Critical New 0-day Vulnerability in Popular Log4j Library - List of applications

Akamai : akamai.com/blog/news/CVE-2021-44228-Zero-Da..

Apache Druid : github.com/apache/druid/pull/12051

Apache LOG4J : logging.apache.org/log4j/2.x/security.html

Apache Kafka : lists.apache.org/thread/lgbtvvmy68p0059yoyn..

Apache Solr : solr.apache.org/security.html#apache-solr-a..

Apache Struts : struts.apache.org/announce-2021#a20211212-2

Apero CAS : apereo.github.io/2021/12/11/log4j-vuln

APPSHEET : community.appsheet.com/t/appsheet-statement..

Aptible : status.aptible.com/incidents/gk1rh440h36s?u..

Atlassian : confluence.atlassian.com/kb/faq-for-cve-202..

Automox : blog.automox.com/log4j-critical-vulnerabili..

Avaya : support.avaya.com/helpcenter/getGenericDeta..

AWS New : aws.amazon.com/security/security-bulletins/..

AWS OLD: aws.amazon.com/security/security-bulletins/..

AZURE Datalake store java : github.com/Azure/azure-data-lake-store-java..

BACKBLAZE : twitter.com/backblaze/status/14694772242773..

BitDefender : businessinsights.bitdefender.com/security-a..

BitNami By VMware : docs.bitnami.com/general/security/security-..

BMC Software : community.bmc.com/s/news/aA33n000000TSUdCAO..

Boomi DELL : community.boomi.com/s/question/0D56S00009UQ..

Broadcom : support.broadcom.com/security-advisory/cont..

CarbonBlack : community.carbonblack.com/t5/Threat-Researc..

Cerberus FTP : support.cerberusftp.com/hc/en-us/articles/4..

CheckPoint : supportcenter.checkpoint.com/supportcenter/..

Cisco: tools.cisco.com/security/center/content/Cis..

Citrix : support.citrix.com/article/CTX335705

CloudFlare : blog.cloudflare.com/cve-2021-44228-log4j-rc..

CPanel : forums.cpanel.net/threads/log4j-cve-2021-44..

CommVault community.commvault.com/technical-q-a-2/log..

ConcreteCMS.com : concretecms.com/about/blog/security/concret..

Connect2id : connect2id.com/blog/connect2id-server-12-5-1

ConnectWise : connectwise.com/company/trust/advisories

ContrastSecurity : support.contrastsecurity.com/hc/en-us/artic..

ControlUp : status.controlup.com/incidents/qqyvh7b1dz8k

Coralogix : twitter.com/Coralogix/status/14697134306595..

CouchBase : forums.couchbase.com/t/ann-elasticsearch-co..

CyberArk : cyberark-customers.force.com/s/article/Crit..

Cybereason : cybereason.com/blog/cybereason-solutions-ar..

Datto : datto.com/blog/dattos-response-to-log4shell

Debian : security-tracker.debian.org/tracker/CVE-202..

Dell : dell.com/support/kbdoc/fr-fr/000194372/dsn-..

Docker : docker.com/blog/apache-log4j-2-cve-2021-44228

Docusign : docusign.com/trust/alerts/alert-docusign-st..

DRAW.IO : twitter.com/drawio/status/1470061320066277382

DropWizard : twitter.com/dropwizardio/status/14692853375..

DynaTrace : community.dynatrace.com/t5/Dynatrace-Open-Q..

Eclipse Foundation : gist.github.com/SwitHak/b66db3a06c2955a9cb7..

Elastic : discuss.elastic.co/t/apache-log4j2-remote-c..

ESET : forum.eset.com/topic/30691-log4j-vulnerabil..

ESRI : esri.com/arcgis-blog/products/arcgis-enterp..

EVLLABS JGAAP : github.com/evllabs/JGAAP/releases/tag/v8.0.2

F5 Networks : support.f5.com/csp/article/K19026212

F-Secure status.f-secure.com/incidents/sk8vmr0h34pd

Fastly : fastly.com/blog/digging-deeper-into-log4she..

ForcePoint : support.forcepoint.com/s/article/CVE-2021-4..

ForgeRock : backstage.forgerock.com/knowledge/kb/book/b..

Fortinet : fortiguard.com/psirt/FG-IR-21-245

FusionAuth : fusionauth.io/blog/2021/12/10/log4j-fusiona..

Genesys : genesys.com/blog/post/genesys-update-on-the..

Ghidra : github.com/NationalSecurityAgency/ghidra/bl..

GitHub : github.com/advisories/GHSA-jfh8-c2jp-5v3q

GoAnywhere : goanywhere.com/cve-2021-44228-goanywhere-mi..

Google Cloud Global Products coverage : cloud.google.com/log4j2-security-advisory

Google Cloud Armor WAF : cloud.google.com/blog/products/identity-sec..

GrayLog : graylog.org/post/graylog-update-for-log4j

GratWiFi WARNING I can't confirm it: facebook.com/GratWiFi/posts/396447615600785

GuardedBox : twitter.com/GuardedBox/status/1469739834117..

Guidewire : community.guidewire.com/s/article/Update-to..

HackerOne : twitter.com/jobertabma/status/1469490881854..

HCL Software : support.hcltechsw.com/csm?id=kb_article&..

Huawei : huawei.com/en/psirt/security-notices/huawei..

HostiFi : twitter.com/hostifi_net/status/146951111482..

I2P : geti2p.net/en/blog/post/2021/12/11/i2p-unaf..

Ignite Realtime : discourse.igniterealtime.org/t/openfire-4-6..

Imperva : imperva.com/blog/how-were-protecting-custom..

Inductive Automation : support.inductiveautomation.com/hc/en-us/ar..

Informatica : network.informatica.com/community/informati..

Ivanti : forums.ivanti.com/s/article/CVE-2021-44228-..

JAMF NATION : community.jamf.com/t5/jamf-pro/third-party-..

JazzSM DASH IBM : ibm.com/support/pages/node/6525552

Jenkins : jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2..

JetBrains Teamcity : youtrack.jetbrains.com/issue/TW-74298

JFROG : twitter.com/jfrog/status/1469385793823199240

Jitsi : github.com/jitsi/security-advisories/blob/4..

Kafka Connect CosmosDB : github.com/microsoft/kafka-connect-cosmosdb..

Kaseya : helpdesk.kaseya.com/hc/en-gb/articles/44134..

Keycloak : github.com/keycloak/keycloak/discussions/9078

Leanix : leanix.net/en/blog/log4j-vulnerability-log4..

LucentSKY : twitter.com/LucentSky/status/14693587063119..

Lightbend : discuss.lightbend.com/t/regarding-the-log4j..

LogRhythm CISO email I can't confirmed : gist.github.com/SwitHak/b66db3a06c2955a9cb7..

Macchina io : twitter.com/macchina_io/status/146961160656..

MailCow : github.com/mailcow/mailcow-dockerized/issue..

McAfee : kc.mcafee.com/corporate/index?page=content&..

Metabase : github.com/metabase/metabase/commit/8bfce98..

Microsoft : msrc-blog.microsoft.com/2021/12/11/microsof..

Minecraft : minecraft.net/en-us/article/important-messa..

MISP : twitter.com/MISPProject/status/147005124203..

Mulesoft : help.mulesoft.com/s/article/Apache-Log4j2-v..

N-able : n-able.com/security-and-privacy/apache-log4..

NELSON : github.com/getnelson/nelson/blob/f4d3dd1f1d..

NEO4J : community.neo4j.com/t/log4j-cve-mitigation-..

NetApp : security.netapp.com/advisory/ntap-20211210-..

Netflix : github.com/search?q=org%3ANetflix+CVE-2021-..

NextGen Healthcare Mirth : github.com/nextgenhealthcare/connect/discus..

Newrelic : github.com/newrelic/newrelic-java-agent/iss..

Nutanix : download.nutanix.com/alerts/Security_Adviso..

Okta : sec.okta.com/articles/2021/12/log4shell

OpenHab : github.com/openhab/openhab-distro/pull/1343

OpenNMS : opennms.com/en/blog/2021-12-10-opennms-prod..

OpenMRS TALK : talk.openmrs.org/t/urgent-security-advisory..

OpenSearch : discuss.opendistrocommunity.dev/t/log4j-pat..

Oracle : oracle.com/security-alerts/alert-cve-2021-4..

OxygenXML : oxygenxml.com/security/advisory/CVE-2019-17..

Palo-Alto Networks : security.paloaltonetworks.com/CVE-2021-44228

PaperCut : papercut.com/support/known-issues/#PO-684

Parse.ly : blog.parse.ly/parse-ly-log4shell

Pega : docs.pega.com/security-advisory/security-ad..

PingIdentity : support.pingidentity.com/s/article/Log4j2-v..

Positive Technologies : twitter.com/ptsecurity/status/1469398376978..

Progress / IpSwitch : progress.com/security

Pulse Secure : kb.pulsesecure.net/articles/Pulse_Secure_Ar..

Puppet : puppet.com/blog/puppet-response-to-remote-c..

Pure Storage : support.purestorage.com/Field_Bulletins/Int..CVE-2021-44228(%22log4j%22)

Qlik : community.qlik.com/t5/Support-Updates-Blog/..

Quest KACE : support.quest.com/kace-systems-management-a..

Radware : support.radware.com/app/answers/answer_view..

Red5Pro : red5pro.com/blog/red5-marked-safe-from-log4..

RedHat : access.redhat.com/security/cve/cve-2021-44228

Revenera / Flexera : community.flexera.com/t5/Revenera-Company-N..

RunDeck by PagerDuty : docs.rundeck.com/docs/history/CVEs

RSA : community.rsa.com/t5/general-security-advis..

Rubrik : support.rubrik.com/s/announcementdetail?Id=..

SAFE FME Server : community.safe.com/s/article/Is-FME-Server-..

SailPoint : community.sailpoint.com/t5/IdentityIQ-Blog/..

Salesforce : help.salesforce.com/s/articleView?id=000363..

SAP BusinessObjects : launchpad.support.sap.com/#/notes/3129956

SAP Global coverage : launchpad.support.sap.com/#/notes/3129930

SAS : support.sas.com/content/support/en/security..

Security Onion : blog.securityonion.net/2021/12/security-oni..

ServiceNow : support.servicenow.com/kb?id=kb_article_vie..

Sesam Info : twitter.com/sesam_info/status/1469711992122..

Shibboleth : shibboleth.net/pipermail/announce/2021-Dece..

Signald : gitlab.com/signald/signald/-/issues/259

Skillable : skillable.com/log4shell

SLF4J : slf4j.org/log4shell.html

SmileCDR : smilecdr.com/our-blog/a-statement-on-log4sh..

Software AG : tech.forums.softwareag.com/t/log4j-zero-day..

SolarWinds : solarwinds.com/trust-center/security-adviso..

SonarSource : community.sonarsource.com/t/sonarqube-and-t..

Sonatype : blog.sonatype.com/a-new-0-day-log4j-vulnera..

SonicWall : psirt.global.sonicwall.com/vuln-detail/SNWL..

Sophos : sophos.com/en-us/security-advisories/sophos..

Splunk : splunk.com/en_us/blog/bulletins/splunk-secu..

Spring Boot : spring.io/blog/2021/12/10/log4j2-vulnerabil..

SUSE : suse.com/security/cve/CVE-2021-44228.html

Sterling Order IBM : ibm.com/support/pages/node/6525544

Swingset : github.com/bpangburn/swingset/blob/017452b2..

Synopsys : community.synopsys.com/s/article/SIG-Securi..

Talend : jira.talendforge.org/browse/TCOMP-2054

TealiumIQ : community.tealiumiq.com/t5/Announcements-Bl..

TrendMicro : success.trendmicro.com/solution/000289940

Ubiquiti-UniFi-UI : community.ui.com/releases/UniFi-Network-App..

Ubuntu : ubuntu.com/security/CVE-2021-44228

USSIGNAL MSP : ussignal.com/blog/apache-log4j-vulnerability

Varonis : help.varonis.com/s/article/Apache-Log4j-Zer..

Veeam : forums.veeam.com/veeam-backup-for-azure-f59..

Vespa ENGINE : github.com/vespa-engine/blog/blob/f281ce439..

VMware : vmware.com/security/advisories/VMSA-2021-00..

Wallarm : lab.wallarm.com/cve-2021-44228-mitigation-u..

WatchGuard / Secplicity / secplicity.org/2021/12/10/critical-rce-vuln..

WitFoo : witfoo.com/blog/emergency-update-for-cve-20..

Wowza : wowza.com/docs/known-issues-with-wowza-stre..

WSO2 : github.com/wso2/security-tools/pull/169

XCP-ng : xcp-ng.org/forum/topic/5315/log4j-vulnerabi..

Yandex-Cloud : github.com/yandex-cloud/docs/blob/6ff6c6767..

ZAMMAD : community.zammad.org/t/cve-2021-44228-elast..

Zaproxy : zaproxy.org/blog/2021-12-10-zap-and-log4shell

Zerto : help.zerto.com/kb/000004822

Zesty : zesty.io/mindshare/company-announcements/lo..

ZSCALER : zscaler.fr/blogs/security-research/security..

Did you find this article valuable?

Support Timur Galeev by becoming a sponsor. Any amount is appreciated!