Which all software is affected by log4j shell vulnerability

Software affected by log4j vulnerability

Security Audit

The recently announced Log4j Shell affects a lot of enterprise applications and systems that use Java or use other software components that use Java. Here is a list of software that has an identified Log4j Shell vulnerability and the corresponding remedial measure. This list is current as of 2021-12-14

The link in the status column will take you to the announcement related to the software with details about remedial measure available for the same.

 

Software overview

A

Supplier Product Version (see Status) Status
Accellence Technologies EBÜS All Workaround
Akamai Siem Splunk Connector <1.4.10 Workaround
Alertus Console 5.15.0 Fix
Amazon AMS   Fix
Amazon API Gateway   Fix
Amazon AWS CloudHSM 3.4.1 Fix
Amazon AWS Glue   Fix
Amazon AWS Greengrass   Fix
Amazon AWS Lambda   Fix
Amazon Cloudfront   Fix
Amazon Connect   Fix
Amazon DynamoDB   Fix
Amazon EC2   Fix - source, fix
Amazon Kafka   Fix
Amazon Keyspaces (for Apache Cassandra)   Fix
Amazon Kinesis Data Analytics   Fix
Amazon Lake Formation   Fix
Amazon MQ   Fix
Amazon NICE   Fix
Amazon OpenSearch   Fix
Amazon RDS   Fix
Amazon S3   Fix
Apache Druid 0.22.1 Fix
Apache Dubbo All versions Fix
Apache Flink 1.15.0, 1.14.1, 1.13.4 Fix
Apache Geode 1.14.0 Fix
Apache Hadoop 3.3.1 Vulnerable
Apache James 3.6.0 Vulnerable
Apache Log4j 2.15.0 Fix
Apache SOLR 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 Workaround
Apache Spark 2.4.2 Vulnerable
Apache Struts 2.5.28 Vulnerable
Apache Tapestry 5.7.3 Vulnerable
Apache Tika 2.0.0 and up Vulnerable
APC PowerChute Business Edition Unknow to 10.0.2.301 Vulnerable
APC PowerChute Network Shutdown Unknow to 4.2.0 Vulnerable
Apereo CAS 6.3.x & 6.4.x Fix
Apereo Opencast < 9.10, < 10.6 Fix
Aptible Aptible ElasticSearch 5.x Fix
Arduino Arduino IDE 1.8.17 Fix
Arista Networks CloudVision Portal >2019.1.0 Vulnerable
Arista Networks CloudVision Wi-Fi, virtual appliance or physical appliance >8.8 Vulnerable
Arista Networks Analytics Node for DANZ Monitoring Fabric (formerly Big Monitoring Fabric) >7.0.0 Vulnerable
Arista Networks Analytics Node for Converged Cloud Fabric (formerly Big Cloud Fabric) >7.0.0 Vulnerable
Arista Networks Embedded Analytics for Converged Cloud Fabric (formerly Big Cloud Fabric) >5.3.0 Vulnerable
Arista Networks CloudVision Portal >2019.1.0 Vulnerable
Arista Networks CloudVision Wi-Fi, virtual appliance or physical appliance >8.8 Vulnerable
Atlassian Bamboo Server & Data Center On prem Vulnerable
Atlassian BitBucket Server On prem Workaround
Atlassian Confluence Server & Data Center On prem Vulnerable
Atlassian Crowd Server & Data Center On prem Vulnerable
Atlassian Crucible On prem Vulnerable
Atlassian Fisheye On prem Vulnerable
Atlassian Jira Server & Data Center On prem Vulnerable
Avaya      

B

Supplier Product Version (see Status) Status
Backblaze Cloud N/A (SaaS) Fix
BMC Software Bladelogic Database Automation   Vulnerable Fix expected on Dec 15th
BMC Software BMC AMI Ops Common Rest API (CRA) Vulnerable Fix expected on Dec 14th
BMC Software BMC AMI Ops Infrastructure (MVI) - CRA component Vulnerable Fix expected on Dec 14th
BMC Software BMC AMI Ops Insight Vulnerable Fix expected on Dec 14th
BMC Software BMC AMI Ops UI  Vulnerable Fix expected on Dec 14th
BMC Software BMC Client Management Vulnerable Fix expected on Dec 14th
BMC Software BMC Discovery Fix Fix available in BMC’s Electronic Product Download site (EPD)
BMC Software BMC Helix Continuous Optimization Vulnerable Fix expected on Dec 15th
BMC Software BMC License Usage Collection Utility Vulnerable Fix expected on Dec 14th
BMC Software CMDB Vulnerable  
BMC Software Control-M Vulnerable  
BMC Software Helix Data Manager Vulnerable  
BMC Software KMs - Sybase KM & Linux (RHEV) Fix Fix available in BMC’s Electronic Product Download site (EPD)  
BMC Software MainView Middleware Monitor Vulnerable Fix expected on Dec 20th
BMC Software Remedy Smart Reporting Vulnerable  
BMC Software TrueSight App Visibility Manager Vulnerable Fix expected on Dec 15th
BMC Software TrueSight Automation Console Vulnerable Fix expected on Dec 17th
BMC Software TrueSight Automation for Networks Vulnerable Fix expected on Dec 13th
BMC Software TrueSight Automation for Servers - Data Warehouse Vulnerable Fix expected on Dec 17th
BMC Software TrueSight Automation for Servers Vulnerable Fix expected on Dec 17th
BMC Software TrueSight Infrastructure Management Vulnerable  
BMC Software TrueSight IT Data Analytics Vulnerable Fix expected on Dec 15th
BMC Software TrueSight Operations Management Vulnerable Fix expected on Dec 16th
BMC Software TrueSight Smart Reporting Vulnerable Fix expected on Dec 14th
BMC Software TSOM Smart Reporting Vulnerable Fix expected on Dec 14th
Brian Pangburn SwingSet < 4.0.6 Fix
Broadcom CA Advanced Authentication 9.1 & 9.1.01 & 9.1.02 Workaround
Broadcom SiteMinder (CA Single Sign-On) 12.8.x Policy Server, 12.8.04 or later Administrative UI, 12.8.x Access Gateway, 12.8.x SDK, 12.7 and 12.8 ASA Agents Fix, Workaround
Broadcom Symantec Endpoint Protection Manager (SEPM) 14.3 Workaround

C

Supplier Product Version (see Status) Status
Cisco General Cisco Disclaimer Cisco is updating their advisory three times a day, please keep their website in your watchlist. We will try to update accordingly  
Cisco AppDynamics <21.12.0 Fix
Cisco Network Services Orchestrator (NSO) < nso-5.3.5.1, nso-5.4.5.2, nso-5.5.4.1, nso-5.6.3.1 Vulnerable
Cisco Nexus Dashboard (formerly Cisco Application Services Engine) <2.1.2 Vulnerable
Cisco Video Surveillance Operations Manager <7.14.4 Vulnerable
Cisco Webex Meetings Server CWMS-3.0MR4SP2, CWMS-4.0MR4SP2 Vulnerable
CIS-CAT CSAT Pro < 1.7.1 Vulnerable
CIS-CAT CIS-CAT Pro Assessor v4 < 4.13.0 Vulnerable
CIS-CAT CIS-CAT Pro Assessor Service v4 < 1.13.0 Vulnerable
CIS-CAT CIS-CAT Pro Assessor v3 < 3.0.77 Vulnerable
Commvault Cloud Apps & Oracle & MS-SQL All supported versions Fix
Connect2id Connect2id server < 12.5.1 Fix
Contrast Hosted SaaS Enviroments All Fix
Contrast On-premises (EOP) Environments All Fix/Mitigation
Contrast Scan All Fix
ControlUp All products All versions Fix
Couchbase Couchbase ElasticSearch connector < 4.3.3 & < 4.2.13 Fix
Cyberark Identity - Secure Web Sessions (SWS)   Fix
Cyberark Privilege Cloud - Service (SaaS)   Fix
Cyberark Privileged Threat Analytics (PTA)   Workaround - source, workaround
Cyberark Remote Access (Alero) - Connector   Fix
Cyberark Remote Access (Alero) - Service (SaaS)   Fix

D

Supplier Product Version (see Status) Status
DatadogHQ Datadog Agent 6 < 6.32.2, 7 < 7.32.2 Fix/workaround
Dataverse The Dataverse Project   Vulnerable
Debian Apache-log4j.1.2 stretch, buster, bullseye Fix
Debian Apache-log4j2 stretch, buster, bullseye Fix
Dynatrace ActiveGates 1.229.49.20211210-165018, 1.227.31.20211210-164955, 1.225.29.20211210-164930, 1.223.30.20211210-164926 Fix

E

Supplier Product Version (see Status) Status
EclecticIQ TIP < 2.11 Vulnerable
Elastic APM Java Agent 1.17.0-1.28.0 Workaround
Elastic Elasticsearch < 6.8.21, < 7.16.1 Workaround
Elastic Elasticsearch => 7.16.1 Fixed
Elastic Logstash < 6.8.21, < 7.16.1 Workaround
Esri ArcGIS Enterprise and related products < 10.8.0 Vulnerable
EVL Labs JGAAP <8.0.2 Fix
Extreme Networks IQVA   Vulnerable

F

Supplier Product Version (see Status) Status
Fiix CMMS core V5 Fix
FileCap All products <5.1.0 Vulnerable
Forcepoint DLP Manager   Workaround
Forcepoint Next Generation Firewall Security Management Center, and virtual SMC appliances (NGFW)   Workaround
Forcepoint Security Manager (Web, Email and DLP)   Workaround
ForgeRock Autonomous Identity   Workaround
Fortinet FortiAIOps   Vulnerable
Fortinet FortiCASB   Vulnerable
Fortinet FortiConvertor   Vulnerable
Fortinet FortiEDR Cloud   Vulnerable
Fortinet FortiNAC   Vulnerable
Fortinet FortiNAC   Vulnerable
Fortinet FortiPolicy   Vulnerable
Fortinet FortiPortal   Vulnerable
Fortinet FortiSIEM   Vulnerable
Fortinet FortiSOAR   Vulnerable
Fortinet ShieldX   Vulnerable
F-Secure Endpoint Proxy 13-15 Fix
F-Secure Policy Manager 13-15 Fix
F-Secure Policy Manager Proxy 13-15 Fix

G

Supplier Product Version (see Status) Status
GeoSolutions Geonetwork All versions Workaround
GFI Software Kerio Connect   Vulnerable
GitHub Github Enterprise Server 3.3.1, 3.2.6, 3.1.14, 3.0.22 Fix
Gradle Gradle Enterprise 2021.3.6 Fix
Gradle Gradle Enterprise Test Distribution Agent 1.6.2 Fix
Gradle Gradle Enterprise Build Cache Node 10.1 Fix
Graylog Graylog < 3.3.15,<4.0.14,<4.1.9,<4.2.3 Fix
GuardedBox GuardedBox <3.1.2 Fix

H

Supplier Product Version (see Status) Status
HCL Software BigFix Compliance > 2.0.1 ; < 2.0.4 Workaround
HCL Software BigFix Inventory < 10.0.7 Workaround
HPE Silver Peak Orchestrator   Workaround - source, workaround

I

Supplier Product Version (see Status) Status
IBM Curam SPM 8.0.0, 7.0.11 Vulnerable
IBM VM Manager Tool (part of License Metric Tool) >9.2.21,<9.2.26 Vulnerable
IBM Websphere 8.5 Vulnerable
IBM Websphere 9.0 Vulnerable
IGEL Universal Management Suite   Workaround
Informatica Axon 7.2.x Workaround
Informatica Data Privacy Management 10.5, 10.5.1 Workaround
Informatica Information Deployment Manager   Fix
Informatica Metadata Manager 10.4, 10.4.1, 10.5, 10.5.1 Workaround
Informatica PowerCenter 10.5.1 Workaround
Informatica PowerExchange for CDC (Publisher) and Mainframe 10.5.1 Workaround
Informatica Product 360 All versions Workaround

J

Supplier Product Version (see Status) Status
Jamf Nation Jamf Pro (hosted on-prem) < 10.34.1 See notes
JetBrains YouTrack Standalone >= 2019.2 <= 2021.4.34389 Vuln
Jitsi jitsi-videobridge v2.1-595-g3637fda42 Fix
Juniper Networks Junos Space Network Management Platform Unspecified Vulnerable
Juniper Networks Northstar Controller Unspecified Vulnerable
Juniper Networks Paragon Insights >= 21 version 21.1 ; >= 22 version 22.2 Vulnerable
Juniper Networks Paragon Pathfinder >= 21 version 21.1 ; >= 22 version 22.2 Vulnerable
Juniper Networks Paragon Planner >= 21 version 21.1 ; >= 22 version 22.2 Vulnerable

K

Supplier Product Version (see Status) Status

L

Supplier Product Version (see Status) Status
LeanIX All products All versions Fix
Lyrasis DSpace 7.x Fix/Workaround

M

Supplier Product Version (see Status) Status
Mailcow Mailcow Solr Docker < 1.8 Fix
McAfee Enterprise Security Manager (ESM) 11.x Workaround
McAfee Threat Intelligence Exchange (TIE) 2.2, 2.3, 3.0 Workaround
McAfee ePolicy Orchestrator Application Server (ePO) 5.10 CU11 Workaround
Metabase Metabase <0.41.4 Fix
Micro Focus ArcSight ESM 7.2, 7.5 Vulnerable
Micro Focus ArcSight Logger 7.2 and above Vulnerable
Micro Focus ArcSight Recon All Versions Vulnerable
Micro Focus ArcSight Intelligence All Versions Vulnerable
Micro Focus ArcSight Connectors 8.2 and above Vulnerable
Micro Focus ArcSight Transformation Hub All Versions Vulnerable
Microsoft Kafka Connect for Azure Cosmo DB < 1.2.1 Fix
Minecraft Java edition <1.18.1 Fix
Mitel Mitel Interaction Recording (MIR) 6.3 to 6.7 Fix

N

Supplier Product Version (See Status) Status
Nelson Nelson 0.16.185 Vulnerable
Neo4j Neo4j > 4.2 Vulnerable
Netflix atlas 1.6.6 Workaround
Netflix dgs-framework < 4.9.11 Fix
Netflix spectator < 1.0.9 Fix
NetIQ Access Manager >= 4.5.x & >= 5.0.x Workaround
New Relic Java Agent 6.5.1 & 7.4.1 Fix
NSA Ghidra < 10.1 Fix - source, fix
Nutanix General Guidance Nutanix updating Security Advisory #23 multiple times per day, please check source link for absolute latest status  
Nutanix AOS (STS) All supported versions Workaround
Nutanix Flow Security Central SaaS Fix
Nutanix Frame SaaS Public Fix
Nutanix Prism Central All supported versions Vulnerable
Nutanix Sizer SaaS Fix

O

Supplier Product Version (see Status) Status
OCLC all all Fix
Okta On-Prem MFA Agent <1.4.6 Fix - source, fix
Okta Radius Server Agent 2.17.0 Fix
Okta RADIUS Server Agent <2.17.0 Fix - source, fix
openHAB openHAB 3.0.4, 3.1.1 Fix
OpenMRS Talk 2.4.0-2.4.1 Vulnerable
OpenNMS Horizon (including derived Sentinels) < 29.0.3 Fix
OpenNMS Meridian (including derived Minions and Sentinels) < 2021.1.8, 2020.1.15, 2019.1.27 Fix
OpenSearch OpenSearch < 1.2.1 Fix
Oracle Oracle Data Integrator (ODI) >= 12.2.1.3.210119, Marketplace - >= 2.1.0 Workaround - source, Support note 2827611.1, Support Note 2827793.1
Oracle Oracle WebCenter Portal 12.2.1.3 & 12.2.1.4 Workaround - source, Support note 2827611.1
OWASP ZAP < 2.11.1 Fix

P

Supplier Product Version (see Status) Status
PagerDuty Rundeck 3.3+ Fix
PaperCut PaperCut MF >= 21.0 Workaround
PaperCut PaperCut NG >= 21.0 Workaround
Pega Pega Platform On Prem Fix
Pexip Pexip Service all Fix
Portex Portex <3.0.2 Fix
Progress DataDirect Hybrid Data Pipeline   Workaround - source, mitigations
Progress OpenEdge   Workaround - source, mitigations
Puppet Continuous Delivery for Puppet Enterprise 3.x, < 4.10.2 Fix - source, workaround,mitigations

Q

Supplier Product Version (see Status) Status
QOS.ch SLF4J Simple Logging Facade for Java    

R

Supplier Product Version (see Status) Status
Red Hat Red Hat CodeReady Studio 12   Vulnerable
Red Hat Red Hat Data Grid 8   Vulnerable
Red Hat Red Hat Descision Manager 7   Vulnerable
Red Hat Red Hat Integration Camel K   Vulnerable
Red Hat Red Hat Integration Camel Quarkus   Vulnerable
Red Hat Red Hat JBoss A-MQ Streaming   Vulnerable
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack   Vulnerable
Red Hat Red Hat JBoss Fuse 7   Vulnerable
Red Hat Red Hat OpenShift Application Runtimes   Vulnerable
Red Hat Red Hat OpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch5   Vulnerable
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-logging-elasticsearch6   Vulnerable
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-metering-hive   Vulnerable
Red Hat Red Hat OpenShift Container Platform 4 openshift4/ose-metering-presto   Vulnerable
Red Hat Red Hat OpenShift Logging logging-elasticsearch6-container   Vulnerable
Red Hat Red Hat OpenStack Platform 13 (Queens) opendaylight   Vulnerable
Red Hat Red Hat Process Automation 7   Vulnerable
Redis Jedis 3.7.1, 4.0.0-rc2 Fix
Riverbed NetIM 2.x   Vulnerable
Riverbed Portal 1.x   Vulnerable
Riverbed Portal 3.x   Vulnerable
Riverbed Scon EX Analytics   Vulnerable
Riverbed Scon EX Director   Vulnerable
Riverbed UCExpert   Vulnerable
RSA NetWitness Orchestrator >= 6.0 Workaround
RSA NetWitness Platform 11.4 Workaround
RSA NetWitness Platform >= 11.5 Workaround
Ruckus FlexMaster   Vuln
Ruckus SmartZone 100 (SZ-100)   Vuln
Ruckus SmartZone 144 (SZ-144)   Vuln
Ruckus SmartZone 300 (SZ-300)   Vuln
Ruckus Unleashed   Vuln
Ruckus Virtual SmartZone (vSZ)   Vuln

S

Supplier Product Version (see Status) Status
SailPoint IdentityIQ 8.0 or later Workaround
SAP Customer Checkout PoS / manager 2.0 FP09, 2.0 FP10, 2.0 FP11 PL06 (or lower) and 2.0 FP12 PL04 (or lower) Fix
SAP XS Advanced Runtime 1.0.140 or lower Fix
SAS Institute SAS Cloud Solutions   Workaround
SAS Institute SAS Profile   Fix
Security Onion Solutions Security Onion 2.3.90 20211210 Fix
Siemens E-Car OC Cloud Application   Fix
Siemens EnergyIP Prepay 3.7, 3.8 Vulnerable
Siemens Industrial Edge Management App (IEM-App) all Vulnerable
Siemens Industrial Edge Management OS (IEM-OS) all Vulnerable
Siemens Industrial Edge Manangement Hub all Vulnerable
Siemens LOGO! Soft Comfort all Vulnerable
Siemens Mendix Applications all Vulnerable
Siemens Mindsphere Cloud Application   Fix
Siemens Operation Scheduler >= V1.1.3 Vulnerable
Siemens SIGUARD DSA V4.2, V4.3, V4.4 Workaround
Siemens SIMATIC WinCC V7.4 V7.4 SP1 Fix
Siemens Siveillance Command >= 4.16.2.1 Vulnerable
Siemens Siveillance Control Pro < V2.1 Vulnerable
Siemens Siveillance Control Pro >= V2.1 Workaround
Siemens Siveillance Vantage all Vulnerable
SolarWinds Database Performance Analyzer 2021.1.x, 2021.3.x, 2022.1.x Workaround - source, workaround
SolarWinds Server & Application Monitor >= 2020.2.6 Workaround - source, workaround
SonarSource SonarCloud   Fix
SonarSource SonarQube   Workaround
SonicWall Email Security 10.x Vulnerable
Sophos Cloud Optix   Fix
Sophos Sophos Mobile EAS Proxy 9.7.2 Fix
Splunk Add-On: Java Management Extensions 3.0.0, 2.1.0 Vulnerable
Splunk Add-On: JBoss 3.0.0, 2.1.0 Vulnerable
Splunk Add-On: Tomcat 3.0.0, 2.1.0 Vulnerable
Splunk Data Stream Processor DSP 1.0.x, DSP 1.1.x, DSP 1.2.x Vulnerable
Splunk IT Service Intelligence (ITSI) 4.11.x, 4.10.x, 4.9.x, 4.8.x, 4.7.x, 4.4.x Vulnerable
Splunk Splunk Connect for Kafka <2.0.4 Fix
Splunk Splunk Enterprise All supported non-Windows versions of 8.1.x and 8.2.x only if Hadoop (Hunk) and/or DFS are used. Workaround
Splunk Splunk Enterprise Amazon Machine Image (AMI) see Splunk Enterprise Workaround
Splunk Splunk Enterprise Docker Container see Splunk Enterprise Workaround
Splunk Splunk Logging Library for Java <1.11.1 Fix
Splunk Stream Processor Service Current Vulnerable
Stardog Stardog <7.8.1 Fix
Stratodesk NoTouch 4.5.231 Fix
Sumo logic Sumu logic 19.361-12 Fix
SUSE SUSE Openstack Cloud all Vuln
syntevo DeepGit >= 4.0 Fix
syntevo SmartGit >= 18.1 Fix
syntevo SmartSVN >= 9.3 Fix
syntevo SmartSynchronize >= 3.5 Fix
SysAid All products   Fix

T

Supplier Product Version Status
Talend Talend Component Kit   Fix
Tealium All products   Fix
Teamviewer All products   Fix
Tosibox All products   Fix
TrendMicro Trend Micro Email Security & HES   Fix
TrendMicro Vision One   Fix

U

Supplier Product Version (see Status) Status
Ubiquiti UniFi Network Application 6.5.54 Fix
Unify First Response OpenScape Policy Store   Vulnerable
Unify Hipath DS-Win   Vulnerable
Unify OpenScape Contact Center   Vulnerable
Unify OpenScape Contact Media Service   Vulnerable
Unify OpenScape UC >= 10.2.9.0 Vulnerable
Unify OpenScape Voice simplex deployments Vulnerable
US Signal Remote Management and Monitoring platform   Workaround
USoft USoft 9.1.1F Vulnerable

V

Supplier Product Version (see Status) Status
VMware API Portal for VMware Tanzu 1.x Fix - source, fix
VMware AppDefense Appliance 2.x Workaround - source, workaround
VMware App Metrics 2.1.1 Fix - source, fix
VMware Carbon Black Cloud Workload Appliance 1.x Fix - source, workaround
VMware Carbon Black EDR Server 7.x, 6.x Fix - source, workaround, fix
VMware Cloud Director Object Storage Extension 2.1.x, 2.0.x Fix - source, fix
VMware Cloud Foundation 4.x, 3.x Workaround - source, workaround
VMware HCX 4.2.3, 4.1.0.2 Fix
VMware Healthwatch for Tanzu Application Service 2.1.7, 1.8.6 Fix - source, fix
VMware Horizon 8.x, 7.x Workaround - source, workaround
VMware Horizon Cloud Connector 1.x, 2.x Fix - source, fix
VMware Horizon DaaS 9.1.x, 9.0.x Workaround - source, workaround
VMware Identity Manager 3.3.x Workaround - source, workaround
VMware NSX Data Center for vSphere 6.x Workaround - source, workaround
VMware NSX-T Data Center 3.x, 2.x Workaround - source, workaround
VMware Single Sign-On for VMware Tanzu Application Service 1.x Fix - source, fix
VMware Site Recovery Manager 8.x Vuln - source, workaround
VMware Spring Boot < 2.5.8, < 2.6.2 Workaround
VMware Spring Cloud Gateway for Kubernetes 1.x Vulnerable
VMware Spring Cloud Gateway for VMware Tanzu 1.x Fix - source, fix
VMware Spring Cloud Services for VMware Tanzu 3.x Fix - source, fix
VMware Tanzu Application Service for VMs 2.x Fix - source, workaround, fix
VMware Tanzu GemFire 1.14.x, 1.13.x, 1.10.x Fix - source, fix
VMware Tanzu Greenplum 6.x Workaround - source, workaround
VMware Tanzu Kubernetes Grid Integrated Edition 2.x Workaround - source, workaround
VMware Tanzu Observability by Wavefront Nozzle 3.x, 2.x Fix - source, fix
VMware Tanzu Operations Manager 2.x Fix - source, workaround, fix
VMware Tanzu SQL with MySQL for VMs 2.x, 1.x Vulnerable
VMware Telco Cloud Automation 2.x, 1.x Vulnerable
VMware Unified Access Gateway 21.x, 20.x, 3.x Workaround - source, workaround
VMware vCenter Cloud Gateway 1.x Workaround - source, workaround
VMware vCenter Server 6.x Workaround - source, workaround
VMware vCenter Server 7.x, 6.x Workaround - source, workaround
VMware vRealize Automation 8.x, 7.x Vulnerable
VMware vRealize Lifecycle Manager 8.x Workaround - source, workaround
VMware vRealize Log Insight 8.x Workaround - source, workaround
VMware vRealize Operations 8.x Workaround - source, workaround
VMware vRealize Operations Cloud Proxy Any Workaround - source, workaround
VMware vRealize Orchestrator 8.x, 7.x Vulnerable
VMware Workspace ONE Access 21.x, 20.x Workaround - source, workaround
VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 19.03.0.1, 20.x, 21.x Workaround - source, workaround

W

Supplier Product Version Status
WitFoo WitFoo Precinct 6.x Fix
Wowza Wowza Streaming Engine 4.7.8, 4.8.x Workaround

X

Y

Supplier Product Version (see Status) Status
Y Soft SAFEQ 6 <= 6.0.63 Workaround

Z

Supplier Product Version (see Status) Status
Zammad Zammad   Workaround

Ref: https://github.com/NCSC-NL/log4shell/tree/main/software