Log4J List by Zyxware – Digital Cowboy

As of 12-14-2021 – Zyxware’s most up to date list of Log4J vulnerabilities.

Use Control + F to search the page for your software.

A

Supplier	Product	Version (see Status)	Status (Hover Mouse for Link)
Accellence Technologies	EBÜS	All	Workaround
Akamai	Siem Splunk Connector	<1.4.10	Workaround
Alertus	Console	5.15.0	Fix
Amazon	AMS		Fix
Amazon	API Gateway		Fix
Amazon	AWS CloudHSM	3.4.1	Fix
Amazon	AWS Glue		Fix
Amazon	AWS Greengrass		Fix
Amazon	AWS Lambda		Fix
Amazon	Cloudfront		Fix
Amazon	Connect		Fix
Amazon	DynamoDB		Fix
Amazon	EC2		Fix – source, fix
Amazon	Kafka		Fix
Amazon	Keyspaces (for Apache Cassandra)		Fix
Amazon	Kinesis Data Analytics		Fix
Amazon	Lake Formation		Fix
Amazon	MQ		Fix
Amazon	NICE		Fix
Amazon	OpenSearch		Fix
Amazon	RDS		Fix
Amazon	S3		Fix
Apache	Druid	0.22.1	Fix
Apache	Dubbo	All versions	Fix
Apache	Flink	1.15.0, 1.14.1, 1.13.4	Fix
Apache	Geode	1.14.0	Fix
Apache	Hadoop	3.3.1	Vulnerable
Apache	James	3.6.0	Vulnerable
Apache	Log4j	2.15.0	Fix
Apache	SOLR	7.4.0 to 7.7.3, 8.0.0 to 8.11.0	Workaround
Apache	Spark	2.4.2	Vulnerable
Apache	Struts	2.5.28	Vulnerable
Apache	Tapestry	5.7.3	Vulnerable
Apache	Tika	2.0.0 and up	Vulnerable
APC	PowerChute Business Edition	Unknow to 10.0.2.301	Vulnerable
APC	PowerChute Network Shutdown	Unknow to 4.2.0	Vulnerable
Apereo	CAS	6.3.x & 6.4.x	Fix
Apereo	Opencast	< 9.10, < 10.6	Fix
Aptible	Aptible	ElasticSearch 5.x	Fix
Arduino	Arduino IDE	1.8.17	Fix
Arista Networks	CloudVision Portal	>2019.1.0	Vulnerable
Arista Networks	CloudVision Wi-Fi, virtual appliance or physical appliance	>8.8	Vulnerable
Arista Networks	Analytics Node for DANZ Monitoring Fabric (formerly Big Monitoring Fabric)	>7.0.0	Vulnerable
Arista Networks	Analytics Node for Converged Cloud Fabric (formerly Big Cloud Fabric)	>7.0.0	Vulnerable
Arista Networks	Embedded Analytics for Converged Cloud Fabric (formerly Big Cloud Fabric)	>5.3.0	Vulnerable
Arista Networks	CloudVision Portal	>2019.1.0	Vulnerable
Arista Networks	CloudVision Wi-Fi, virtual appliance or physical appliance	>8.8	Vulnerable
Atlassian	Bamboo Server & Data Center	On prem	Vulnerable
Atlassian	BitBucket Server	On prem	Workaround
Atlassian	Confluence Server & Data Center	On prem	Vulnerable
Atlassian	Crowd Server & Data Center	On prem	Vulnerable
Atlassian	Crucible	On prem	Vulnerable
Atlassian	Fisheye	On prem	Vulnerable
Atlassian	Jira Server & Data Center	On prem	Vulnerable
Avaya

B

Supplier	Product	Version (see Status)	Status
Backblaze	Cloud	N/A (SaaS)	Fix
BMC Software	Bladelogic Database Automation	Vulnerable	Fix expected on Dec 15th
BMC Software	BMC AMI Ops Common Rest API (CRA)	Vulnerable	Fix expected on Dec 14th
BMC Software	BMC AMI Ops Infrastructure (MVI) – CRA component	Vulnerable	Fix expected on Dec 14th
BMC Software	BMC AMI Ops Insight	Vulnerable	Fix expected on Dec 14th
BMC Software	BMC AMI Ops UI	Vulnerable	Fix expected on Dec 14th
BMC Software	BMC Client Management	Vulnerable	Fix expected on Dec 14th
BMC Software	BMC Discovery	Fix	Fix available in BMC’s Electronic Product Download site (EPD)
BMC Software	BMC Helix Continuous Optimization	Vulnerable	Fix expected on Dec 15th
BMC Software	BMC License Usage Collection Utility	Vulnerable	Fix expected on Dec 14th
BMC Software	CMDB	Vulnerable
BMC Software	Control-M	Vulnerable
BMC Software	Helix Data Manager	Vulnerable
BMC Software	KMs – Sybase KM & Linux (RHEV)	Fix	Fix available in BMC’s Electronic Product Download site (EPD)
BMC Software	MainView Middleware Monitor	Vulnerable	Fix expected on Dec 20th
BMC Software	Remedy Smart Reporting	Vulnerable
BMC Software	TrueSight App Visibility Manager	Vulnerable	Fix expected on Dec 15th
BMC Software	TrueSight Automation Console	Vulnerable	Fix expected on Dec 17th
BMC Software	TrueSight Automation for Networks	Vulnerable	Fix expected on Dec 13th
BMC Software	TrueSight Automation for Servers – Data Warehouse	Vulnerable	Fix expected on Dec 17th
BMC Software	TrueSight Automation for Servers	Vulnerable	Fix expected on Dec 17th
BMC Software	TrueSight Infrastructure Management	Vulnerable
BMC Software	TrueSight IT Data Analytics	Vulnerable	Fix expected on Dec 15th
BMC Software	TrueSight Operations Management	Vulnerable	Fix expected on Dec 16th
BMC Software	TrueSight Smart Reporting	Vulnerable	Fix expected on Dec 14th
BMC Software	TSOM Smart Reporting	Vulnerable	Fix expected on Dec 14th
Brian Pangburn	SwingSet	< 4.0.6	Fix
Broadcom	CA Advanced Authentication	9.1 & 9.1.01 & 9.1.02	Workaround
Broadcom	SiteMinder (CA Single Sign-On)	12.8.x Policy Server, 12.8.04 or later Administrative UI, 12.8.x Access Gateway, 12.8.x SDK, 12.7 and 12.8 ASA Agents	Fix, Workaround
Broadcom	Symantec Endpoint Protection Manager (SEPM)	14.3	Workaround

C

Supplier	Product	Version (see Status)	Status
Cisco	General Cisco Disclaimer	Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly
Cisco	AppDynamics	<21.12.0	Fix
Cisco	Network Services Orchestrator (NSO)	< nso-5.3.5.1, nso-5.4.5.2, nso-5.5.4.1, nso-5.6.3.1	Vulnerable
Cisco	Nexus Dashboard (formerly Cisco Application Services Engine)	<2.1.2	Vulnerable
Cisco	Video Surveillance Operations Manager	<7.14.4	Vulnerable
Cisco	Webex Meetings Server	CWMS-3.0MR4SP2, CWMS-4.0MR4SP2	Vulnerable
CIS-CAT	CSAT Pro	< 1.7.1	Vulnerable
CIS-CAT	CIS-CAT Pro Assessor v4	< 4.13.0	Vulnerable
CIS-CAT	CIS-CAT Pro Assessor Service v4	< 1.13.0	Vulnerable
CIS-CAT	CIS-CAT Pro Assessor v3	< 3.0.77	Vulnerable
Commvault	Cloud Apps & Oracle & MS-SQL	All supported versions	Fix
Connect2id	Connect2id server	< 12.5.1	Fix
Contrast	Hosted SaaS Enviroments	All	Fix
Contrast	On-premises (EOP) Environments	All	Fix/Mitigation
Contrast	Scan	All	Fix
ControlUp	All products	All versions	Fix
Couchbase	Couchbase ElasticSearch connector	< 4.3.3 & < 4.2.13	Fix
Cyberark	Identity – Secure Web Sessions (SWS)		Fix
Cyberark	Privilege Cloud – Service (SaaS)		Fix
Cyberark	Privileged Threat Analytics (PTA)		Workaround – source, workaround
Cyberark	Remote Access (Alero) – Connector		Fix
Cyberark	Remote Access (Alero) – Service (SaaS)		Fix

D

Supplier	Product	Version (see Status)	Status
DatadogHQ	Datadog Agent	6 < 6.32.2, 7 < 7.32.2	Fix/workaround
Dataverse	The Dataverse Project		Vulnerable
Debian	Apache-log4j.1.2	stretch, buster, bullseye	Fix
Debian	Apache-log4j2	stretch, buster, bullseye	Fix
Dynatrace	ActiveGates	1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926	Fix

E

Supplier	Product	Version (see Status)	Status
EclecticIQ	TIP	< 2.11	Vulnerable
Elastic	APM Java Agent	1.17.0-1.28.0	Workaround
Elastic	Elasticsearch	< 6.8.21, < 7.16.1	Workaround
Elastic	Elasticsearch	=> 7.16.1	Fixed
Elastic	Logstash	< 6.8.21, < 7.16.1	Workaround
Esri	ArcGIS Enterprise and related products	< 10.8.0	Vulnerable
EVL Labs	JGAAP	<8.0.2	Fix
Extreme Networks	IQVA		Vulnerable

F

Supplier	Product	Version (see Status)	Status
Fiix	CMMS core	V5	Fix
FileCap	All products	<5.1.0	Vulnerable
Forcepoint	DLP Manager		Workaround
Forcepoint	Next Generation Firewall Security Management Center, and virtual SMC appliances (NGFW)		Workaround
Forcepoint	Security Manager (Web, Email and DLP)		Workaround
ForgeRock	Autonomous Identity		Workaround
Fortinet	FortiAIOps		Vulnerable
Fortinet	FortiCASB		Vulnerable
Fortinet	FortiConvertor		Vulnerable
Fortinet	FortiEDR Cloud		Vulnerable
Fortinet	FortiNAC		Vulnerable
Fortinet	FortiNAC		Vulnerable
Fortinet	FortiPolicy		Vulnerable
Fortinet	FortiPortal		Vulnerable
Fortinet	FortiSIEM		Vulnerable
Fortinet	FortiSOAR		Vulnerable
Fortinet	ShieldX		Vulnerable
F-Secure	Endpoint Proxy	13-15	Fix
F-Secure	Policy Manager	13-15	Fix
F-Secure	Policy Manager Proxy	13-15	Fix

G

Supplier	Product	Version (see Status)	Status
GeoSolutions	Geonetwork	All versions	Workaround
GFI Software	Kerio Connect		Vulnerable
GitHub	Github Enterprise Server	3.3.1, 3.2.6, 3.1.14, 3.0.22	Fix
Gradle	Gradle Enterprise	2021.3.6	Fix
Gradle	Gradle Enterprise Test Distribution Agent	1.6.2	Fix
Gradle	Gradle Enterprise Build Cache Node	10.1	Fix
Graylog	Graylog	< 3.3.15,<4.0.14,<4.1.9,<4.2.3	Fix
GuardedBox	GuardedBox	<3.1.2	Fix

H

Supplier	Product	Version (see Status)	Status
HCL Software	BigFix Compliance	> 2.0.1 ; < 2.0.4	Workaround
HCL Software	BigFix Inventory	< 10.0.7	Workaround
HPE	Silver Peak Orchestrator		Workaround – source, workaround

I

Supplier	Product	Version (see Status)	Status
IBM	Curam SPM	8.0.0, 7.0.11	Vulnerable
IBM	VM Manager Tool (part of License Metric Tool)	>9.2.21,<9.2.26	Vulnerable
IBM	Websphere	8.5	Vulnerable
IBM	Websphere	9.0	Vulnerable
IGEL	Universal Management Suite		Workaround
Informatica	Axon	7.2.x	Workaround
Informatica	Data Privacy Management	10.5, 10.5.1	Workaround
Informatica	Information Deployment Manager		Fix
Informatica	Metadata Manager	10.4, 10.4.1, 10.5, 10.5.1	Workaround
Informatica	PowerCenter	10.5.1	Workaround
Informatica	PowerExchange for CDC (Publisher) and Mainframe	10.5.1	Workaround
Informatica	Product 360	All versions	Workaround

J

Supplier	Product	Version (see Status)	Status
Jamf Nation	Jamf Pro (hosted on-prem)	< 10.34.1	See notes
JetBrains	YouTrack Standalone	>= 2019.2 <= 2021.4.34389	Vuln
Jitsi	jitsi-videobridge	v2.1-595-g3637fda42	Fix
Juniper Networks	Junos Space Network Management Platform	Unspecified	Vulnerable
Juniper Networks	Northstar Controller	Unspecified	Vulnerable
Juniper Networks	Paragon Insights	>= 21 version 21.1 ; >= 22 version 22.2	Vulnerable
Juniper Networks	Paragon Pathfinder	>= 21 version 21.1 ; >= 22 version 22.2	Vulnerable
Juniper Networks	Paragon Planner	>= 21 version 21.1 ; >= 22 version 22.2	Vulnerable

K

Supplier	Product	Version (see Status)	Status

L

Supplier	Product	Version (see Status)	Status
LeanIX	All products	All versions	Fix
Lyrasis	DSpace	7.x	Fix/Workaround

M

Supplier	Product	Version (see Status)	Status
Mailcow	Mailcow Solr Docker	< 1.8	Fix
McAfee	Enterprise Security Manager (ESM)	11.x	Workaround
McAfee	Threat Intelligence Exchange (TIE)	2.2, 2.3, 3.0	Workaround
McAfee	ePolicy Orchestrator Application Server (ePO)	5.10 CU11	Workaround
Metabase	Metabase	<0.41.4	Fix
Micro Focus	ArcSight ESM	7.2, 7.5	Vulnerable
Micro Focus	ArcSight Logger	7.2 and above	Vulnerable
Micro Focus	ArcSight Recon	All Versions	Vulnerable
Micro Focus	ArcSight Intelligence	All Versions	Vulnerable
Micro Focus	ArcSight Connectors	8.2 and above	Vulnerable
Micro Focus	ArcSight Transformation Hub	All Versions	Vulnerable
Microsoft	Kafka Connect for Azure Cosmo DB	< 1.2.1	Fix
Minecraft	Java edition	<1.18.1	Fix
Mitel	Mitel Interaction Recording (MIR)	6.3 to 6.7	Fix

N

Supplier	Product	Version (See Status)	Status
Nelson	Nelson	0.16.185	Vulnerable
Neo4j	Neo4j	> 4.2	Vulnerable
Netflix	atlas	1.6.6	Workaround
Netflix	dgs-framework	< 4.9.11	Fix
Netflix	spectator	< 1.0.9	Fix
NetIQ	Access Manager	>= 4.5.x & >= 5.0.x	Workaround
New Relic	Java Agent	6.5.1 & 7.4.1	Fix
NSA	Ghidra	< 10.1	Fix – source, fix
Nutanix	General Guidance	Nutanix updating Security Advisory #23 multiple times per day, please check source link for absolute latest status
Nutanix	AOS (STS)	All supported versions	Workaround
Nutanix	Flow Security Central	SaaS	Fix
Nutanix	Frame	SaaS Public	Fix
Nutanix	Prism Central	All supported versions	Vulnerable
Nutanix	Sizer	SaaS	Fix

O

Supplier	Product	Version (see Status)	Status
OCLC	all	all	Fix
Okta	On-Prem MFA Agent	<1.4.6	Fix – source, fix
Okta	Radius Server Agent	2.17.0	Fix
Okta	RADIUS Server Agent	<2.17.0	Fix – source, fix
openHAB	openHAB	3.0.4, 3.1.1	Fix
OpenMRS	Talk	2.4.0-2.4.1	Vulnerable
OpenNMS	Horizon (including derived Sentinels)	< 29.0.3	Fix
OpenNMS	Meridian (including derived Minions and Sentinels)	< 2021.1.8, 2020.1.15, 2019.1.27	Fix
OpenSearch	OpenSearch	< 1.2.1	Fix
Oracle	Oracle Data Integrator (ODI)	>= 12.2.1.3.210119, Marketplace – >= 2.1.0	Workaround – source, Support note 2827611.1, Support Note 2827793.1
Oracle	Oracle WebCenter Portal	12.2.1.3 & 12.2.1.4	Workaround – source, Support note 2827611.1
OWASP	ZAP	< 2.11.1	Fix

P

Supplier	Product	Version (see Status)	Status
PagerDuty	Rundeck	3.3+	Fix
PaperCut	PaperCut MF	>= 21.0	Workaround
PaperCut	PaperCut NG	>= 21.0	Workaround
Pega	Pega Platform	On Prem	Fix
Pexip	Pexip Service	all	Fix
Portex	Portex	<3.0.2	Fix
Progress	DataDirect Hybrid Data Pipeline		Workaround – source, mitigations
Progress	OpenEdge		Workaround – source, mitigations
Puppet	Continuous Delivery for Puppet Enterprise	3.x, < 4.10.2	Fix – source, workaround,mitigations

Q

Supplier	Product	Version (see Status)	Status
QOS.ch	SLF4J Simple Logging Facade for Java

R

Supplier	Product	Version (see Status)	Status
Red Hat	Red Hat CodeReady Studio 12		Vulnerable
Red Hat	Red Hat Data Grid 8		Vulnerable
Red Hat	Red Hat Descision Manager 7		Vulnerable
Red Hat	Red Hat Integration Camel K		Vulnerable
Red Hat	Red Hat Integration Camel Quarkus		Vulnerable
Red Hat	Red Hat JBoss A-MQ Streaming		Vulnerable
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack		Vulnerable
Red Hat	Red Hat JBoss Fuse 7		Vulnerable
Red Hat	Red Hat OpenShift Application Runtimes		Vulnerable
Red Hat	Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5		Vulnerable
Red Hat	Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6		Vulnerable
Red Hat	Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive		Vulnerable
Red Hat	Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto		Vulnerable
Red Hat	Red Hat OpenShift Logging logging-elasticsearch6-container		Vulnerable
Red Hat	Red Hat OpenStack Platform 13 (Queens) opendaylight		Vulnerable
Red Hat	Red Hat Process Automation 7		Vulnerable
Redis	Jedis	3.7.1, 4.0.0-rc2	Fix
Riverbed	NetIM 2.x		Vulnerable
Riverbed	Portal 1.x		Vulnerable
Riverbed	Portal 3.x		Vulnerable
Riverbed	Scon EX Analytics		Vulnerable
Riverbed	Scon EX Director		Vulnerable
Riverbed	UCExpert		Vulnerable
RSA	NetWitness Orchestrator	>= 6.0	Workaround
RSA	NetWitness Platform	11.4	Workaround
RSA	NetWitness Platform	>= 11.5	Workaround
Ruckus	FlexMaster		Vuln
Ruckus	SmartZone 100 (SZ-100)		Vuln
Ruckus	SmartZone 144 (SZ-144)		Vuln
Ruckus	SmartZone 300 (SZ-300)		Vuln
Ruckus	Unleashed		Vuln
Ruckus	Virtual SmartZone (vSZ)		Vuln

S

Supplier	Product	Version (see Status)	Status
SailPoint	IdentityIQ	8.0 or later	Workaround
SAP	Customer Checkout PoS / manager	2.0 FP09, 2.0 FP10, 2.0 FP11 PL06 (or lower) and 2.0 FP12 PL04 (or lower)	Fix
SAP	XS Advanced Runtime	1.0.140 or lower	Fix
SAS Institute	SAS Cloud Solutions		Workaround
SAS Institute	SAS Profile		Fix
Security Onion Solutions	Security Onion	2.3.90 20211210	Fix
Siemens	E-Car OC Cloud Application		Fix
Siemens	EnergyIP Prepay	3.7, 3.8	Vulnerable
Siemens	Industrial Edge Management App (IEM-App)	all	Vulnerable
Siemens	Industrial Edge Management OS (IEM-OS)	all	Vulnerable
Siemens	Industrial Edge Manangement Hub	all	Vulnerable
Siemens	LOGO! Soft Comfort	all	Vulnerable
Siemens	Mendix Applications	all	Vulnerable
Siemens	Mindsphere Cloud Application		Fix
Siemens	Operation Scheduler	>= V1.1.3	Vulnerable
Siemens	SIGUARD DSA	V4.2, V4.3, V4.4	Workaround
Siemens	SIMATIC WinCC V7.4	V7.4 SP1	Fix
Siemens	Siveillance Command	>= 4.16.2.1	Vulnerable
Siemens	Siveillance Control Pro	< V2.1	Vulnerable
Siemens	Siveillance Control Pro	>= V2.1	Workaround
Siemens	Siveillance Vantage	all	Vulnerable
SolarWinds	Database Performance Analyzer	2021.1.x, 2021.3.x, 2022.1.x	Workaround – source, workaround
SolarWinds	Server & Application Monitor	>= 2020.2.6	Workaround – source, workaround
SonarSource	SonarCloud		Fix
SonarSource	SonarQube		Workaround
SonicWall	Email Security	10.x	Vulnerable
Sophos	Cloud Optix		Fix
Sophos	Sophos Mobile EAS Proxy	9.7.2	Fix
Splunk	Add-On: Java Management Extensions	3.0.0, 2.1.0	Vulnerable
Splunk	Add-On: JBoss	3.0.0, 2.1.0	Vulnerable
Splunk	Add-On: Tomcat	3.0.0, 2.1.0	Vulnerable
Splunk	Data Stream Processor	DSP 1.0.x, DSP 1.1.x, DSP 1.2.x	Vulnerable
Splunk	IT Service Intelligence (ITSI)	4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x	Vulnerable
Splunk	Splunk Connect for Kafka	<2.0.4	Fix
Splunk	Splunk Enterprise	All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used.	Workaround
Splunk	Splunk Enterprise Amazon Machine Image (AMI)	see Splunk Enterprise	Workaround
Splunk	Splunk Enterprise Docker Container	see Splunk Enterprise	Workaround
Splunk	Splunk Logging Library for Java	<1.11.1	Fix
Splunk	Stream Processor Service	Current	Vulnerable
Stardog	Stardog	<7.8.1	Fix
Stratodesk	NoTouch	4.5.231	Fix
Sumo logic	Sumu logic	19.361-12	Fix
SUSE	SUSE Openstack Cloud	all	Vuln
syntevo	DeepGit	>= 4.0	Fix
syntevo	SmartGit	>= 18.1	Fix
syntevo	SmartSVN	>= 9.3	Fix
syntevo	SmartSynchronize	>= 3.5	Fix
SysAid	All products		Fix

T

Supplier	Product	Status
Talend	Talend Component Kit	Fix
Tealium	All products	Fix
Teamviewer	All products	Fix
Tosibox	All products	Fix
TrendMicro	Trend Micro Email Security & HES	Fix
TrendMicro	Vision One	Fix

U

Supplier	Product	Version (see Status)	Status
Ubiquiti	UniFi Network Application	6.5.54	Fix
Unify	First Response OpenScape Policy Store		Vulnerable
Unify	Hipath DS-Win		Vulnerable
Unify	OpenScape Contact Center		Vulnerable
Unify	OpenScape Contact Media Service		Vulnerable
Unify	OpenScape UC	>= 10.2.9.0	Vulnerable
Unify	OpenScape Voice	simplex deployments	Vulnerable
US Signal	Remote Management and Monitoring platform		Workaround
USoft	USoft	9.1.1F	Vulnerable

V

Supplier	Product	Version (see Status)	Status
VMware	API Portal for VMware Tanzu	1.x	Fix – source, fix
VMware	AppDefense Appliance	2.x	Workaround – source, workaround
VMware	App Metrics	2.1.1	Fix – source, fix
VMware	Carbon Black Cloud Workload Appliance	1.x	Fix – source, workaround
VMware	Carbon Black EDR Server	7.x, 6.x	Fix – source, workaround, fix
VMware	Cloud Director Object Storage Extension	2.1.x, 2.0.x	Fix – source, fix
VMware	Cloud Foundation	4.x, 3.x	Workaround – source, workaround
VMware	HCX	4.2.3, 4.1.0.2	Fix
VMware	Healthwatch for Tanzu Application Service	2.1.7, 1.8.6	Fix – source, fix
VMware	Horizon	8.x, 7.x	Workaround – source, workaround
VMware	Horizon Cloud Connector	1.x, 2.x	Fix – source, fix
VMware	Horizon DaaS	9.1.x, 9.0.x	Workaround – source, workaround
VMware	Identity Manager	3.3.x	Workaround – source, workaround
VMware	NSX Data Center for vSphere	6.x	Workaround – source, workaround
VMware	NSX-T Data Center	3.x, 2.x	Workaround – source, workaround
VMware	Single Sign-On for VMware Tanzu Application Service	1.x	Fix – source, fix
VMware	Site Recovery Manager	8.x	Vuln – source, workaround
VMware	Spring Boot	< 2.5.8, < 2.6.2	Workaround
VMware	Spring Cloud Gateway for Kubernetes	1.x	Vulnerable
VMware	Spring Cloud Gateway for VMware Tanzu	1.x	Fix – source, fix
VMware	Spring Cloud Services for VMware Tanzu	3.x	Fix – source, fix
VMware	Tanzu Application Service for VMs	2.x	Fix – source, workaround, fix
VMware	Tanzu GemFire	1.14.x, 1.13.x, 1.10.x	Fix – source, fix
VMware	Tanzu Greenplum	6.x	Workaround – source, workaround
VMware	Tanzu Kubernetes Grid Integrated Edition	2.x	Workaround – source, workaround
VMware	Tanzu Observability by Wavefront Nozzle	3.x, 2.x	Fix – source, fix
VMware	Tanzu Operations Manager	2.x	Fix – source, workaround, fix
VMware	Tanzu SQL with MySQL for VMs	2.x, 1.x	Vulnerable
VMware	Telco Cloud Automation	2.x, 1.x	Vulnerable
VMware	Unified Access Gateway	21.x, 20.x, 3.x	Workaround – source, workaround
VMware	vCenter Cloud Gateway	1.x	Workaround – source, workaround
VMware	vCenter Server	6.x	Workaround – source, workaround
VMware	vCenter Server	7.x, 6.x	Workaround – source, workaround
VMware	vRealize Automation	8.x, 7.x	Vulnerable
VMware	vRealize Lifecycle Manager	8.x	Workaround – source, workaround
VMware	vRealize Log Insight	8.x	Workaround – source, workaround
VMware	vRealize Operations	8.x	Workaround – source, workaround
VMware	vRealize Operations Cloud Proxy	Any	Workaround – source, workaround
VMware	vRealize Orchestrator	8.x, 7.x	Vulnerable
VMware	Workspace ONE Access	21.x, 20.x	Workaround – source, workaround
VMware	Workspace ONE Access Connector (VMware Identity Manager Connector)	19.03.0.1, 20.x, 21.x	Workaround – source, workaround

W

Supplier	Product	Version	Status
WitFoo	WitFoo Precinct	6.x	Fix
Wowza	Wowza Streaming Engine	4.7.8, 4.8.x	Workaround

X

Y

Supplier	Product	Version (see Status)	Status
Y Soft	SAFEQ 6	<= 6.0.63	Workaround

Z

Supplier	Product	Version (see Status)	Status
Zammad	Zammad		Workaround