Resources

CVE-2021-44228 (Log4j RCE) Advisories and Announcements from various Cloud platforms and SaaS providers

A list containing links to the advisories and security announcements published by various Cloud platforms and SaaS providers regarding CVE-2021-44228, the Log4j Remote Unauthenticated Code Execution vulnerability.

CVE-2021-44228 (Log4j RCE) Advisories and Announcements from various Cloud platforms and SaaS providers
Akash Mahajan
December 15, 2021

Introduction - Links to Advisories and Announcements

There is a lot of information floating out there about which vendors are affected and how they are dealing with mitigating CVE-2021-44228. This blog post is to list the links to various advisories and announcements by different Cloud platform vendors and SaaS providers. You can use this post to search for a particular provider and use the link posted to fetch updated information. Please check back periodically to get new updated information as we progress.

Cloud Platform: AWS

Service: AWS Systems Manager
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Service Catalog
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Certificate Manage
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS AppSync
Status: Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon VPC
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Rekognition
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon RDS
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Monitron
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Macie Classic
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Macie
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Lookout for Equipment
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Lex
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Kendra
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Fraud Detector
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Chime
Status: Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon EKS
Status: Hot patch available
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon ECS
Status: Hot patch available
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Fargate
Status: Hot patch available
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon ECR
Status: Not Vulnerable to CVE-2021-44228
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Cognito
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Pinpoint
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon EventBridge
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Elastic Load Balancing
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS CodePipeline
Status: Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS CodeBuild
Status: Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Route53
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Linux
Status: Not Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon SageMaker
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Athena
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon AppFlow
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Polly
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon QuickSight
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Textract
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Corretto
Status: Not Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Kinesis
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Inspector
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Inspector Classic
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon WorkSpaces/AppStream 2.0
Status: Not Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Timestream
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon DocumentDB
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon CloudWatch
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Secrets Manager
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Single Sign-On
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon RDS Oracle
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Cloud Directory
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Simple Queue Service (SQS)
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS KMS
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Redshift
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Lambda
Status: Not Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon API Gateway
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Cloudfront
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Connect
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon DynamoDB
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon EC2
Status: Not Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon ElastiCache
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon EMR
Status: Vulnerable (EMR 5 and EMR 6 releases)
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS IoT SiteWise Edge
Status: Updates available
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Keyspaces (for Apache Cassandra)
Status: Updates available
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Kinesis Data Analytics
Status: Updates available
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 14th Dec 2021

Service: Amazon Kinesis Data Stream
Status: Updates available for KCL 1.x
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Managed Streaming for Apache Kafka (MSK)
Status: Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Managed Workflows for Apache Airflow (MWAA)
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon MemoryDB for Redis
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon MQ
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Neptune
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon OpenSearch Service
Status: Updates available
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon RDS
Status: Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon S3
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Simple Notification Service (SNS)
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: Amazon Simple Workflow Service (SWF)
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS CloudHSM
Status: Updates Available
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Elastic Beanstalk
Status: Not Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Glue
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Greengrass
Status: Updates available
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Lake Formation
Status: Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS SDK
Status: Not Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: AWS Step Functions
Status: Partially Fixed
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 17th Dec 2021

Service: NICE
Status: Updates available
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 14th Dec 2021

Service: AMS
Status: Vulnerable
Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Last Advisory Update: 14th Dec 2021

Cloud Platform: Atlassian

Service: Atlassian Cloud Products
Status: Fixed
Link: https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html
Link: https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
Last Advisory Update: 17th Dec 2021

Cloud Platform: Azure

Service: Azure Arc-enabled Data Services
Status: Updates available
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Last Advisory Update: 20thDec 2021

Service: Azure App Service (Windows and Linux)
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-App-Service-(Windows-and-Linux)
Last Advisory Update: 20th Dec 2021

Service: Azure Application Gateway
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-Application-Gateway,-Azure-Front-Door,-and-Azure-WAF
Last Advisory Update: 20th Dec 2021

Service: Azure Front Door
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-Application-Gateway,-Azure-Front-Door,-and-Azure-WAF
Last Advisory Update: 20th Dec 2021

Service: Azure WAF
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-Application-Gateway,-Azure-Front-Door,-and-Azure-WAF
Last Advisory Update: 20th Dec 2021

Service: Azure Functions
Status: Updates available
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-Functions
Last Advisory Update: 20th Dec 2021

Service: Azure HDInsights
Status: Fixed
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-HDInsights
Last Advisory Update: 20th Dec 2021

Service: Azure Spring Cloud
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-Spring-Cloud
Last Advisory Update: 20th Dec 2021

Service: Cosmos DB SDKs
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Last Advisory Update: 20th Dec 2021

Service: Cosmos DB Spring Connector
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Last Advisory Update: 20th Dec 2021

Service: Cosmos DB Spark Connector
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Last Advisory Update: 20th Dec 2021

Service: Microsoft Azure AD
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Last Advisory Update: 20th Dec 2021

Service: Minecraft: Java Edition
Status: Fixed
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Last Advisory Update: 20th Dec 2021

Service: SQL Server (on Windows) – all editions
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Last Advisory Update: 20th Dec 2021

Service: SQL Server (on Linux) – all editions
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Last Advisory Update: 20th Dec 2021

Service: SQL Server 2019 Big Data Clusters
Status: Updates available
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Last Advisory Update: 20th Dec 2021

Service: SQL Server on Azure VM/IaaS
Status: Not Vulnerable
Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
Last Advisory Update: 20th Dec 2021

Cloud Platform: Datadog

Service: Datadog Agent
Status: Fix and updates available
Link: https://www.datadoghq.com/log4j-vulnerability/
Last Advisory Update: 18th Dec 2021

Service: datadog-lambda-java
Status: Updates available
Link: https://www.datadoghq.com/log4j-vulnerability/
Last Advisory Update: 18th Dec 2021

Service: datadog-kafka-connect-logs
Status: Updates available
Link: https://www.datadoghq.com/log4j-vulnerability/
Last Advisory Update: 18th Dec 2021

Service: All other supported products
Status: Not Vulnerable
Link: https://www.datadoghq.com/log4j-vulnerability/
Last Advisory Update: 18th Dec 2021

Cloud Platform: GCP

Service: Actifio
Status: Fixed
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Apigee
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: AppSheet
Status: Fixed
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: BigQuery
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: BigQuery Omni
Status: Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Cloud Bigtable
Status: Fixed
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Cloud Composer
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Cloud Spanner
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Cloud SQL
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Data Catalog
Status: Fixed
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Database Migration Service (DMS)
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Dataflow
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Data Fusion
Status: Fixed
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Dataproc
Status: Fixed
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Dataproc Metastore
Status: Fixed
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Datastore
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Datastream
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Firestore
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Google Cloud VMWareEngine
Status: Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Looker
Status: Fixed
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Memorystore
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: M4CE
Status: Fixed
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Pub/Sub
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Service: Pub/Sub Lite
Status: Not Vulnerable
Link: https://cloud.google.com/log4j2-security-advisory
Last Advisory Update: 20th Dec 2021

Cloud Platform: GitHub

Service: GitHub.com
Status: Fixed
Link: https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/
Last Advisory Update: 17th Dec 2021

Service: GitHub Enterprise Cloud
Status: Fixed
Link: https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/
Last Advisory Update: 17th Dec 2021

Cloud Platform: Salesforce

Service: Sales Cloud
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Service Cloud
Status: Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Experience (Community) Cloud
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 15th Dec 2021

Service: B2C Commerce Cloud
Status: Vulnerable
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Analytics Cloud
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Force.com
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Social Studio
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 15th Dec 2021

Service: Datorama
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Pardot
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 15th Dec 2021

Service: Data.com
Status: Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Heroku
Status: Not Vulnerable
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Marketing Cloud
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: MuleSoft (Cloud)
Status: Vulnerable
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: ClickSoft (As-a-Service)
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 15th Dec 2021

Service: Tableau (Online)
Status: Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Slack
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Evergage (Interaction Studio)
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Quip
Status: Partially Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: Philanthropy Cloud
Status: Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Service: AppExchange
Status: Fixed
Link: https://help.salesforce.com/s/articleView?id=000363736&type=1
Last Advisory Update: 20th Dec 2021

Cloud Platform: Cloudflare

Service: Cloudflare
Status: Fixed
Link: https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/
Last Advisory Update: 13th Dec 2021

Cloud Platform: Elastic

Service: Elastic Cloud
Status: Updates Available
Link: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
Last Advisory Update: 19th Dec 2021

Cloud Platform: MongoDB

Service: MongoDB Atlas Search
Status: Updated to log4j v.2.16.0
Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
Last Advisory Update: 18th Dec 2021

Service: All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts)
Status: Not Vulnerable
Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
Last Advisory Update: 18th Dec 2021

Service: MongoDB Enterprise Advanced
Status: Not Vulnerable
Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
Last Advisory Update: 18th Dec 2021

Service: MongoDB Community Edition
Status: Not Vulnerable
Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
Last Advisory Update: 18th Dec 2021

Service: MongoDB Drivers
Status: Not Vulnerable
Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
Last Advisory Update: 18th Dec 2021

Service: MongoDB Tools
Status: Not Vulnerable
Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
Last Advisory Update: 18th Dec 2021

Service: MongoDB Realm
Status: Not Vulnerable
Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
Last Advisory Update: 18th Dec 2021

Cloud Platform: 1Password

Service: All products and services
Status: Not Vulnerable
Link: https://1password.community/discussion/comment/622773
Link: https://1password.community/discussion/comment/622615
Last Advisory Update: 13th Dec 2021 and 14th Dec 2021

Cloud Platform: SonarSource

Service: SonarCloud
Status: Fixed
Link: https://community.sonarsource.com/t/sonarqube-sonarcloud-and-the-log4j-vulnerability/54721
Last Advisory Update: 16th Dec 2021

Cloud Platform: Jenkins

Service: Jenkins Core
Status: Not Vulnerable
Link: https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/
Last Advisory Update: 10th Dec 2021

Service: Audit Log Plugin
Status: updated to 2.16.0 in 1.3
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: bootstrapped-multi-test-results-report Plugin
Status: Vulnerable
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Checkmarx Plugin
Status: updated to 2.16.0 in 2021.4.3
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: CMake Plugin
Status: Not vulnerable (for non-obsolete versions)
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Cucumber reports Plugin
Status: Not vulnerable (for non-obsolete versions)
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Micro Focus Application Automation Tools Plugin
Status: Fixed
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: lambdatest-automation Plugin
Status: Fixed
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Peass-CI Plugin
Status: Fixed
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Pipeline: HuaweiCloud Steps Plugin
Status: Vulnerable
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Reliza Integration Plugin
Status: Fixed
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Semantic Versioning Plugin
Status: Not vulnerable (for non-obsolete versions)
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Talend Plugin
Status: Fixed
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Bitbar Run-in-Cloud Plugin
Status: Vulnerable
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Thundra Foresight Plugin
Status: Vulnerable
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Venafi Machine Identity Management Plugin
Status: Vulnerable
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Service: Xray - Test Management for Jira Plugin
Status: updated to 2.16.0 in 2.5.2.1
Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#
Last Advisory Update: 20th Dec 2021

Cloud Platform: CleverTap

Service: CleverTap
Status: Not Vulnerable
Link: https://clevertap.com/blog/zero-day-rce-exploit-found-in-log4j/
Last Advisory Update: 15th Dec 2021

Cloud Platform: Tailscale

Service: Tailscale
Status: Vulnerable(Some of the service providers for Tailscale are vulnerable, though the core infrastructure of Tailscale is not vulnerable)
Link: https://github.com/tailscale/tailscale/issues/3550
Last Advisory Update: 16th Dec 2021

Cloud Platform: DigitalOcean

Service: Droplets
Status: Fixed
Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/
Last Advisory Update: 13th Dec 2021

Service: Marketplace
Status: Update in progress
Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/
Last Advisory Update: 13th Dec 2021

Service: Kubernetes
Status: Not Vulnerable
Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/
Last Advisory Update: 13th Dec 2021

Service: App Platform
Status: Not Vulnerable
Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/
Last Advisory Update: 13th Dec 2021

Service: Spaces
Status: Not Vulnerable
Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/
Last Advisory Update: 13th Dec 2021

Service: Volumes
Status: Not Vulnerable
Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/
Last Advisory Update: 13th Dec 2021

Service: Images (Snapshots, Backups, and Custom Images)
Status: Update in progress
Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/
Last Advisory Update: 13th Dec 2021

Service: Managed Databases
Status: Not Vulnerable
Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/
Last Advisory Update: 13th Dec 2021

Service: Networking
Status: Not Vulnerable
Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/
Last Advisory Update: 13th Dec 2021

Cloud Platform: Zoom

Service: Zoom Meetings, Zoom Events, Zoom Video Webinars, OnZoom
Status: Fixed
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Service: Zoom for Government
Status: Fixed
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Service: Zoom Phone
Status: Fixed
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Service: Zoom Rooms and Zoom for Home
Status: Fixed
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Service: Zoom Chat
Status: Fixed
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Service: Zoom Marketplace
Status: Fixed
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Service: Zoom Developer Platform APIs & SDKs
Status: Fixed
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Service: Zoom On-Premises Deployment
Status: Not Vulnerable
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Service: Services Provided by Third Parties
Status: Not Clear
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Service: Device Partners for Zoom Phone and Zoom Rooms
Status: Not Clear
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Service: Zoom Apps
Status: Not Clear
Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
Last Advisory Update: 16th Dec 2021

Cloud Platform: Citrix

Service: Citrix Gateway (NetScaler Gateway)
Status: Not Vulnerable
Link: https://support.citrix.com/article/CTX335705
Last Advisory Update: 20th Dec

Service: Citrix Application Delivery Management (NetScaler MAS)
Status: Not Vulnerable
Link: https://support.citrix.com/article/CTX335705
Last Advisory Update: 20th Dec

Service: Citrix Cloud Connector
Status: Not Vulnerable
Link: https://support.citrix.com/article/CTX335705
Last Advisory Update: 20th Dec

Service: Citrix Connector Appliance for Cloud Services
Status: Not Vulnerable
Link: https://support.citrix.com/article/CTX335705
Last Advisory Update: 20th Dec

Service: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook
Status: Not Vulnerable
Link: https://support.citrix.com/article/CTX335705
Last Advisory Update: 20th Dec

Service: Citrix Endpoint Management (Citrix XenMobile Server)
Status: Partial updates available
Link: https://support.citrix.com/article/CTX335705
Last Advisory Update: 20th Dec

Service: Citrix Virtual Apps and Desktops (XenApp & XenDesktop)
Status: Updates available
Link: https://support.citrix.com/article/CTX335705
Last Advisory Update: 20th Dec

Service: Citrix Workspace App
Status: Not Vulnerable
Link: https://support.citrix.com/article/CTX335705
Last Advisory Update: 20th Dec

CVE-2021-44228 (Log4j RCE) Advisories and Announcements from various Cloud platforms and SaaS providers
ABOUT THE AUTHOR

Akash Mahajan

Akash helps CTOs & SREs with security monitoring of their cloud-native stack | CKA, OSCP | Author - Security Automation using Ansible, Burp Suite Essentials. An accomplished security professional with over a decade’s experience of providing specialist application and infrastructure advice at the highest levels to companies, governments, and organisations around the world. Now busy building an easy-to-use security platform to help CTOs & SREs with Consolidated Security View of their cloud accounts for security compliance and operational security. Conference speaker and trainer at BlackHat US, All Day DevOps Twice, DevOps Enterprise Summit, OWASP, and NullCon.Specialties: Cloud Security - AWS, Azure, GCP, IBM, Kubernetes; Container Security; Cloud-Native Security; Building security automation products. Certifications: CKA, OSCP. Author of two security books now used as the go-to reference by the product creators. Security Automation using Ansible, Burp Suite Essentials.

Enjoyed this read?

Subscribe to our newsletter and stay ahead with more great insights and resources on cloud security!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.