CVE-2021-44228 (Log4j RCE) Advisories and Announcements from various Cloud platforms and SaaS providers

Akash Mahajan

~ 16 min read

A list containing links to the advisories and security announcements published by various Cloud platforms and SaaS providers regarding CVE-2021-44228, the Log4j Remote Unauthenticated Code Execution vulnerability.

There is a lot of information floating out there about which vendors are affected and how they are dealing with mitigating CVE-2021-44228. This blog post is to list the links to various advisories and announcements by different Cloud platform vendors and SaaS providers. You can use this post to search for a particular provider and use the link posted to fetch updated information. Please check back periodically to get new updated information as we progress.

Cloud Platform: AWS

Service: AWS Systems Manager

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Service Catalog

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Certificate Manage

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS AppSync

Status: Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon VPC

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Rekognition

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon RDS

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Monitron

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Macie Classic

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Macie

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Lookout for Equipment

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Lex

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Kendra

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Fraud Detector

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Chime

Status: Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon EKS

Status: Hot patch available

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon ECS

Status: Hot patch available

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Fargate

Status: Hot patch available

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon ECR

Status: Not Vulnerable to CVE-2021-44228

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Cognito

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Pinpoint

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon EventBridge

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Elastic Load Balancing

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS CodePipeline

Status: Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS CodeBuild

Status: Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Route53

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Linux

Status: Not Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon SageMaker

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Athena

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon AppFlow

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Polly

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon QuickSight

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Textract

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Corretto

Status: Not Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Kinesis

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Inspector

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Inspector Classic

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon WorkSpaces/AppStream 2.0

Status: Not Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Timestream

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon DocumentDB

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon CloudWatch

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Secrets Manager

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Single Sign-On

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon RDS Oracle

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Cloud Directory

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Simple Queue Service (SQS)

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS KMS

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Redshift

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Lambda

Status: Not Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon API Gateway

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Cloudfront

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Connect

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon DynamoDB

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon EC2

Status: Not Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon ElastiCache

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon EMR

Status: Vulnerable (EMR 5 and EMR 6 releases)

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS IoT SiteWise Edge

Status: Updates available

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Keyspaces (for Apache Cassandra)

Status: Updates available

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Kinesis Data Analytics

Status: Updates available

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 14th Dec 2021

Service: Amazon Kinesis Data Stream

Status: Updates available for KCL 1.x

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Managed Streaming for Apache Kafka (MSK)

Status: Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Managed Workflows for Apache Airflow (MWAA)

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon MemoryDB for Redis

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon MQ

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Neptune

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon OpenSearch Service

Status: Updates available

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon RDS

Status: Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon S3

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Simple Notification Service (SNS)

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: Amazon Simple Workflow Service (SWF)

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS CloudHSM

Status: Updates Available

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Elastic Beanstalk

Status: Not Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Glue

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Greengrass

Status: Updates available

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Lake Formation

Status: Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS SDK

Status: Not Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: AWS Step Functions

Status: Partially Fixed

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 17th Dec 2021

Service: NICE

Status: Updates available

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 14th Dec 2021

Service: AMS

Status: Vulnerable

Link: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

Last Advisory Update: 14th Dec 2021

Cloud Platform: Atlassian

Service: Atlassian Cloud Products

Status: Fixed

Link: https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html

Link: https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

Last Advisory Update: 17th Dec 2021

Cloud Platform: Azure

Service: Azure Arc-enabled Data Services

Status: Updates available

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Last Advisory Update: 20thDec 2021

Service: Azure App Service (Windows and Linux)

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-App-Service-(Windows-and-Linux)

Last Advisory Update: 20th Dec 2021

Service: Azure Application Gateway

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-Application-Gateway,-Azure-Front-Door,-and-Azure-WAF

Last Advisory Update: 20th Dec 2021

Service: Azure Front Door

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-Application-Gateway,-Azure-Front-Door,-and-Azure-WAF

Last Advisory Update: 20th Dec 2021

Service: Azure WAF

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-Application-Gateway,-Azure-Front-Door,-and-Azure-WAF

Last Advisory Update: 20th Dec 2021

Service: Azure Functions

Status: Updates available

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-Functions

Last Advisory Update: 20th Dec 2021

Service: Azure HDInsights

Status: Fixed

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-HDInsights

Last Advisory Update: 20th Dec 2021

Service: Azure Spring Cloud

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/#Azure-Spring-Cloud

Last Advisory Update: 20th Dec 2021

Service: Cosmos DB SDKs

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Last Advisory Update: 20th Dec 2021

Service: Cosmos DB Spring Connector

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Last Advisory Update: 20th Dec 2021

Service: Cosmos DB Spark Connector

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Last Advisory Update: 20th Dec 2021

Service: Microsoft Azure AD

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Last Advisory Update: 20th Dec 2021

Service: Minecraft: Java Edition

Status: Fixed

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Last Advisory Update: 20th Dec 2021

Service: SQL Server (on Windows) โ€“ all editions

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Last Advisory Update: 20th Dec 2021

Service: SQL Server (on Linux) โ€“ all editions

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Last Advisory Update: 20th Dec 2021

Service: SQL Server 2019 Big Data Clusters

Status: Updates available

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Last Advisory Update: 20th Dec 2021

Service: SQL Server on Azure VM/IaaS

Status: Not Vulnerable

Link: https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Last Advisory Update: 20th Dec 2021

Cloud Platform: Datadog

Service: Datadog Agent

Status: Fix and updates available

Link: https://www.datadoghq.com/log4j-vulnerability/

Last Advisory Update: 18th Dec 2021

Service: datadog-lambda-java

Status: Updates available

Link: https://www.datadoghq.com/log4j-vulnerability/

Last Advisory Update: 18th Dec 2021

Service: datadog-kafka-connect-logs

Status: Updates available

Link: https://www.datadoghq.com/log4j-vulnerability/

Last Advisory Update: 18th Dec 2021

Service: All other supported products

Status: Not Vulnerable

Link: https://www.datadoghq.com/log4j-vulnerability/

Last Advisory Update: 18th Dec 2021

Cloud Platform: GCP

Service: Actifio

Status: Fixed

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Apigee

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: AppSheet

Status: Fixed

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: BigQuery

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: BigQuery Omni

Status: Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Cloud Bigtable

Status: Fixed

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Cloud Composer

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Cloud Spanner

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Cloud SQL

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Data Catalog

Status: Fixed

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Database Migration Service (DMS)

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Dataflow

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Data Fusion

Status: Fixed

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Dataproc

Status: Fixed

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Dataproc Metastore

Status: Fixed

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Datastore

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Datastream

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Firestore

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Google Cloud VMWareEngine

Status: Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Looker

Status: Fixed

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Memorystore

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: M4CE

Status: Fixed

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Pub/Sub

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Service: Pub/Sub Lite

Status: Not Vulnerable

Link: https://cloud.google.com/log4j2-security-advisory

Last Advisory Update: 20th Dec 2021

Cloud Platform: GitHub

Service: GitHub.com

Status: Fixed

Link: https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/

Last Advisory Update: 17th Dec 2021

Service: GitHub Enterprise Cloud

Status: Fixed

Link: https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/

Last Advisory Update: 17th Dec 2021

Cloud Platform: Salesforce

Service: Sales Cloud

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Service Cloud

Status: Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Experience (Community) Cloud

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 15th Dec 2021

Service: B2C Commerce Cloud

Status: Vulnerable

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Analytics Cloud

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Force.com

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Social Studio

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 15th Dec 2021

Service: Datorama

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Pardot

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 15th Dec 2021

Service: Data.com

Status: Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Heroku

Status: Not Vulnerable

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Marketing Cloud

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: MuleSoft (Cloud)

Status: Vulnerable

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: ClickSoft (As-a-Service)

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 15th Dec 2021

Service: Tableau (Online)

Status: Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Slack

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Evergage (Interaction Studio)

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Quip

Status: Partially Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: Philanthropy Cloud

Status: Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Service: AppExchange

Status: Fixed

Link: https://help.salesforce.com/s/articleView?id=000363736&type=1

Last Advisory Update: 20th Dec 2021

Cloud Platform: Cloudflare

Service: Cloudflare

Status: Fixed

Link: https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/

Last Advisory Update: 13th Dec 2021

Cloud Platform: Elastic

Service: Elastic Cloud

Status: Updates Available

Link: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

Last Advisory Update: 19th Dec 2021

Cloud Platform: MongoDB

Service: MongoDB Atlas Search

Status: Updated to log4j v.2.16.0

Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Last Advisory Update: 18th Dec 2021

Service: All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts)

Status: Not Vulnerable

Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Last Advisory Update: 18th Dec 2021

Service: MongoDB Enterprise Advanced

Status: Not Vulnerable

Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Last Advisory Update: 18th Dec 2021

Service: MongoDB Community Edition

Status: Not Vulnerable

Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Last Advisory Update: 18th Dec 2021

Service: MongoDB Drivers

Status: Not Vulnerable

Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Last Advisory Update: 18th Dec 2021

Service: MongoDB Tools

Status: Not Vulnerable

Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Last Advisory Update: 18th Dec 2021

Service: MongoDB Realm

Status: Not Vulnerable

Link: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

Last Advisory Update: 18th Dec 2021

Cloud Platform: 1Password

Service: All products and services

Status: Not Vulnerable

Link: https://1password.community/discussion/comment/622773

Link: https://1password.community/discussion/comment/622615

Last Advisory Update: 13th Dec 2021 and 14th Dec 2021

Cloud Platform: SonarSource

Service: SonarCloud

Status: Fixed

Link: https://community.sonarsource.com/t/sonarqube-sonarcloud-and-the-log4j-vulnerability/54721

Last Advisory Update: 16th Dec 2021

Cloud Platform: Jenkins

Service: Jenkins Core

Status: Not Vulnerable

Link: https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/

Last Advisory Update: 10th Dec 2021

Service: Audit Log Plugin

Status: updated to 2.16.0 in 1.3

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: bootstrapped-multi-test-results-report Plugin

Status: Vulnerable

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Checkmarx Plugin

Status: updated to 2.16.0 in 2021.4.3

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: CMake Plugin

Status: Not vulnerable (for non-obsolete versions)

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Cucumber reports Plugin

Status: Not vulnerable (for non-obsolete versions)

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Micro Focus Application Automation Tools Plugin

Status: Fixed

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: lambdatest-automation Plugin

Status: Fixed

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Peass-CI Plugin

Status: Fixed

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Pipeline: HuaweiCloud Steps Plugin

Status: Vulnerable

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Reliza Integration Plugin

Status: Fixed

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Semantic Versioning Plugin

Status: Not vulnerable (for non-obsolete versions)

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Talend Plugin

Status: Fixed

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Bitbar Run-in-Cloud Plugin

Status: Vulnerable

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Thundra Foresight Plugin

Status: Vulnerable

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Venafi Machine Identity Management Plugin

Status: Vulnerable

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Service: Xray - Test Management for Jira Plugin

Status: updated to 2.16.0 in 2.5.2.1

Link: https://issues.jenkins.io/browse/JENKINS-67353?jql=labels%20%3D%20CVE-2021-44228#

Last Advisory Update: 20th Dec 2021

Cloud Platform: CleverTap

Service: CleverTap

Status: Not Vulnerable

Link: https://clevertap.com/blog/zero-day-rce-exploit-found-in-log4j/

Last Advisory Update: 15th Dec 2021

Cloud Platform: Tailscale

Service: Tailscale

Status: Vulnerable(Some of the service providers for Tailscale are vulnerable, though the core infrastructure of Tailscale is not vulnerable)

Link: https://github.com/tailscale/tailscale/issues/3550

Last Advisory Update: 16th Dec 2021

Cloud Platform: DigitalOcean

Service: Droplets

Status: Fixed

Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/

Last Advisory Update: 13th Dec 2021

Service: Marketplace

Status: Update in progress

Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/

Last Advisory Update: 13th Dec 2021

Service: Kubernetes

Status: Not Vulnerable

Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/

Last Advisory Update: 13th Dec 2021

Service: App Platform

Status: Not Vulnerable

Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/

Last Advisory Update: 13th Dec 2021

Service: Spaces

Status: Not Vulnerable

Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/

Last Advisory Update: 13th Dec 2021

Service: Volumes

Status: Not Vulnerable

Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/

Last Advisory Update: 13th Dec 2021

Service: Images (Snapshots, Backups, and Custom Images)

Status: Update in progress

Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/

Last Advisory Update: 13th Dec 2021

Service: Managed Databases

Status: Not Vulnerable

Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/

Last Advisory Update: 13th Dec 2021

Service: Networking

Status: Not Vulnerable

Link: https://www.digitalocean.com/blog/digitaloceans-response-to-the-log4j-security-vulnerability/

Last Advisory Update: 13th Dec 2021

Cloud Platform: Zoom

Service: Zoom Meetings, Zoom Events, Zoom Video Webinars, OnZoom

Status: Fixed

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Service: Zoom for Government

Status: Fixed

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Service: Zoom Phone

Status: Fixed

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Service: Zoom Rooms and Zoom for Home

Status: Fixed

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Service: Zoom Chat

Status: Fixed

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Service: Zoom Marketplace

Status: Fixed

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Service: Zoom Developer Platform APIs & SDKs

Status: Fixed

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Service: Zoom On-Premises Deployment

Status: Not Vulnerable

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Service: Services Provided by Third Parties

Status: Not Clear

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Service: Device Partners for Zoom Phone and Zoom Rooms

Status: Not Clear

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Service: Zoom Apps

Status: Not Clear

Link: https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache

Last Advisory Update: 16th Dec 2021

Cloud Platform: Citrix

Service: Citrix Gateway (NetScaler Gateway)

Status: Not Vulnerable

Link: https://support.citrix.com/article/CTX335705

Last Advisory Update: 20th Dec

Service: Citrix Application Delivery Management (NetScaler MAS)

Status: Not Vulnerable

Link: https://support.citrix.com/article/CTX335705

Last Advisory Update: 20th Dec

Service: Citrix Cloud Connector

Status: Not Vulnerable

Link: https://support.citrix.com/article/CTX335705

Last Advisory Update: 20th Dec

Service: Citrix Connector Appliance for Cloud Services

Status: Not Vulnerable

Link: https://support.citrix.com/article/CTX335705

Last Advisory Update: 20th Dec

Service: Citrix Content Collaboration (ShareFile Integration) โ€“ Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook

Status: Not Vulnerable

Link: https://support.citrix.com/article/CTX335705

Last Advisory Update: 20th Dec

Service: Citrix Endpoint Management (Citrix XenMobile Server)

Status: Partial updates available

Link: https://support.citrix.com/article/CTX335705

Last Advisory Update: 20th Dec

Service: Citrix Virtual Apps and Desktops (XenApp & XenDesktop)

Status: Updates available

Link: https://support.citrix.com/article/CTX335705

Last Advisory Update: 20th Dec

Service: Citrix Workspace App

Status: Not Vulnerable

Link: https://support.citrix.com/article/CTX335705

Last Advisory Update: 20th Dec

;