Latest log4j2-scan documented here: 2.
67.
31 (
121/
262/
2021 AM2022)
Latest Log4j2 versions: 2.17.0 (Java 8), 2.12.3 (Java 7), and 2.3.1 (Java 6)
Apache Log4j vulnerabilities: https://logging.apache.org/log4j/2.x/security.html
...
java -jar logpresso-log4j2-scan-2.67.31.jar /
Change the version number if the file you downloaded is more recent than this example.
If you don't have java installed already, you will need to download and install it from https://www.java.com.
...
- Code42/Crashplan - AKA UTBackup - https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_response_to_industry_security_incidents
- Matlab - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab
- Oracle SQL Developer - https://support.oracle.com/knowledge/Middleware/2828123_1.html
- Uninstall vulnerable version (delete any files that remain), Download and install version 21.4.1 or later from https://www.oracle.com/tools/downloads/sqldev-downloads.html
- This is not patched against the most recent vulnerability. It still runs log4j2 version 2.16; This only updates to log4j2 version 2.16; this protects against the RCEs but not the DOS; vendor still waiting to to update to version 2.17
- Salesforce (Mulesoft, Anypoint, Dataloader) - https://help.salesforce.com/s/articleView?id=000363736&type=1
- SAS - https://go.documentation.sas.com/doc/en/log4j/1.0/p1gaeukqxgohkin1uho5gh7v5s7p.htm#n1ohrpi7cm0dyfn1gpwngp0ryq41
- Change the file extensions on any 'org/apache/logging/log4j/core/lookup/log4j*.jar' files from .jar to to .zip; open each .zip file and then delete JndiLookup.class files inside it; change the .zip extension back to .jar
- SPSS - https://www.ibm.com/support/pages/node/6525830
- The steps on this page do not yet not patch against the most recent vulnerability. They only update to log4j2 version 2.16; this protects against the RCEs but not the DOS; vendor still waiting to to update to 2.17
- Tableau - https://kb.tableau.com/articles/issue/apache-log4j2-vulnerability-log4shell-tableau-desktop-mitigation-steps
- If you DO NOT use UT Tableau servers you can update Tableau Desktop to version 2021.4.2: https://www.tableau.com/support/releases/desktop/2021.4.2
- If you DO use UT Tableau servers you should update only to version 2020.4.13 and disable further updates: https://www.tableau.com/support/releases/desktop/2020.4.1
...