Latest log4j2-scan documented here: 2.7.1 (1/2/2022)
Latest Log4j2 versions: 2.17.0 (Java 8), 2.12.3 (Java 7), and 2.3.1 (Java 6)
Apache Log4j vulnerabilities: https://logging.apache.org/log4j/2.x/security.html
...
- Code42/Crashplan - AKA UTBackup - https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents
- If UTBack UTBackup is not being used on a computer, the client will NOT check in and autoupdate and must be manually updated.
- Matlab - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab
- Oracle SQL Developer - https://support.oracle.com/knowledge/Middleware/2828123_1.html
- Uninstall vulnerable version (delete any files that remain), Download and install version 21.4.3 or later from https://www.oracle.com/tools/downloads/sqldev-downloads.html
- Uninstall vulnerable version (delete any files that remain), Download and install version 21.4.3 or later from https://www.oracle.com/tools/downloads/sqldev-downloads.html
- Salesforce (Mulesoft, Anypoint, Dataloader) - https://help.salesforce.com/s/articleView?id=000363736&type=1
- SAS - https://go.documentation.sas.com/doc/en/log4j/1.0/p1gaeukqxgohkin1uho5gh7v5s7p.htm#n1ohrpi7cm0dyfn1gpwngp0ryq41
- Ensure you are runing SAS 9.4. This still contains a vulnerable version of Log4j, but the vulnerability is not exposed in the product.
- Change the file extensions on any 'org/apache/logging/log4j/core/lookup/log4j*.jar' files from .jar to to .zip; open each .zip file and then delete JndiLookup.class files inside it; change the .zip extension back to .jar
- SPSS - https://www.ibm.com/support/pages/node/6525830
- Follow the steps on this page to patch SPSS v.27 with Log4j 2.17 or else update SPSS to v.28
- Tableau - https://kb.tableau.com/articles/issue/apache-log4j2-vulnerability-log4shell-tableau-desktop-mitigation-steps
- If you DO NOT use UT Tableau servers you can update Tableau Desktop to version 2021.4.2: https://www.tableau.com/support/releases/desktop/2021.4.2
- If you DO use UT Tableau servers you should update only to version 2020.4.13 and disable further updates: https://www.tableau.com/support/releases/desktop/2020.4.1
...