStack Platform 13 (Queens) opendaylight | Vulnerable | |
| Red Hat | Red Hat Process Automation 7 | Vulnerable | |
| Redis | Jedis | 3.7.1, 4.0.0-rc2 | Fix |
| Riverbed | NetIM 2.x | Vulnerable | |
| Riverbed | Portal 1.x | Vulnerable | |
| Riverbed | Portal 3.x | Vulnerable | |
| Riverbed | Scon EX Analytics | Vulnerable | |
| Riverbed | Scon EX Director | Vulnerable | |
| Riverbed | UCExpert | Vulnerable | |
| RSA | NetWitness Orchestrator | >= 6.0 | Workaround |
| RSA | NetWitness Platform | 11.4 | Workaround |
| RSA | NetWitness Platform | >= 11.5 | Workaround |
| Ruckus | FlexMaster | Vuln | |
| Ruckus | SmartZone 100 (SZ-100) | Vuln | |
| Ruckus | SmartZone 144 (SZ-144) | Vuln | |
| Ruckus | SmartZone 300 (SZ-300) | Vuln | |
| Ruckus | Unleashed | Vuln | |
| Ruckus | Virtual SmartZone (vSZ) | Vuln |
S
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| SailPoint | IdentityIQ | 8.0 or later | Workaround |
| SAP | Customer Checkout PoS / manager | 2.0 FP09, 2.0 FP10, 2.0 FP11 PL06 (or lower) and 2.0 FP12 PL04 (or lower) | Fix |
| SAP | XS Advanced Runtime | 1.0.140 or lower | Fix |
| SAS Institute | SAS Cloud Solutions | Workaround | |
| SAS Institute | SAS Profile | Fix | |
| Security Onion Solutions | Security Onion | 2.3.90 20211210 | Fix |
| Siemens | E-Car OC Cloud Application | Fix | |
| Siemens | EnergyIP Prepay | 3.7, 3.8 | Vulnerable |
| Siemens | Industrial Edge Management App (IEM-App) | all | Vulnerable |
| Siemens | Industrial Edge Management OS (IEM-OS) | all | Vulnerable |
| Siemens | Industrial Edge Manangement Hub | all | Vulnerable |
| Siemens | LOGO! Soft Comfort | all | Vulnerable |
| Siemens | Mendix Applications | all | Vulnerable |
| Siemens | Mindsphere Cloud Application | Fix | |
| Siemens | Operation Scheduler | >= V1.1.3 | Vulnerable |
| Siemens | SIGUARD DSA | V4.2, V4.3, V4.4 | Workaround |
| Siemens | SIMATIC WinCC V7.4 | V7.4 SP1 | Fix |
| Siemens | Siveillance Command | >= 4.16.2.1 | Vulnerable |
| Siemens | Siveillance Control Pro | < V2.1 | Vulnerable |
| Siemens | Siveillance Control Pro | >= V2.1 | Workaround |
| Siemens | Siveillance Vantage | all | Vulnerable |
| SolarWinds | Database Performance Analyzer | 2021.1.x, 2021.3.x, 2022.1.x | Workaround – source, workaround |
| SolarWinds | Server & Application Monitor | >= 2020.2.6 | Workaround – source, workaround |
| SonarSource | SonarCloud | Fix | |
| SonarSource | SonarQube | Workaround | |
| SonicWall | Email Security | 10.x | Vulnerable |
| Sophos | Cloud Optix | Fix | |
| Sophos | Sophos Mobile EAS Proxy | 9.7.2 | Fix |
| Splunk | Add-On: Java Management Extensions | 3.0.0, 2.1.0 | Vulnerable |
| Splunk | Add-On: JBoss | 3.0.0, 2.1.0 | Vulnerable |
| Splunk | Add-On: Tomcat | 3.0.0, 2.1.0 | Vulnerable |
| Splunk | Data Stream Processor | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | Vulnerable |
| Splunk | IT Service Intelligence (ITSI) | 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x | Vulnerable |
| Splunk | Splunk Connect for Kafka | <2.0.4 | Fix |
| Splunk | Splunk Enterprise | All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used. | Workaround |
| Splunk | Splunk Enterprise Amazon Machine Image (AMI) | see Splunk Enterprise | Workaround |
| Splunk | Splunk Enterprise Docker Container | see Splunk Enterprise | Workaround |
| Splunk | Splunk Logging Library for Java | <1.11.1 | Fix |
| Splunk | Stream Processor Service | Current | Vulnerable |
| Stardog | Stardog | <7.8.1 | Fix |
| Stratodesk | NoTouch | 4.5.231 | Fix |
| Sumo logic | Sumu logic | 19.361-12 | Fix |
| SUSE | SUSE Openstack Cloud | all | Vuln |
| syntevo | DeepGit | >= 4.0 | Fix |
| syntevo | SmartGit | >= 18.1 | Fix |
| syntevo | SmartSVN | >= 9.3 | Fix |
| syntevo | SmartSynchronize | >= 3.5 | Fix |
| SysAid | All products | Fix |
T
| Supplier | Product | Version | Status |
|---|---|---|---|
| Talend | Talend Component Kit | Fix | |
| Tealium | All products | Fix | |
| Teamviewer | All products | Fix | |
| Tosibox | All products | Fix | |
| TrendMicro | Trend Micro Email Security & HES | Fix | |
| TrendMicro | Vision One | Fix |
U
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Ubiquiti | UniFi Network Application | 6.5.54 | Fix |
| Unify | First Response OpenScape Policy Store | Vulnerable | |
| Unify | Hipath DS-Win | Vulnerable | |
| Unify | OpenScape Contact Center | Vulnerable | |
| Unify | OpenScape Contact Media Service | Vulnerable | |
| Unify | OpenScape UC | >= 10.2.9.0 | Vulnerable |
| Unify | OpenScape Voice | simplex deployments | Vulnerable |
| US Signal | Remote Management and Monitoring platform | Workaround | |
| USoft | USoft | 9.1.1F | Vulnerable |
V
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| VMware | API Portal for VMware Tanzu | 1.x | Fix – source, fix |
| VMware | AppDefense Appliance | 2.x | Workaround – source, workaround |
| VMware | App Metrics | 2.1.1 | Fix – source, fix |
| VMware | Carbon Black Cloud Workload Appliance | 1.x | Fix – source, workaround |
| VMware | Carbon Black EDR Server | 7.x, 6.x | Fix – source, workaround, fix |
| VMware | Cloud Director Object Storage Extension | 2.1.x, 2.0.x | Fix – source, fix |
| VMware | Cloud Foundation | 4.x, 3.x | Workaround – source, workaround |
| VMware | HCX | 4.2.3, 4.1.0.2 | Fix |
| VMware | Healthwatch for Tanzu Application Service | 2.1.7, 1.8.6 | Fix – source, fix |
| VMware | Horizon | 8.x, 7.x | Workaround – source, workaround |
| VMware | Horizon Cloud Connector | 1.x, 2.x | Fix – source, fix |
| VMware | Horizon DaaS | 9.1.x, 9.0.x | Workaround – source, workaround |
| VMware | Identity Manager | 3.3.x | Workaround – source, workaround |
| VMware | NSX Data Center for vSphere | 6.x | Workaround – source, workaround |
| VMware | NSX-T Data Center | 3.x, 2.x | Workaround – source, workaround |
| VMware | Single Sign-On for VMware Tanzu Application Service | 1.x | Fix – source, fix |
| VMware | Site Recovery Manager | 8.x | Vuln – source, workaround |
| VMware | Spring Boot | < 2.5.8, < 2.6.2 | Workaround |
| VMware | Spring Cloud Gateway for Kubernetes | 1.x | Vulnerable |
| VMware | Spring Cloud Gateway for VMware Tanzu | 1.x | Fix – source, fix |
| VMware | Spring Cloud Services for VMware Tanzu | 3.x | Fix – source, fix |
| VMware | Tanzu Application Service for VMs | 2.x | Fix – source, workaround, fix |
| VMware | Tanzu GemFire | 1.14.x, 1.13.x, 1.10.x | Fix – source, fix |
| VMware | Tanzu Greenplum | 6.x | Workaround – source, workaround |
| VMware | Tanzu Kubernetes Grid Integrated Edition | 2.x | Workaround – source, workaround |
| VMware | Tanzu Observability by Wavefront Nozzle | 3.x, 2.x | Fix – source, fix |
| VMware | Tanzu Operations Manager | 2.x | Fix – source, workaround, fix |
| VMware | Tanzu SQL with MySQL for VMs | 2.x, 1.x | Vulnerable |
| VMware | Telco Cloud Automation | 2.x, 1.x | Vulnerable |
| VMware | Unified Access Gateway | 21.x, 20.x, 3.x | Workaround – source, workaround |
| VMware | vCenter Cloud Gateway | 1.x | Workaround – source, workaround |
| VMware | vCenter Server | 6.x | Workaround – source, workaround |
| VMware | vCenter Server | 7.x, 6.x | Workaround – source, workaround |
| VMware | vRealize Automation | 8.x, 7.x | Vulnerable |
| VMware | vRealize Lifecycle Manager | 8.x | Workaround – source, workaround |
| VMware | vRealize Log Insight | 8.x | Workaround – source, workaround |
| VMware | vRealize Operations | 8.x | Workaround – source, workaround |
| VMware | vRealize Operations Cloud Proxy | Any | Workaround – source, workaround |
| VMware | vRealize Orchestrator | 8.x, 7.x | Vulnerable |
| VMware | Workspace ONE Access | 21.x, 20.x | Workaround – source, workaround |
| VMware | Workspace ONE Access Connector (VMware Identity Manager Connector) | 19.03.0.1, 20.x, 21.x | Workaround – source, workaround |
W
| Supplier | Product | Version | Status |
|---|---|---|---|
| WitFoo | WitFoo Precinct | 6.x | Fix |
| Wowza | Wowza Streaming Engine | 4.7.8, 4.8.x | Workaround |
X
Y
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Y Soft | SAFEQ 6 | <= 6.0.63 | Workaround |
Z
| Supplier | Product | Version (see Status) | Status |
|---|---|---|---|
| Zammad | Zammad | Workaround |