Below please find a brief listing of known affected applications along with vendor links where the outlined information would assist with performing a self-assessment to determine impact.

• Apache Struts
• Apache Solr
• Apache Druid
• Apache Flink
• ElasticSearch
• Flume
• Apache Dubbo
• Logstash
• Kafka
• Spring-Boot-starter-log4j

Partner vendor responses around the vulnerability and potential mitigation steps:

• Check Point – https://www.checkpoint.com/latest-cyber-attacks/critical-vulnerability-in-apache-log4j/
• Fortinet – https://www.fortiguard.com/outbreak-alert/log4j2-vulnerability
• Palo Alto Network-  https://security.paloaltonetworks.com/CVE-2021-44228
• IBM QRadar – https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
• Tenable (Includes additional information around other affected vendors) – https://bit.ly/3dS3Uao​
• Tufin – https://www.itpro.co.uk/security/zero-day-exploit/361819/what-is-log4shell-log4j-vulnerability
•  AlgoSec – “AlgoSec suggests a temporary workaround for ASMS systems. It involves running a simple script and will be valid until the official hotfix is made available. Customers who are confident in their network defenses may consider waiting for the upcoming official hotfix. The workaround script will be made available shortly as an attachment to ​​​this KB article.”

We hope you find these resources helpful. Please reach out to your ADS account manager if you’d like to schedule a technical review of your environment!

Wishing You a Happy & Secure Holiday Season,

Atlantic Data Security