List of software (un)affected by the log4shell CVEs
June 15, 2022 · View on GitHub
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
M
| Supplier | Product | Version (see Status) | Status CVE-2021-4104 | Status CVE-2021-44228 | Status CVE-2021-45046 | Status CVE-2021-45105 | Notes | Links |
|---|---|---|---|---|---|---|---|---|
| MMM Group | Control software of all MMM series | link | ||||||
| MMM Group | RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server | link | ||||||
| Mitsubishi Electric Corporation | CC-Link IE TSN | <=1.02C | Vulnerable | Product number: SW1DNN-GN610SRC-M | link | |||
| Mitsubishi Electric Corporation | CC-Link IE TSN | Fix | Product number: SW1DNN-GN610SRC-M | link | ||||
| Macrium Software | All | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| Mailcow | Solr Docker | < 1.8 | Not vuln | Fix | source | |||
| MailStore | All | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Maltego | All | Maltego Response to Logj4 | ||||||
| ManageEngine | ADAudit Plus | Not vuln | Workaround | Workaround | Workaround | source | ||
| ManageEngine | ADManager Plus | Not vuln | Workaround | Workaround | Workaround | source | ||
| ManageEngine | Desktop Central | 10.1.2127.20 | Fix | Not vuln | Not vuln | Not vuln | source | |
| ManageEngine | EventLog Analyzer | Not vuln | Workaround | Workaround | Workaround | source | ||
| ManageEngine | Servicedesk Plus | 11305 and below | Vulnerable | Manage Engine Advisory | ||||
| ManageEngine Zoho | ADAudit Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | ADManager Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | ADSelfService Plus | Not vuln | Not vuln | Not vuln | Not vuln | ManageEngine Vulnerability Impact | ||
| ManageEngine Zoho | All | Manage Engine Link | ||||||
| ManageEngine Zoho | Analytics Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | Cloud Security Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | DataSecurity Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | EventLog Analyzer | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | Exchange Reporter Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | Log360 | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | Log360 UEBA | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | M365 Manager Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | M365 Security Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
| ManageEngine Zoho | RecoveryManager Plus | On-Prem | ManageEngine Vulnerability Impact | |||||
| MariaDB | All | MariaDB Statement | ||||||
| Mathworks | All MathWorks general release desktop or server products | Not vuln | Not vuln | Not vuln | Not vuln | MathWorks statement regarding CVE-2021-44228 | ||
| Mathworks | MATLAB | All | Not vuln | source | ||||
| MathWorks Matlab | All | MathWorks Matlab Statement | ||||||
| Matillion | All | Matillion Security Advisory | ||||||
| Matomo | All | Matomo Statement | ||||||
| Mattermost | All | Not vuln | source | |||||
| Mattermost FocalBoard | All | Mattermost FocalBoard Concern | ||||||
| McAfee | Active Response (MAR) | Not vuln | Standalone MAR not vulnerable, for MAR included in bundle see TIE | source | ||||
| McAfee | Agent (MA) | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Application and Change Control (MACC) for Linux | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Application and Change Control (MACC) for Windows | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Client Proxy (MCP) for Mac | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Client Proxy (MCP) for Windows | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Data Exchange Layer (DXL) | Not vuln | source | |||||
| McAfee | Data Exchange Layer (DXL) Client | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Data Loss Prevention (DLP) Discover | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Data Loss Prevention (DLP) Endpoint for Mac | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Data Loss Prevention (DLP) Endpoint for Windows | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Data Loss Prevention (DLP) Monitor | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Data Loss Prevention (DLP) Prevent | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Drive Encryption (MDE) | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Endpoint Security (ENS) for Linux | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Endpoint Security (ENS) for Mac | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Endpoint Security (ENS) for Windows | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Enterprise Security Manager (ESM) | 11.x | Not vuln | Workaround | source | |||
| McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | Not vuln | source | |||||
| McAfee | ePolicy Orchestrator Application Server (ePO) | <= 5.10 CU10 | Not vuln | source | ||||
| McAfee | ePolicy Orchestrator Application Server (ePO) | 5.10 CU11 | Not vuln | Workaround | source | |||
| McAfee | Host Intrusion Prevention (Host IPS) | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Management of Native Encryption (MNE) | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Network Security Manager (NSM) | Not vuln | source | |||||
| McAfee | Network Security Platform (NSP) | Not vuln | source | |||||
| McAfee | Policy Auditor | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Security for Microsoft Exchange (MSME) | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Security for Microsoft SharePoint (MSMS) | Not vuln | Not vuln | Not vuln | Not vuln | |||
| McAfee | Threat Intelligence Exchange (TIE) | 2.2, 2.3, 3.0 | Not vuln | Workaround | source | |||
| McAfee | Web Gateway (MWG) | Not vuln | Fix | source | ||||
| Medtronic | All | Investigation | Medtronic Advisory Link | |||||
| Meinberg | LANTIME | All | Not vuln | source | ||||
| Meinberg | microSync | All | Not vuln | source | ||||
| Meltano | All | Not vuln | Not vuln | Not vuln | Not vuln | Project is written in Python | Meltano | |
| Memurai | All | Not vuln | source | |||||
| messageconcept | PeopleSync | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Metabase | All | <0.41.4 | Not vuln | Fix | Mitigations available for earlier versions | source | ||
| Micro Focus | ArcSight Connectors | 8.2 and above | Vulnerable | source | ||||
| Micro Focus | ArcSight ESM | 7.2, 7.5 | Vulnerable | source | ||||
| Micro Focus | ArcSight Intelligence | All | Vulnerable | source | ||||
| Micro Focus | ArcSight Logger | 7.2 and above | Vulnerable | source | ||||
| Micro Focus | ArcSight Recon | All | Vulnerable | source | ||||
| Micro Focus | ArcSight Transformation Hub | All | Vulnerable | source | ||||
| Micro Focus | Data Protector | All | Vulnerable | Workaround only for supported versions. Earlier versions are not checked/worked on. | workaround source | |||
| Micro Focus | Silk Performer | 21.0 | Vulnerable | Workaround | source workaround | |||
| Micro Focus | Silk Test | 20.0 up to 21.0.1 (included) | Vulnerable | Workaround | source workaround | |||
| MicroFocus | All | MicroFocus Statement | ||||||
| Microsoft | Azure AD | Not vuln | ADFS itself is not vulnerable, federation providers may be | source | ||||
| Microsoft | Azure API Gateway | Not vuln | Not vuln | Not vuln | Not vuln | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 | ||
| Microsoft | Azure App Service | Not vuln | This product itself is not vulnerable, Microsoft provides guidance on remediation for hosted applications | source | ||||
| Microsoft | Azure Application Gateway | Not vuln | source | |||||
| Microsoft | Azure Data Lake Store Java | < 2.3.10 | Not vuln | Not vuln | Not vuln | Not vuln | Fix has been made to upgrade log4j-core. But this dependency has scope 'test' meaning it is not part of the final product/artifact. So there's no risk for end users here. | source |
| Microsoft | Azure DevOps | Not vuln | source | |||||
| Microsoft | Azure DevOps Server | 2019-2020.1 | Vulnerable | When Azure DevOps Server Search is configured. Uses Elasticsearch OSS 6.2.4 (vulnerable) see Elasticsearch above for mitigation | source | |||
| Microsoft | Azure Front Door | Not vuln | source | |||||
| Microsoft | Azure Traffic Manager | Not vuln | Not vuln | Not vuln | Not vuln | Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 | ||
| Microsoft | Azure WAF | Not vuln | source | |||||
| Microsoft | Cosmos DB Kafka Connector | 1.2.1 | Fix | source | ||||
| Microsoft | Defender for IoT | 10.5.2 | Not vuln | Fix | source | |||
| Microsoft | Events Hub Extension | 3.3.1 | Fix | source | ||||
| Microsoft | Kafka Connect for Azure Cosmo DB | < 1.2.1 | Not vuln | Fix | source | |||
| Microsoft | Minecraft Java Edition | 1.18.1 | Not vuln | Fix | source fix | |||
| Microsoft | Team Foundation Server | 2018.2+ | Vulnerable | When Team Foundation Server Search is configured. Uses Elasticsearch OSS 5.4.1 (vulnerable) see Elasticsearch above for mitigation | source | |||
| MicroStrategy | Secure Enterprise | 11.1.7+ 11.2.x 11.3.x | Not vuln | Workaround | Workaround available, Update scheduled for Week 51/2021 | source | ||
| MIDITEC | All | Not vuln | Not vuln | Not vuln | Not vuln | MTZ Time uses Log4j v1.x | source | |
| Midori Global | All | Midori Global Statement | ||||||
| Mikrotik | All | Mikrotik Statement | ||||||
| Milestone | VMS | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| Milestone sys | All | Milestone sys Statement | ||||||
| Mimecast | All | Mimecast Information | ||||||
| Minecraft | All | Minecraft Vulnerability Message | ||||||
| Mirantis | Container Cloud | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mirantis | Container Runtime | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mirantis | K0s | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mirantis | Kubernetes Engine | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mirantis | Lens | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mirantis | OpenStack | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mirantis | Secure Registry | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Miro | All | Miro Log4j Updates | ||||||
| MISP | All | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | CMG Suite | All | Investigation | source | ||||
| Mitel | InAttend | All | Investigation | source | ||||
| Mitel | Interaction Recording (MIR) | 6.3 to 6.7 | Not vuln | Fix | see SA211213-17 | source | ||
| Mitel | Management Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | Management Portal | All | Investigation | source | ||||
| Mitel | MiCollab | >=7.1 to <=9.4 | Not vuln | Workaround | Workaround | Below v7.0 not vuln, https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/log4j_micollab_remediation_details.pdf Fix | source | |
| Mitel | MiContact Center Enterprise | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | MiContact Center Business | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | MiVoice 5000 | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | MiVoice Border Gateway | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | MiVoice Business | All (excluding EX) | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | MiVoice Business EX and MiConfig Wizard | 9.2 only | Not vuln | Fix | source | |||
| Mitel | MiVoice Call Recording | All | Investigation | source | ||||
| Mitel | MiVoice Connect | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | MiVoice MX-ONE | 7.4 only | Not vuln | Fix | source | |||
| Mitel | MiVoice Office 400 | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | Mobility Router | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | Open Integration Gateway (OIG) | All | Investigation | source | ||||
| Mitel | Performance Analytics Server and Probe | All | Investigation | source | ||||
| Mitel | Standard Linux (MSL) | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mitel | Virtual Reception | All | Investigation | source | ||||
| Mitsubishi | CS-141 | Not vuln | Not vuln | Not vuln | Not vuln | https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png | ||
| Mitsubishi | LookUPS N002 | Not vuln | Not vuln | Not vuln | Not vuln | https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png | ||
| Mitsubishi | LookUPS N003 | Not vuln | Not vuln | Not vuln | Not vuln | https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png | ||
| Mitsubishi | MUCM | Not vuln | Not vuln | Not vuln | Not vuln | https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png | ||
| Mitsubishi | Netcom | Not vuln | Not vuln | Not vuln | Not vuln | https://user-images.githubusercontent.com/89155495/146846042-4c923ea4-58ec-452f-94b2-6a1aa7918ece.png | ||
| Mitsubishi | Netcom 2 | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| MobileIron | Core | All | Not vuln | Fix | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source | ||
| MobileIron | Core Connector | All | Not vuln | Fix | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source | ||
| MobileIron | Reporting Database (RDB) | All | Not vuln | Fix | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source | ||
| MobileIron | Sentry | 9.13, 9.14 | Not vuln | Fix | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | source | ||
| MONARC | All | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| MongoDB | Atlas | Not vuln | Not vuln | Not vuln | Not vuln | Including Atlas Database, Data Lake, Charts | source | |
| MongoDB | Atlas Search | Not vuln | Fix | Affected and patched. No evidence of exploitation or indicators of compromise prior to the patch were discovered. | source | |||
| MongoDB | Community Edition | Not vuln | Not vuln | Not vuln | Not vuln | Including Community Server, Cloud Manager, Community Kubernetes Operators. | source | |
| MongoDB | Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| MongoDB | Drivers | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| MongoDB | Enterprise Advanced | Not vuln | Not vuln | Not vuln | Not vuln | Including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators. | source | |
| MongoDB | Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| MongoDB | Realm | Not vuln | Not vuln | Not vuln | Not vuln | including Realm Database, Sync, Functions, APIs | source | |
| MongoDB | Realm (including Realm Database, Sync, Functions, APIs) | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| MongoDB | Tools | Not vuln | Not vuln | Not vuln | Not vuln | Including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors | source | |
| MongoDB | Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) | Not vuln | Not vuln | Not vuln | Not vuln | source | ||
| Moodle | All | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| MoogSoft | All | MoogSoft Vulnerability Information | ||||||
| Motorola Avigilon | All | Motorola Avigilon Technical Notification | ||||||
| Moxa | All | All | Not vuln | Not vuln | Not vuln | Not vuln | source | |
| Mulesoft | All | This advisory is available to customers only and has not been reviewed by CISA | Mulesoft Statement | |||||
| Mulesoft | Anypoint Studio | 7.x | Not vuln | Fix | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 | ||
| Mulesoft | Cloudhub | Not vuln | Fix | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 | |||
| Mulesoft | Mule Agent | 6.x | Not vuln | Fix | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 | ||
| Mulesoft | Mule Runtime | 3.x,4.x | Not vuln | Fix | This advisory is available to account holders only and has not been reviewed by CISA. | Apache Log4j2 vulnerability - December 2021 |
