0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
| Supplier | Product | Version (see Status) | Status CVE-2021-4104 | Status CVE-2021-44228 | Status CVE-2021-45046 | Status CVE-2021-45105 | Notes | Links |
|---|---|---|---|---|---|---|---|---|
| GSA | Cloud.gov | link | ||||||
| Chrome | Not vuln | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | link | |||||
| GE Digital | All | This advisory is available to customers only and has not been reviewed by CISA. | GE Digital Advisory Link(login required) | |||||
| GE Digital Grid | All | This advisory is available to customers only and has not been reviewed by CISA. | GE Digital Grid Advisory Link(login required) | |||||
| GE Gas Power | Asset Performance Management (APM) | Vulnerable | GE verifying workaround. | GE Gas Power Advisory Link | ||||
| GE Gas Power | Baseline Security Center (BSC) | Vulnerable | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details. | GE Gas Power Advisory Link | ||||
| GE Gas Power | Baseline Security Center (BSC) 2.0 | Vulnerable | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details | GE Gas Power Advisory Link | ||||
| GE Gas Power | Control Server | Vulnerable | The Control Server is Affected via vCenter. There is a fix for vCenter. Please see below. GE verifying the vCenter fix as proposed by the vendor. | GE Gas Power Advisory Link | ||||
| GE Gas Power | Tag Mapping Service | Not vuln | Fix | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | GE Gas Power Advisory Link | |||
| GE Healthcare | All | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | GE Healthcare Advisory Link | |||||
| Gearset | All | Gearset Statement | ||||||
| Genesys | All | Investigation | source | |||||
| GeoServer | All | GeoServer Announcement | ||||||
| GeoSolutions | Geonetwork | All | Not vuln | Workaround | source | |||
| GeoSolutions | GeoServer | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Gerrit code review | All | Gerrit Statement | ||||||
| GFI | All | GFI Statement | ||||||
| GFI Software | Kerio Connect | 9.3.1p2 | Not vuln | Workaround | Vulnerable | Vulnerable | source | |
| Ghidra | All | Ghidra Statement | ||||||
| Ghisler | Total Commander | All | Not vuln | Third Party plugins might contain log4j | source | |||
| Gigamon | Fabric Manager | <5.13.01.02 | Not vuln | Fix | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | Gigamon Customer Support Portal | ||
| GitHub | All | GitHub.com and GitHub Enterprise Cloud | Not vuln | Fix | GitHub Statement | |||
| GitHub | Github Enterprise Server | 3.3.1, 3.2.6, 3.1.14, 3.0.22 | Not vuln | Fix | source | |||
| GitLab | All | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| GitLab | DAST analyzer | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| GitLab | Dependency Scanning | Not vuln | Fix | source | ||||
| GitLab | Gemnasium-Maven | Not vuln | Fix | source | ||||
| GitLab | PMD OSS | Not vuln | Fix | source | ||||
| GitLab | SAST | Not vuln | Fix | source | ||||
| GitLab | Spotbugs | Not vuln | Fix | source | ||||
| Globus | All | Globus Statement | ||||||
| GoAnywhere | Agents | Not vuln | Workaround | source | ||||
| GoAnywhere | Gateway | version 2.7.0 or later | Not vuln | Fix | source | |||
| GoAnywhere | MFT | version 5.3.0 or later | Not vuln | Fix | source | |||
| GoAnywhere | MFT Agents | 1.4.2 or later | Vulnerable | Versions less than GoAnywhere Agent version 1.4.2 are not affected | source | |||
| GoAnywhere | Open PGP Studio | Not vuln | Workaround | source | ||||
| GoAnywhere | Surveyor/400 | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| GoCD | All | GoCD Statement | ||||||
| Google Cloud | Access Transparency | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Actifio | Not vuln | Not vuln | Not vuln | Not vuln | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit https://now.actifio.com https://now.actifio.com for the full statement and to obtain the hotfix (available to Actifio customers only). | source | |
| Google Cloud | AI Platform Data Labeling | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | AI Platform Neural Architecture Search (NAS) | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | AI Platform Training and Prediction | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Anthos | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | source | |
| Google Cloud | Anthos Config Management | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Anthos Connect | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Anthos Hub | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Anthos Identity Service | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Anthos on VMWare | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | source | |
| Google Cloud | Anthos Premium Software | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Anthos Service Mesh | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Apigee | Not vuln | Not vuln | Not vuln | Not vuln | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | source | |
| Google Cloud | App Engine | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | source | |
| Google Cloud | AppSheet | Not vuln | Not vuln | Not vuln | Not vuln | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | source | |
| Google Cloud | Armor | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Armor Managed Protection Plus | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Artifact Registry | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Assured Workloads | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | AutoML | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | AutoML Natural Language | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | AutoML Tables | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | AutoML Translation | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | AutoML Video | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | AutoML Vision | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | BigQuery | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | BigQuery Data Transfer Service | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | BigQuery Omni | Not vuln | Not vuln | Not vuln | Not vuln | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | source | |
| Google Cloud | Binary Authorization | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Certificate Manager | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Chronicle | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Asset Inventory | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Bigtable | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Build | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | source | |
| Google Cloud | Cloud CDN | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Composer | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | source | |
| Google Cloud | Cloud Console App | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Data Loss Prevention | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Debugger | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Deployment Manager | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud DNS | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Endpoints | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud External Key Manager (EKM) | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Functions | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | source | |
| Google Cloud | Cloud Harware Security Module (HSM) | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Interconnect | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Intrusion Detection System (IDS) | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Key Management Service | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Load Balancing | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Logging | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Natural Language API | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Network Address Translation (NAT) | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Profiler | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Router | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Run | 12/21/2021 | ||||||
| Google Cloud | Cloud Run for Anthos | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | source | |
| Google Cloud | Cloud Scheduler | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud SDK | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Shell | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | source | |
| Google Cloud | Cloud Source Repositories | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Spanner | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud SQL | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Storage | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Tasks | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Trace | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Traffic Director | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Translation | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Vision | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud Vision OCR On-Prem | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Cloud VPN | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | CompilerWorks | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Compute Engine | Not vuln | Not vuln | Not vuln | Not vuln | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | source | |
| Google Cloud | Contact Center AI (CCAI) | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Contact Center AI Insights | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Container Registry | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Data Catalog | Not vuln | Not vuln | Not vuln | Not vuln | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | source | |
| Google Cloud | Data Fusion | Not vuln | Not vuln | Not vuln | Not vuln | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | source | |
| Google Cloud | Database Migration Service (DMS) | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Dataflow | Not vuln | Not vuln | Not vuln | Not vuln | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | source | |
| Google Cloud | Dataproc | Not vuln | Not vuln | Not vuln | Not vuln | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | source | |
| Google Cloud | Dataproc Metastore | Not vuln | Not vuln | Not vuln | Not vuln | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | source | |
| Google Cloud | Datastore | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Datastream | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Dialogflow Essentials (ES) | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Document AI | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Event Threat Detection | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Eventarc | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Filestore | Not vuln | Not vuln | Not vuln | Not vuln | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | source | |
| Google Cloud | Firebase | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Firestore | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Game Servers | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Google Kubernetes Engine | Not vuln | Not vuln | Not vuln | Not vuln | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | source | |
| Google Cloud | Healthcare Data Engine (HDE) | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Human-in-the-Loop AI | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | IoT Core | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Key Access Justifications (KAJ) | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Looker | Not vuln | Not vuln | Not vuln | Not vuln | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | source | |
| Google Cloud | Media Translation API | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Memorystore | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Migrate for Anthos | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Migrate for Compute Engine (M4CE) | Not vuln | Not vuln | Not vuln | Not vuln | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | source | |
| Google Cloud | Network Connectivity Center | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Network Intelligence Center | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Network Service Tiers | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Persistent Disk | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Pub/Sub | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Pub/Sub Lite | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | source | |
| Google Cloud | reCAPTCHA Enterprise | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Recommendations AI | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Retail Search | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Risk Manager | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Secret Manager | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Security Command Center | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Service Directory | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Service Infrastructure | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Speaker ID | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Speech-to-Text | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Speech-to-Text On-Prem | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Storage Transfer Service | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Talent Solution | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Text-to-Speech | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Transcoder API | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Transfer Appliance | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Video Intelligence API | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Virtual Private Cloud | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | VMware Engine | Not vuln | Not vuln | Not vuln | Not vuln | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | source | |
| Google Cloud | Web Security Scanner | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Google Cloud | Workflows | Not vuln | Not vuln | Not vuln | Not vuln | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | source | |
| Gradle | All | Not vuln | Not vuln | Not vuln | Not vuln | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | source | |
| Gradle | Enterprise | 2021.3.6 | Not vuln | Fix | source | |||
| Gradle | Enterprise Build Cache Node | 10.1 | Not vuln | Fix | source | |||
| Gradle | Enterprise Test Distribution Agent | 1.6.2 | Not vuln | Fix | source | |||
| Grafana | All | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| Grandstream | All | Grandstream Statement | ||||||
| Gravitee | Access Management | 3.10.x | Not vuln | Not vuln | Not vuln | Not vuln | About the Log4J CVSS 10 Critical Vulnerability | |
| Gravitee | Access Management | 3.5.x | Not vuln | Not vuln | Not vuln | Not vuln | About the Log4J CVSS 10 Critical Vulnerability | |
| Gravitee | Alert Engine | 1.4.x | Not vuln | Not vuln | Not vuln | Not vuln | About the Log4J CVSS 10 Critical Vulnerability | |
| Gravitee | Alert Engine | 1.5.x | Not vuln | Not vuln | Not vuln | Not vuln | About the Log4J CVSS 10 Critical Vulnerability | |
| Gravitee | API Management | 3.10.x | Not vuln | Not vuln | Not vuln | Not vuln | About the Log4J CVSS 10 Critical Vulnerability | |
| Gravitee | API Management | 3.5.x | Not vuln | Not vuln | Not vuln | Not vuln | About the Log4J CVSS 10 Critical Vulnerability | |
| Gravitee | Cockpit | 1.4.x | Not vuln | Not vuln | Not vuln | Not vuln | About the Log4J CVSS 10 Critical Vulnerability | |
| Gravitee.io | All | Gravitee.io Statement | ||||||
| Gravwell | All | Not vuln | Not vuln | Not vuln | Not vuln | Gravwell products do not use Java | source | |
| Graylog | All | 3.3.15, 4.0.14, 4.1.9, 4.2.3 | Not vuln | Fix | The vulnerable Log4j library is used to record GrayLog's own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. Graylog https://github.com/Graylog2/graylog2-server/compare/4.2.3...4.2.4"">version 4.2.4 fixes https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/ another vulnerability | source | ||
| Graylog | Server | All versions >= 1.2.0 and <= 4.2.2 | Not vuln | Fix | Graylog Update for Log4j | |||
| Greenshot | All | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| GuardedBox | All | 3.1.2 | Not vuln | Fix | source | |||
| Guidewire | All | Guidewire Statement |