Skip to content

Latest commit

 

History

History
173 lines (170 loc) · 30.8 KB

software_list_m.md

File metadata and controls

173 lines (170 loc) · 30.8 KB

List of software (un)affected by the log4shell CVEs

About this list

0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

M

Supplier Product Version (see Status) Status CVE-2021-4104 Status CVE-2021-44228 Status CVE-2021-45046 Status CVE-2021-45105 Notes Links
Macrium Software All Not vuln Not vuln Not vuln Not vuln source
Mailcow Solr Docker < 1.8 Not vuln Fix source
MailStore All All Not vuln Not vuln Not vuln Not vuln source
Maltego All Maltego Response to Logj4
ManageEngine ADAudit Plus Not vuln Workaround Workaround Workaround source
ManageEngine ADManager Plus Not vuln Workaround Workaround Workaround source
ManageEngine Desktop Central 10.1.2127.20 Fix Not vuln Not vuln Not vuln source
ManageEngine EventLog Analyzer Not vuln Workaround Workaround Workaround source
ManageEngine Servicedesk Plus 11305 and below Vulnerable Manage Engine Advisory
ManageEngine Zoho ADAudit Plus On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho ADManager Plus On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho ADSelfService Plus Not vuln Not vuln Not vuln Not vuln ManageEngine Vulnerability Impact
ManageEngine Zoho All Manage Engine Link
ManageEngine Zoho Analytics Plus On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho Cloud Security Plus On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho DataSecurity Plus On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho EventLog Analyzer On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho Exchange Reporter Plus On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho Log360 On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho Log360 UEBA On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho M365 Manager Plus On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho M365 Security Plus On-Prem ManageEngine Vulnerability Impact
ManageEngine Zoho RecoveryManager Plus On-Prem ManageEngine Vulnerability Impact
MariaDB All MariaDB Statement
Mathworks All MathWorks general release desktop or server products Not vuln Not vuln Not vuln Not vuln MathWorks statement regarding CVE-2021-44228
Mathworks MATLAB All Not vuln source
MathWorks Matlab All MathWorks Matlab Statement
Matillion All Matillion Security Advisory
Matomo All Matomo Statement
Mattermost All Not vuln source
Mattermost FocalBoard All Mattermost FocalBoard Concern
McAfee Active Response (MAR) Not vuln Standalone MAR not vulnerable, for MAR included in bundle see TIE "source"
McAfee Agent (MA) Not vuln Not vuln Not vuln Not vuln
McAfee Application and Change Control (MACC) for Linux Not vuln Not vuln Not vuln Not vuln
McAfee Application and Change Control (MACC) for Windows Not vuln Not vuln Not vuln Not vuln
McAfee Client Proxy (MCP) for Mac Not vuln Not vuln Not vuln Not vuln
McAfee Client Proxy (MCP) for Windows Not vuln Not vuln Not vuln Not vuln
McAfee Data Exchange Layer (DXL) Not vuln "source"
McAfee Data Exchange Layer (DXL) Client Not vuln Not vuln Not vuln Not vuln
McAfee Data Loss Prevention (DLP) Discover Not vuln Not vuln Not vuln Not vuln
McAfee Data Loss Prevention (DLP) Endpoint for Mac Not vuln Not vuln Not vuln Not vuln
McAfee Data Loss Prevention (DLP) Endpoint for Windows Not vuln Not vuln Not vuln Not vuln
McAfee Data Loss Prevention (DLP) Monitor Not vuln Not vuln Not vuln Not vuln
McAfee Data Loss Prevention (DLP) Prevent Not vuln Not vuln Not vuln Not vuln
McAfee Drive Encryption (MDE) Not vuln Not vuln Not vuln Not vuln
McAfee Endpoint Security (ENS) for Linux Not vuln Not vuln Not vuln Not vuln
McAfee Endpoint Security (ENS) for Mac Not vuln Not vuln Not vuln Not vuln
McAfee Endpoint Security (ENS) for Windows Not vuln Not vuln Not vuln Not vuln
McAfee Enterprise Security Manager (ESM) 11.x Not vuln Workaround "source"
McAfee ePolicy Orchestrator Agent Handlers (ePO-AH) Not vuln "source"
McAfee ePolicy Orchestrator Application Server (ePO) <= 5.10 CU10 Not vuln "source"
McAfee ePolicy Orchestrator Application Server (ePO) 5.10 CU11 Not vuln Workaround "source"
McAfee Host Intrusion Prevention (Host IPS) Not vuln Not vuln Not vuln Not vuln
McAfee Management of Native Encryption (MNE) Not vuln Not vuln Not vuln Not vuln
McAfee Network Security Manager (NSM) Not vuln "source"
McAfee Network Security Platform (NSP) Not vuln "source"
McAfee Policy Auditor Not vuln Not vuln Not vuln Not vuln
McAfee Security for Microsoft Exchange (MSME) Not vuln Not vuln Not vuln Not vuln
McAfee Security for Microsoft SharePoint (MSMS) Not vuln Not vuln Not vuln Not vuln
McAfee Threat Intelligence Exchange (TIE) 2.2, 2.3, 3.0 Not vuln Workaround "source"
McAfee Web Gateway (MWG) Not vuln Fix "source"
Medtronic All Investigation Medtronic Advisory Link
Meinberg LANTIME All Not vuln source
Meinberg microSync All Not vuln source
Meltano All Not vuln Not vuln Not vuln Not vuln Project is written in Python Meltano
Memurai All Not vuln source
messageconcept PeopleSync All Not vuln Not vuln Not vuln Not vuln source
Metabase All <0.41.4 Not vuln Fix Mitigations available for earlier versions source
Micro Focus ArcSight Connectors 8.2 and above Vulnerable source
Micro Focus ArcSight ESM 7.2, 7.5 Vulnerable source
Micro Focus ArcSight Intelligence All Vulnerable source
Micro Focus ArcSight Logger 7.2 and above Vulnerable source
Micro Focus ArcSight Recon All Vulnerable source
Micro Focus ArcSight Transformation Hub All Vulnerable source
Micro Focus Data Protector All Vulnerable Workaround only for supported versions. Earlier versions are not checked/worked on. workaround source
Micro Focus Silk Performer 21.0 Vulnerable Workaround source workaround
Micro Focus Silk Test 20.0 up to 21.0.1 (included) Vulnerable Workaround source workaround
MicroFocus All "MicroFocus Statement"
Microsoft Azure AD Not vuln ADFS itself is not vulnerable, federation providers may be source
Microsoft Azure API Gateway Not vuln Not vuln Not vuln Not vuln Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
Microsoft Azure App Service Not vuln This product itself is not vulnerable, Microsoft provides guidance on remediation for hosted applications source
Microsoft Azure Application Gateway Not vuln source
Microsoft Azure Data Lake Store Java < 2.3.10 Not vuln Not vuln Not vuln Not vuln Fix has been made to upgrade log4j-core. But this dependency has scope 'test' meaning it is not part of the final product/artifact. So there's no risk for end users here. source
Microsoft Azure DevOps Not vuln source
Microsoft Azure DevOps Server 2019-2020.1 Vulnerable When Azure DevOps Server Search is configured. Uses Elasticsearch OSS 6.2.4 (vulnerable) see Elasticsearch above for mitigation source
Microsoft Azure Front Door Not vuln source
Microsoft Azure Traffic Manager Not vuln Not vuln Not vuln Not vuln Microsoft’s Response to CVE-2021-44228 Apache Log4j 2
Microsoft Azure WAF Not vuln source
Microsoft Cosmos DB Kafka Connector 1.2.1 Fix source
Microsoft Defender for IoT 10.5.2 Not vuln Fix source
Microsoft Events Hub Extension 3.3.1 Fix source
Microsoft Kafka Connect for Azure Cosmo DB < 1.2.1 Not vuln Fix source
Microsoft Minecraft Java Edition 1.18.1 Not vuln Fix source fix
Microsoft Team Foundation Server 2018.2+ Vulnerable When Team Foundation Server Search is configured. Uses Elasticsearch OSS 5.4.1 (vulnerable) see Elasticsearch above for mitigation source
MicroStrategy Secure Enterprise 11.1.7+ 11.2.x 11.3.x Not vuln Workaround Workaround available, Update scheduled for Week 51/2021 source
MIDITEC All Not vuln Not vuln Not vuln Not vuln MTZ Time uses Log4j v1.x source
Midori Global All Midori Global Statement
Mikrotik All Mikrotik Statement
Milestone VMS Not vuln Not vuln Not vuln Not vuln source
Milestone sys All Milestone sys Statement
Mimecast All Mimecast Information
Minecraft All Minecraft Vulnerability Message
Mirantis Container Cloud All Not vuln Not vuln Not vuln Not vuln source
Mirantis Container Runtime All Not vuln Not vuln Not vuln Not vuln source
Mirantis K0s All Not vuln Not vuln Not vuln Not vuln source
Mirantis Kubernetes Engine All Not vuln Not vuln Not vuln Not vuln source
Mirantis Lens All Not vuln Not vuln Not vuln Not vuln source
Mirantis OpenStack All Not vuln Not vuln Not vuln Not vuln source
Mirantis Secure Registry All Not vuln Not vuln Not vuln Not vuln source
Miro All Miro Log4j Updates
MISP All All Not vuln Not vuln Not vuln Not vuln source
Mitel CMG Suite All Investigation source
Mitel InAttend All Investigation source
Mitel Interaction Recording (MIR) 6.3 to 6.7 Not vuln Fix see SA211213-17 source
Mitel Management Gateway All Not vuln Not vuln Not vuln Not vuln source
Mitel Management Portal All Investigation source
Mitel MiCollab >=7.1 to <=9.4 Not vuln Workaround Workaround "Below v7.0 not vuln, <a href=""https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/log4j_micollab_remediation_details.pdf"" rel=""nofollow"">Fix" source
Mitel MiContact Center Enterprise All Not vuln Not vuln Not vuln Not vuln source
Mitel MiContact Center Business All Not vuln Not vuln Not vuln Not vuln source
Mitel MiVoice 5000 All Not vuln Not vuln Not vuln Not vuln source
Mitel MiVoice Border Gateway All Not vuln Not vuln Not vuln Not vuln source
Mitel MiVoice Business All (excluding EX) Not vuln Not vuln Not vuln Not vuln source
Mitel MiVoice Business EX and MiConfig Wizard 9.2 only Not vuln Fix source
Mitel MiVoice Call Recording All Investigation source
Mitel MiVoice Connect All Not vuln Not vuln Not vuln Not vuln source
Mitel MiVoice MX-ONE 7.4 only Not vuln Fix source
Mitel MiVoice Office 400 All Not vuln Not vuln Not vuln Not vuln source
Mitel Mobility Router All Not vuln Not vuln Not vuln Not vuln source
Mitel Open Integration Gateway (OIG) All Investigation source
Mitel Performance Analytics Server and Probe All Investigation source
Mitel Standard Linux (MSL) All Not vuln Not vuln Not vuln Not vuln source
Mitel Virtual Reception All Investigation source
Mitsubishi CS-141 Not vuln Not vuln Not vuln Not vuln "<a href=""https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png"" rel=""nofollow"">source"
Mitsubishi LookUPS N002 Not vuln Not vuln Not vuln Not vuln "<a href=""https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png"" rel=""nofollow"">source"
Mitsubishi LookUPS N003 Not vuln Not vuln Not vuln Not vuln "<a href=""https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png"" rel=""nofollow"">source"
Mitsubishi MUCM Not vuln Not vuln Not vuln Not vuln "<a href=""https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png"" rel=""nofollow"">source"
Mitsubishi Netcom Not vuln Not vuln Not vuln Not vuln "<a href=""https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png"" rel=""nofollow"">source"
Mitsubishi Netcom 2 Not vuln Not vuln Not vuln Not vuln source
MobileIron Core All Not vuln Fix The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. source
MobileIron Core Connector All Not vuln Fix The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. source
MobileIron Reporting Database (RDB) All Not vuln Fix The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. source
MobileIron Sentry 9.13, 9.14 Not vuln Fix The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. source
MONARC All All Not vuln Not vuln Not vuln Not vuln source
MongoDB All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) Not vuln Not vuln Not vuln Not vuln source
MongoDB Atlas Not vuln Not vuln Not vuln Not vuln Including Atlas Database, Data Lake, Charts source
MongoDB Atlas Search Not vuln Fix Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered. source
MongoDB Community Edition Not vuln Not vuln Not vuln Not vuln Including Community Server, Cloud Manager, Community Kubernetes Operators. source
MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) Not vuln Not vuln Not vuln Not vuln source
MongoDB Drivers Not vuln Not vuln Not vuln Not vuln source
MongoDB Enterprise Advanced Not vuln Not vuln Not vuln Not vuln Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators. source
MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) Not vuln Not vuln Not vuln Not vuln source
MongoDB Realm Not vuln Not vuln Not vuln Not vuln including Realm Database, Sync, Functions, APIs source
MongoDB Realm (including Realm Database, Sync, Functions, APIs) Not vuln Not vuln Not vuln Not vuln source
MongoDB Tools Not vuln Not vuln Not vuln Not vuln Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors source
MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) Not vuln Not vuln Not vuln Not vuln source
Moodle All All Not vuln Not vuln Not vuln Not vuln source
MoogSoft All MoogSoft Vulnerability Information
Motorola Avigilon All Motorola Avigilon Technical Notification
Moxa All All Not vuln Not vuln Not vuln Not vuln source
Mulesoft All This advisory is available to customers only and has not been reviewed by CISA Mulesoft Statement
Mulesoft Anypoint Studio 7.x Not vuln Fix This advisory is available to account holders only and has not been reviewed by CISA. Apache Log4j2 vulnerability - December 2021
Mulesoft Cloudhub Not vuln Fix This advisory is available to account holders only and has not been reviewed by CISA. Apache Log4j2 vulnerability - December 2021
Mulesoft Mule Agent 6.x Not vuln Fix This advisory is available to account holders only and has not been reviewed by CISA. Apache Log4j2 vulnerability - December 2021
Mulesoft Mule Runtime 3.x,4.x Not vuln Fix This advisory is available to account holders only and has not been reviewed by CISA. Apache Log4j2 vulnerability - December 2021