List of software (un)affected by the log4shell CVEs

June 15, 2022 · View on GitHub

About this list

0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

R

SupplierProductVersion (see Status)Status CVE-2021-4104Status CVE-2021-44228Status CVE-2021-45046Status CVE-2021-45105NotesLinks
RAll4.1.1Not vulnNot vulnNot vulnNot vulnsource
R2ediviewerAllR2ediviewer Link
RadwareAllRadware Support Link
Rapid7AlcidekArt, kAdvisor, and kAuditon-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7AppSpider Enterpriseon-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7AppSpider Proon-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7Insight Agenton-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7InsightAppSec Scan Engineon-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7InsightCloudSec/DivvyCloudon-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7InsightConnect Orchestratoron-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7InsightIDR Network Sensoron-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7InsightIDR/InsightOps Collector & Event Sourceson-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7InsightOps DataHub2.0.1Fixsource Fix
Rapid7InsightOps non-Java logging librarieson-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7InsightOps r77insight_java Logging Libary3.0.9Fixsource
Rapid7InsightOps r7insight_java logging library<=3.0.8Not vulnFixUpgrade r7insight_java to 3.0.9Rapid7 Statement
Rapid7InsightVM Kubernetes Monitoron-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7InsightVM/Nexposeon-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7InsightVM/Nexpose Consoleon-premNot vulnNot vulnNot vulnNot vulnInstallations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell.Rapid7 Statement
Rapid7InsightVM/Nexpose Engineon-premNot vulnNot vulnNot vulnNot vulnInstallations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell.Rapid7 Statement
Rapid7IntSights virtual applianceon-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7Logentries DataHub1.2.0.822Fixsource Windows Fix Linux Fix
Rapid7Logentries le_java Logging LibaryAllVulnerableMigrate to v3.0.9 of r7insight_javasource
Rapid7Logentries le_java logging libraryAll versions: this is a deprecated componentNot vulnFixMigrate to version 3.0.9 of r7insight_javaRapid7 Statement
Rapid7Metasploit Frameworkon-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7Metasploit Proon-premNot vulnNot vulnNot vulnNot vulnMetasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j.Rapid7 Statement
Rapid7tCell Java Agenton-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
Rapid7Velociraptoron-premNot vulnNot vulnNot vulnNot vulnRapid7 Statement
RaritanAllRaritan Support Link
RavelinAllRavelin Link
Real-Time Innovations (RTI)Distributed LoggerNot vulnNot vulnNot vulnNot vulnRTI Statement
Real-Time Innovations (RTI)Recording ConsoleNot vulnNot vulnNot vulnNot vulnRTI Statement
Real-Time Innovations (RTI)RTI Administration ConsoleNot vulnNot vulnNot vulnNot vulnRTI Statement
Real-Time Innovations (RTI)RTI Code GeneratorNot vulnNot vulnNot vulnNot vulnRTI Statement
Real-Time Innovations (RTI)RTI Code Generator ServerNot vulnNot vulnNot vulnNot vulnRTI Statement
Real-Time Innovations (RTI)RTI Micro Application Generator (MAG)as part of RTI Connext Micro 3.0.0, 3.0.1, 3.0.2, 3.0.3VulnerableRTI Statement
Real-Time Innovations (RTI)RTI Micro Application Generator (MAG)as part of RTI Connext Professional 6.0.0 and 6.0.1VulnerableRTI Statement
Real-Time Innovations (RTI)RTI MonitorNot vulnNot vulnNot vulnNot vulnRTI Statement
Red HatA-MQ Clients 2Not vulnsource
Red Hatbuild of QuarkusNot vulnsource
Red HatCodeReady Studio12.21.0Not vulnFixCRS 12.21.1 PatchCVE-2021-44228- Red Hat Customer Portal
Red HatCodeReady Studio 12Vulnerablesource
Red HatData Grid8Not vulnFixRHSA-2021:5132CVE-2021-44228- Red Hat Customer Portal
Red HatData Grid 88.2.2Not vulnFixRHSA-2021:5132source
Red HatDecision Manager7Not vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red HatDescision Manager 7Vulnerablesource
Red HatEnterprise Linux6Not vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red HatEnterprise Linux7Not vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red HatEnterprise Linux8Not vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red HatIntegration Camel KVulnerablesource
Red HatIntegration Camel QuarkusVulnerablesource
Red HatJBoss A-MQ Streaming1.6.5Not vulnFixRHSA-2021:5133source
Red HatJBoss Enterprise Application Platform7Not vulnFixMaven Patch - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected.CVE-2021-44228- Red Hat Customer Portal
Red HatJBoss Enterprise Application Platform 6Not vulnsource
Red HatJBoss Enterprise Application Platform Expansion PackNot vulnsource
Red HatJBoss Fuse 77.10.0Not vulnFixRHSA-2021:5134source
Red Hatlog4j-coreNot vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red HatOpenShift Application Runtimes 1.0n.a. (see notes)Not vulnFixRHSA-2021:5093 - Red Hat build of Eclipse Vert.x 4.1.5 SP1source
Red HatOpenShift Container Platform 3.11 openshift3/ose-logging-elasticsearch53.11.zNot vulnFixRHSA-2021:5094source
Red HatOpenShift Container Platform 4 openshift4/ose-logging-elasticsearch64.6.zNot vulnFixRHSA-2021:5106source
Red HatOpenShift Container Platform 4 openshift4/ose-metering-hive4.8.zNot vulnFixRHSA-2021:5108source
Red HatOpenShift Container Platform 4.6 openshift4/ose-metering-presto4.6.52Not vulnFixRHSA-2021:5141source
Red HatOpenShift Container Platform 4.7 openshift4/ose-metering-presto4.7.40Not vulnFixRHSA-2021:5107source
Red HatOpenShift Container Platform 4.8 openshift4/ose-metering-presto4.8.24Not vulnFixRHSA-2021:5148source
Red HatOpenShift Logging 5.0 openshift-logging/elasticsearch6-rhel85.0.10Not vulnFixRHSA-2021:5137source
Red HatOpenShift Logging 5.0 openshift-logging/elasticsearch6-rhel85.3.1Not vulnFixRHSA-2021:5129source
Red HatOpenShift Logging 5.1 openshift-logging/elasticsearch6-rhel85.1.5Not vulnFixRHSA-2021:5128source
Red HatOpenShift Logging 5.2 openshift-logging/elasticsearch6-rhel85.2.4Not vulnFixRHSA-2021:5127source
Red HatOpenStack Platform 13 (Queens) opendaylightVulnerablesource
Red HatProcess Automation7Not vulnFixMaven Patch - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected.CVE-2021-44228- Red Hat Customer Portal
Red HatProcess Automation 7Vulnerablesource
Red HatSatellite 5Not vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red HatSingle Sign-On7Not vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red HatSingle Sign-On 7Not vulnsource
Red HatSpacewalkNot vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red HatVert.X4Not vulnFixRHSA-2021:5093CVE-2021-44228- Red Hat Customer Portal
Red HatVirtualization 4Not vulnsource
Red Hat OpenShift Container Platform 3.11openshift3/ose-logging-elasticsearch5Not vulnFixRHSA-2021:5094CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 4openshift4/ose-logging-elasticsearch6Not vulnFixPlease refer to Red Hat Customer Portal to find the left errata for your version.CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 4openshift4/ose-metering-hiveNot vulnFixPlease refer to Red Hat Customer Portal to find the left errata for your version.CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Container Platform 4openshift4/ose-metering-prestoNot vulnFixPlease refer to Red Hat Customer Portal to find the left errata for your version.CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenShift Logginglogging-elasticsearch6-containerNot vulnFixPlease refer to Red Hat Customer Portal to find the left errata for your version.CVE-2021-44228- Red Hat Customer Portal
Red Hat OpenStack Platform 13 (Queens)opendaylightVulnerableEnd of LifeCVE-2021-44228- Red Hat Customer Portal
Red Hat Software Collectionsrh-java-common-log4jNot vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red Hat Software Collectionsrh-maven35-log4j12Not vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red Hat Software Collectionsrh-maven36-log4j12Not vulnNot vulnNot vulnNot vulnCVE-2021-44228- Red Hat Customer Portal
Red5ProAllRed5Pro Link
RedgateFlywayAllNot vulnOnly vulnerable when using non-default config.source
RedisEnterprise & Open SourceAllNot vulnRedis Enterprise and Open Source Redis (self-managed software product) does not use Java and is therefore not impacted by this vulnerabilitysource
RedisJedis3.7.1, 4.0.0-rc2Not vulnFixJedis uses the affected library in test suites only.source
Reiner SCTAllReiner SCT Forum
ReportURIAllReportURI Link
ResMedAirViewNot vulnsource
ResMedmyAirNot vulnsource
RespondusAllThis advisory is available to customers only and has not been reviewed by CISARespondus Support Link
ReveneraFlexNet Publisher 64-bit License Server ManagerVulnerableVulnerablesource
Revenera / FlexeraAllRevenera / Flexera Community Link
RicohCommercial & Industrial Printing - Garment PrintersNot vulnsource
RicohCommercial & Industrial Printing - Production PrintersInvestigationsource
RicohOffice Products - Digital DuplicatorsNot vulnsource
RicohOffice Products - FAXNot vulnsource
RicohOffice Products - Interactive WhiteboardsNot vulnsource
RicohOffice Products - Multifunction Printers/Copiers - Black & White MFPNot vulnsource
RicohOffice Products - Multifunction Printers/Copiers - Color MFPNot vulnsource
RicohOffice Products - Multifunction Printers/Copiers - Wide Format MFPNot vulnsource
RicohOffice Products - Printers - Black & White Laser PrintersNot vulnsource
RicohOffice Products - Printers - Color Laser PrintersNot vulnsource
RicohOffice Products - Printers - Gel Jet PrintersNot vulnsource
RicohOffice Products - Printers - Handy PrintersNot vulnsource
RicohOffice Products - Printers - Printer based MFPNot vulnsource
RicohOffice Products - ProjectorsNot vulnsource
RicohOffice Products - Video ConferencingNot vulnsource
RicohSoftware & Solutions - @Remote Connector NXNot vulnsource
RicohSoftware & Solutions - Card Authentication Package SeriesNot vulnsource
RicohSoftware & Solutions - Certificate Enrolment ServiceNot vulnsource
RicohSoftware & Solutions - Device Manager NX AccountingNot vulnsource
RicohSoftware & Solutions - Device Manager NX EnterpriseNot vulnsource
RicohSoftware & Solutions - Device Manager NX LiteNot vulnsource
RicohSoftware & Solutions - Device Manager NX ProNot vulnsource
RicohSoftware & Solutions - DocuwareNot vulnsource
RicohSoftware & Solutions - Enhanced Locked Print SeriesNot vulnsource
RicohSoftware & Solutions - GlobalScan NXNot vulnsource
RicohSoftware & Solutions - Intelligent Barcode SolutionNot vulnsource
RicohSoftware & Solutions - myPrintNot vulnsource
RicohSoftware & Solutions - Printer Driver Packager NXNot vulnsource
RicohSoftware & Solutions - Ricoh Print Management CloudNot vulnsource
RicohSoftware & Solutions - Ricoh Smart Integration (RSI) applicationsNot vulnsource
RicohSoftware & Solutions - Ricoh Smart Integration (RSI) Platform and its applicationsNot vulnsource
RicohSoftware & Solutions - Ricoh Streamline NX V2Not vulnsource
RicohSoftware & Solutions - Ricoh Streamline NX V3Not vulnsource
RicohSoftware & Solutions - Scan Workflow NavigatorNot vulnsource
RicohSoftware & Solutions - Streamline NX ShareNot vulnsource
RingCentralAllRingCentral Security Bulletin
RiverbedAppResponse11Not vulnsource
RiverbedAternityInvestigationSee source for latest updatessource
RiverbedClient Accelerator Controllers and Client Accelerator (aka SteelCentral Controller for SteelHead Mobile and SteelHead Mobile)Not vulnsource
RiverbedFlow GatewayNot vulnNot vulnNot vulnNot vulnsource
RiverbedFlowTraqNot vulnNot vulnNot vulnNot vulnsource
RiverbedModelerInvestigationsource
RiverbedNetAuditor DesktopInvestigationsource
RiverbedNetAuditor WebNot vulnNot vulnNot vulnNot vulnsource
RiverbedNetCollectorInvestigationsource
RiverbedNetExpressInvestigationsource
RiverbedNetIM 1.xNot vulnNot vulnNot vulnNot vulnsource
RiverbedNetIM 2.xVulnerablePatches plannedsource
RiverbedNetIM Test EngineNot vulnNot vulnNot vulnNot vulnsource
RiverbedNetPlannerNot vulnNot vulnNot vulnNot vulnsource
RiverbedNetProfilerNot vulnNot vulnNot vulnNot vulnsource
RiverbedPacket AnalyzerNot vulnsource
RiverbedPacket Trace WarehouseNot vulnsource
RiverbedPortal 1.xVulnerableIncludes Log4j 2.2source
RiverbedPortal 3.xVulnerableIncludes Log4j 2.13source
RiverbedSaaS AcceleratorNot vulnsource
RiverbedScon CXNot vulnNot vulnNot vulnNot vulnsource
RiverbedScon EX AnalyticsVulnerablePatches plannedsource
RiverbedScon EX DirectorVulnerablePatches plannedsource
RiverbedScon EX FlexVNFNot vulnNot vulnNot vulnNot vulnsource
RiverbedSteelCentral Controller for SteelHeadNot vulnsource
RiverbedSteelFusion EdgeNot vulnNot vulnNot vulnNot vulnsource
RiverbedSteelFusionCore (appliance, virtual)Not vulnNot vulnNot vulnNot vulnsource
RiverbedSteelHead CX (appliance, virtual, cloud)Not vulnsource
RiverbedSteelHead InterceptorNot vulnsource
RiverbedTransaction AnalyzerInvestigationsource
RiverbedTransaction Analyzer AgentsNot vulnNot vulnNot vulnNot vulnLog4j not in usesource
RiverbedUCExpertVulnerablesource
RiverbedWinSec Controller for SteelHead (WSC)Not vulnsource
RocketChatAllAllNot vulnsource
Rockwell AutomationData SchedulerNot vulnsource
Rockwell AutomationFactoryTalk Analytics DataFlowML4.00.01Fixsource
Rockwell AutomationFactoryTalk Analytics DataView3.03.01Fixsource
Rockwell AutomationFactoryTalk Analytics Information PlatformNot vulnsource
Rockwell AutomationFactoryTalk Augmented ModelerNot vulnsource
Rockwell AutomationFiix CMMS core V5Not vulnFixFixFixproduct has been updated; no user action requiredsource
Rockwell AutomationFirewall Managed Support - Cisco Firepower Thread Defense6.2.3 – 7.1.0WorkaroundFollow the mitigation instructions outlined by Cisco in CSCwa46963source
Rockwell AutomationIndustrial Data CenterGen 1, Gen 2, Gen 3, Gen 3.5Not vulnWorkaroundFollow the mitigation instructions outlined by VMware in VMSA-2021-0028source
Rockwell AutomationMES EIG3.03.00VulnerableProduct discontinued. Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions.source
Rockwell AutomationPlex Industrial IoTNot vulnFixFixFixproduct has been updated; no user action requiredsource
Rockwell AutomationVersaVirtualSeries ANot vulnWorkaroundFollow the mitigation instructions outlined by VMware in VMSA-2021-0028source
Rockwell AutomationWarehouse Management4.02.03Not vulnFixsource
RollbarAllRollbar Blog Post
Rosette.comAllRosette.com Support Link
RSANetWitness Orchestrator>= 6.0Not vulnWorkaroundMitigation for the ThreatConnect Application server is available, no impact describedsource
RSANetWitness Platform11.4Not vulnWorkaroundIt is theoretically possible to exploit the vulnerability to gain shell access to the NetWitness Platformsource
RSANetWitness Platform>= 11.5Not vulnWorkaroundIt is possible to leak system configuration datasource
RSASecurID Authentication ManagerNot vulnVersion 8.6 Patch 1 contains a version of log4j that is vulnerable, but this vulnerability is not exploitable.source
RSASecurID Authentication Manager PrimeNot vulnsource
RSASecurID Authentication Manager WebTierNot vulnsource
RSASecurID Governance and LifecycleNot vulnNot vulnNot vulnNot vuln
RSASecurID Governance and Lifecycle (SecurID G&L)Not vulnsource
RSASecurID Governance and Lifecycle CloudNot vulnNot vulnNot vulnNot vuln
RSASecurID Governance and Lifecycle Cloud (SecurID G&L Cloud)Not vulnsource
RSASecurID Identity RouterNot vulnNot vulnNot vulnNot vuln
RSASecurID Identity Router (On-Prem component of Cloud Authentication Service)Not vulnsource
RSA NetwitnessAllRSA Netwitness Community Link
RstudioapiAll0.13Not vulnNot vulnNot vulnNot vulnsource
RubrikAllThis advisory is available to customers only and has not been reviewed by CISARubrik Support Link
RuckusFlexMasterVulnerableAdditional details in PDF/Text (Sign-in Required)source
RuckusSmartZone 100 (SZ-100)5.1 to 6.0VulnerableAdditional details in PDF/Text (Sign-in Required)source
RuckusSmartZone 144 (SZ-144)5.1 to 6.0VulnerableAdditional details in PDF/Text (Sign-in Required)source
RuckusSmartZone 300 (SZ-300)5.1 to 6.0VulnerableAdditional details in PDF/Text (Sign-in Required)source
RuckusUnleashedVulnerableAdditional details in PDF/Text (Sign-in Required)source
RuckusVirtual SmartZone (vSZ)5.1 to 6.0VulnerableAdditional details in PDF/Text (Sign-in Required)source
RunDeck by PagerDutyAllRunDeck Docs Link
RuneCastAnalyzer6.0.4Not vulnFixFixFixsource