0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Supplier | Product | Version (see Status) | Status CVE-2021-4104 | Status CVE-2021-44228 | Status CVE-2021-45046 | Status CVE-2021-45105 | Notes | Links |
---|---|---|---|---|---|---|---|---|
Macrium Software | All | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
Mailcow | Solr Docker | < 1.8 | Not vuln | Fix | source | |||
MailStore | All | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Maltego | All | Maltego Response to Logj4 | ||||||
ManageEngine | ADAudit Plus | Not vuln | Workaround | Workaround | Workaround | source | ||
ManageEngine | ADManager Plus | Not vuln | Workaround | Workaround | Workaround | source | ||
ManageEngine | Desktop Central | 10.1.2127.20 | Fix | Not vuln | Not vuln | Not vuln | source | |
ManageEngine | EventLog Analyzer | Not vuln | Workaround | Workaround | Workaround | source | ||
ManageEngine | Servicedesk Plus | 11305 and below | Vulnerable | Manage Engine Advisory | ||||
ManageEngine Zoho | ADAudit Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | ADManager Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | ADSelfService Plus | Not vuln | Not vuln | Not vuln | Not vuln | ManageEngine Vulnerability Impact | ||
ManageEngine Zoho | All | Manage Engine Link | ||||||
ManageEngine Zoho | Analytics Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | Cloud Security Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | DataSecurity Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | EventLog Analyzer | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | Exchange Reporter Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | Log360 | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | Log360 UEBA | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | M365 Manager Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | M365 Security Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
ManageEngine Zoho | RecoveryManager Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
MariaDB | All | MariaDB Statement | ||||||
Mathworks | All MathWorks general release desktop or server products | Not vuln | Not vuln | Not vuln | Not vuln | MathWorks statement regarding CVE-2021-44228 | ||
Mathworks | MATLAB | All | Not vuln | source | ||||
MathWorks Matlab | All | MathWorks Matlab Statement | ||||||
Matillion | All | Matillion Security Advisory | ||||||
Matomo | All | Matomo Statement | ||||||
Mattermost | All | Not vuln | source | |||||
Mattermost FocalBoard | All | Mattermost FocalBoard Concern | ||||||
McAfee | Active Response (MAR) | Not vuln | Standalone MAR not vulnerable, for MAR included in bundle see TIE | "source" | ||||
McAfee | Agent (MA) | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Application and Change Control (MACC) for Linux | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Application and Change Control (MACC) for Windows | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Client Proxy (MCP) for Mac | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Client Proxy (MCP) for Windows | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Data Exchange Layer (DXL) | Not vuln | "source" | |||||
McAfee | Data Exchange Layer (DXL) Client | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Data Loss Prevention (DLP) Discover | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Data Loss Prevention (DLP) Endpoint for Mac | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Data Loss Prevention (DLP) Endpoint for Windows | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Data Loss Prevention (DLP) Monitor | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Data Loss Prevention (DLP) Prevent | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Drive Encryption (MDE) | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Endpoint Security (ENS) for Linux | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Endpoint Security (ENS) for Mac | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Endpoint Security (ENS) for Windows | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Enterprise Security Manager (ESM) | 11.x | Not vuln | Workaround | "source" | |||
McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | Not vuln | "source" | |||||
McAfee | ePolicy Orchestrator Application Server (ePO) | <= 5.10 CU10 | Not vuln | "source" | ||||
McAfee | ePolicy Orchestrator Application Server (ePO) | 5.10 CU11 | Not vuln | Workaround | "source" | |||
McAfee | Host Intrusion Prevention (Host IPS) | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Management of Native Encryption (MNE) | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Network Security Manager (NSM) | Not vuln | "source" | |||||
McAfee | Network Security Platform (NSP) | Not vuln | "source" | |||||
McAfee | Policy Auditor | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Security for Microsoft Exchange (MSME) | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Security for Microsoft SharePoint (MSMS) | Not vuln | Not vuln | Not vuln | Not vuln | |||
McAfee | Threat Intelligence Exchange (TIE) | 2.2, 2.3, 3.0 | Not vuln | Workaround | "source" | |||
McAfee | Web Gateway (MWG) | Not vuln | Fix | "source" | ||||
Medtronic | All | Investigation | Medtronic Advisory Link | |||||
Meinberg | LANTIME | All | Not vuln | source | ||||
Meinberg | microSync | All | Not vuln | source | ||||
Meltano | All | Not vuln | Not vuln | Not vuln | Not vuln | Project is written in Python | Meltano | |
Memurai | All | Not vuln | source | |||||
messageconcept | PeopleSync | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Metabase | All | <0.41.4 | Not vuln | Fix | Mitigations available for earlier versions | source | ||
Micro Focus | ArcSight Connectors | 8.2 and above | Vulnerable | source | ||||
Micro Focus | ArcSight ESM | 7.2, 7.5 | Vulnerable | source | ||||
Micro Focus | ArcSight Intelligence | All | Vulnerable | source | ||||
Micro Focus | ArcSight Logger | 7.2 and above | Vulnerable | source | ||||
Micro Focus | ArcSight Recon | All | Vulnerable | source | ||||
Micro Focus | ArcSight Transformation Hub | All | Vulnerable | source | ||||
Micro Focus | Data Protector | All | Vulnerable | Workaround only for supported versions. Earlier versions are not checked/worked on. | workaround source | |||
Micro Focus | Silk Performer | 21.0 | Vulnerable | Workaround | source workaround | |||
Micro Focus | Silk Test | 20.0 up to 21.0.1 (included) | Vulnerable | Workaround | source workaround | |||
MicroFocus | All | "MicroFocus Statement" | ||||||
Microsoft | Azure AD | Not vuln | ADFS itself is not vulnerable, federation providers may be | source | ||||
Microsoft | Azure API Gateway | Not vuln | Not vuln | Not vuln | Not vuln | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 | ||
Microsoft | Azure App Service | Not vuln | This product itself is not vulnerable, Microsoft provides guidance on remediation for hosted applications | source | ||||
Microsoft | Azure Application Gateway | Not vuln | source | |||||
Microsoft | Azure Data Lake Store Java | < 2.3.10 | Not vuln | Not vuln | Not vuln | Not vuln | Fix has been made to upgrade log4j-core. But this dependency has scope 'test' meaning it is not part of the final product/artifact. So there's no risk for end users here. | source |
Microsoft | Azure DevOps | Not vuln | source | |||||
Microsoft | Azure DevOps Server | 2019-2020.1 | Vulnerable | When Azure DevOps Server Search is configured. Uses Elasticsearch OSS 6.2.4 (vulnerable) see Elasticsearch above for mitigation | source | |||
Microsoft | Azure Front Door | Not vuln | source | |||||
Microsoft | Azure Traffic Manager | Not vuln | Not vuln | Not vuln | Not vuln | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 | ||
Microsoft | Azure WAF | Not vuln | source | |||||
Microsoft | Cosmos DB Kafka Connector | 1.2.1 | Fix | source | ||||
Microsoft | Defender for IoT | 10.5.2 | Not vuln | Fix | source | |||
Microsoft | Events Hub Extension | 3.3.1 | Fix | source | ||||
Microsoft | Kafka Connect for Azure Cosmo DB | < 1.2.1 | Not vuln | Fix | source | |||
Microsoft | Minecraft Java Edition | 1.18.1 | Not vuln | Fix | source fix | |||
Microsoft | Team Foundation Server | 2018.2+ | Vulnerable | When Team Foundation Server Search is configured. Uses Elasticsearch OSS 5.4.1 (vulnerable) see Elasticsearch above for mitigation | source | |||
MicroStrategy | Secure Enterprise | 11.1.7+ 11.2.x 11.3.x | Not vuln | Workaround | Workaround available, Update scheduled for Week 51/2021 | source | ||
MIDITEC | All | Not vuln | Not vuln | Not vuln | Not vuln | MTZ Time uses Log4j v1.x | source | |
Midori Global | All | Midori Global Statement | ||||||
Mikrotik | All | Mikrotik Statement | ||||||
Milestone | VMS | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
Milestone sys | All | Milestone sys Statement | ||||||
Mimecast | All | Mimecast Information | ||||||
Minecraft | All | Minecraft Vulnerability Message | ||||||
Mirantis | Container Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mirantis | Container Runtime | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mirantis | K0s | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mirantis | Kubernetes Engine | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mirantis | Lens | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mirantis | OpenStack | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mirantis | Secure Registry | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Miro | All | Miro Log4j Updates | ||||||
MISP | All | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | CMG Suite | All | Investigation | source | ||||
Mitel | InAttend | All | Investigation | source | ||||
Mitel | Interaction Recording (MIR) | 6.3 to 6.7 | Not vuln | Fix | see SA211213-17 | source | ||
Mitel | Management Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | Management Portal | All | Investigation | source | ||||
Mitel | MiCollab | >=7.1 to <=9.4 | Not vuln | Workaround | Workaround | "Below v7.0 not vuln, <a href=""https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/log4j_micollab_remediation_details.pdf"" rel=""nofollow"">Fix" | source | |
Mitel | MiContact Center Enterprise | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | MiContact Center Business | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | MiVoice 5000 | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | MiVoice Border Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | MiVoice Business | All (excluding EX) | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | MiVoice Business EX and MiConfig Wizard | 9.2 only | Not vuln | Fix | source | |||
Mitel | MiVoice Call Recording | All | Investigation | source | ||||
Mitel | MiVoice Connect | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | MiVoice MX-ONE | 7.4 only | Not vuln | Fix | source | |||
Mitel | MiVoice Office 400 | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | Mobility Router | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | Open Integration Gateway (OIG) | All | Investigation | source | ||||
Mitel | Performance Analytics Server and Probe | All | Investigation | source | ||||
Mitel | Standard Linux (MSL) | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mitel | Virtual Reception | All | Investigation | source | ||||
Mitsubishi | CS-141 | Not vuln | Not vuln | Not vuln | Not vuln | "<a href=""https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png"" rel=""nofollow"">source" | ||
Mitsubishi | LookUPS N002 | Not vuln | Not vuln | Not vuln | Not vuln | "<a href=""https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png"" rel=""nofollow"">source" | ||
Mitsubishi | LookUPS N003 | Not vuln | Not vuln | Not vuln | Not vuln | "<a href=""https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png"" rel=""nofollow"">source" | ||
Mitsubishi | MUCM | Not vuln | Not vuln | Not vuln | Not vuln | "<a href=""https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png"" rel=""nofollow"">source" | ||
Mitsubishi | Netcom | Not vuln | Not vuln | Not vuln | Not vuln | "<a href=""https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png"" rel=""nofollow"">source" | ||
Mitsubishi | Netcom 2 | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
MobileIron | Core | All | Not vuln | Fix | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source | ||
MobileIron | Core Connector | All | Not vuln | Fix | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source | ||
MobileIron | Reporting Database (RDB) | All | Not vuln | Fix | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source | ||
MobileIron | Sentry | 9.13, 9.14 | Not vuln | Fix | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source | ||
MONARC | All | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
MongoDB | Atlas | Not vuln | Not vuln | Not vuln | Not vuln | Including Atlas Database, Data Lake, Charts | source | |
MongoDB | Atlas Search | Not vuln | Fix | Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered. | source | |||
MongoDB | Community Edition | Not vuln | Not vuln | Not vuln | Not vuln | Including Community Server, Cloud Manager, Community Kubernetes Operators. | source | |
MongoDB | Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
MongoDB | Drivers | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
MongoDB | Enterprise Advanced | Not vuln | Not vuln | Not vuln | Not vuln | Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators. | source | |
MongoDB | Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
MongoDB | Realm | Not vuln | Not vuln | Not vuln | Not vuln | including Realm Database, Sync, Functions, APIs | source | |
MongoDB | Realm (including Realm Database, Sync, Functions, APIs) | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
MongoDB | Tools | Not vuln | Not vuln | Not vuln | Not vuln | Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors | source | |
MongoDB | Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
Moodle | All | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
MoogSoft | All | MoogSoft Vulnerability Information | ||||||
Motorola Avigilon | All | Motorola Avigilon Technical Notification | ||||||
Moxa | All | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
Mulesoft | All | This advisory is available to customers only and has not been reviewed by CISA | Mulesoft Statement | |||||
Mulesoft | Anypoint Studio | 7.x | Not vuln | Fix | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 | ||
Mulesoft | Cloudhub | Not vuln | Fix | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 | |||
Mulesoft | Mule Agent | 6.x | Not vuln | Fix | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 | ||
Mulesoft | Mule Runtime | 3.x,4.x | Not vuln | Fix | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 |