Apache Log4j 2 Advisory - Product Status

Critical Vulnerabilities in Apache Log4j Java Library

On December 9th, 2021, an industry-wide issue was reported in Apache log4j 2 (CVE-2021-44228) that adversaries can use to achieve Remote Code Execution (RCE). This may lead to unauthorized access to host systems. An updated version (v2.15.0) that addresses this issue has been made available by the Apache Software Foundation.

On December 14, 2021, an issue was reported in Apache log4j 2 v2.15.0 (CVE-2021-45046) that can make certain non-default configurations using JNDI features also susceptible to exploitation by adversaries to achieve Remote Code Execution (RCE). Host systems that applied v2.15.0 may also be susceptible to denial-of-service (DoS attacks). The Apache Software Foundation has released version (v2.16.0) to remedy this specific issue.

As additional Apache patches are released, we will continue to evaluate and apply them as applicable to Adobe products.


We have reviewed the potential impact and are following the recommended guidance from the Apache Software Foundation. Our investigation has concluded and Adobe has not discovered any indication that customer data has been impacted.

For the table below:

  • Mitigated” means that the product/service has successfully addressed the CVE.

  • N/A (not applicable)” means that the product/service does not use the vulnerable Apache log4j 2 library.

Product
CVE-2021-44228
CVE-2021-45046
Core Services
Adobe I/O
N/A
N/A
Adobe Identity Management Services (Adobe ID) 
Mitigated
Mitigated
Adobe Account Management N/A
N/A
Adobe User Sync Tool
N/A
N/A
Adobe Admin Console
N/A N/A
Adobe Creative Cloud
Adobe Creative Cloud Services (Libraries, Collaboration, Storage, Sync, Notifications, Web UI)
Mitigated
Mitigated
Adobe Creative Cloud Desktop/Mobile apps 
N/A
N/A
Adobe Creative Cloud Mobile SDKs N/A
N/A
Adobe Express
N/A
N/A
Adobe Capture
N/A
N/A
Adobe Color
N/A
N/A
Adobe Fonts (TypeKit) Mitigated Mitigated
Adobe Behance
Mitigated
Mitigated
Frame.io by Adobe
N/A
N/A
Adobe Portfolio 
N/A
N/A
Adobe UXP Developer Tool N/A N/A
Adobe Bridge
N/A
N/A
Adobe Media Encoder
N/A
N/A
Adobe Dreamweaver
N/A
N/A
Adobe Dimension
N/A
N/A
Adobe InDesign
N/A 
N/A
Adobe InDesign Server
N/A
N/A
Adobe InCopy
N/A
N/A
Adobe Illustrator 
N/A
N/A
Adobe Photoshop
N/A 
N/A
Adobe Premiere Pro 
N/A
N/A
Adobe After Effects
N/A 
N/A
Adobe Prelude 
N/A
N/A
Adobe Premiere Rush
N/A 
N/A
Adobe Substance Source  N/A
N/A
Adobe Substance Painter
N/A 
N/A
Adobe Substance Designer  N/A
N/A
Adobe Substance Alchemist
N/A 
N/A
Adobe Aero (apps & services)  Mitigated
Mitigated
Adobe Animate
N/A 
N/A
Adobe Audition  N/A
N/A
Adobe Character Animator
N/A 
N/A
Adobe XD  N/A
N/A
Adobe Lightroom (Classic and CC)
N/A 
N/A
Adobe Fresco  N/A
N/A
Mixamo by Adobe
Mitigated 
Mitigated
Adobe FrameMaker  N/A
N/A
Adobe Stock
Mitigated
Mitigated
Adobe Document Cloud
Adobe Document/PDF Services (including APIs) 
Mitigated
Mitigated

Adobe Sign

Mitigated 
Mitigated
Adobe Acrobat DC  N/A
N/A
Adobe Experience Cloud
Adobe Analytics 
Mitigated
Mitigated
Adobe Analytics Data Workbench N/A N/A
Adobe Commerce (Magento)
Mitigated 
Mitigated
Adobe Customer Journey Analytics  Mitigated
Mitigated
Adobe Advertising Cloud Mitigated Mitigated
Adobe Audience Manager 
Mitigated
Mitigated
Adobe Campaign Classic (hosted, hybrid, on premise)
N/A 
N/A
Adobe Campaign Standard  Mitigated
Mitigated
Adobe Journey Optimizer
N/A N/A
Adobe Experience Manager as a Cloud Service 
Mitigated Mitigated
Adobe Experience Manager as a Managed Service N/A 
N/A
Adobe Experience Manager (on premise, v6.3 - v6.5) 
N/A N/A
Adobe Experience Manager Forms Mitigated
Mitigated
Adobe Experience Manager Dynamic Media (Scene7) as a Cloud Service Mitigated Mitigated
Adobe Experience Manager Dynamic Media (Scene7) as a Managed Service
Mitigated Mitigated
Adobe Experience Manager Screens N/A 
N/A
Adobe Experience Manager Assets Brand Portal 
N/A
N/A
Adobe Experience Platform Core
Mitigated 
Mitigated
Adobe Experience Platform Data Foundation  Mitigated
Mitigated
Adobe Experience Platform Data Science Workspace
Mitigated 
Mitigated
Adobe Experience Platform Journey Orchestration  N/A
N/A
Adobe Experience Platform Offer Decisioning Service N/A N/A
Adobe Experience Platform Query Service
Mitigated 
Mitigated
Adobe Experience Platform Activation  Mitigated
Mitigated
Adobe Experience Platform Tags (DTM/Launch)
Mitigated 
Mitigated
Adobe Real-time Customer Data Platform (CDP)  Mitigated
Mitigated
Adobe Marketo Engage
Mitigated 
Mitigated
Adobe Bizible  N/A
N/A
Adobe Target
Mitigated Mitigated
Adobe Workfront  Mitigated
Mitigated
Other Products
Adobe Captivate Prime  N/A
N/A
Adobe Update Server Setup Tool (AUSST) N/A N/A
Adobe Remote Update Manager (RUM) N/A N/A
Adobe Connect (hosted, Managed Services) Mitigated Mitigated
Adobe Connect (on premise)  Mitigated
Mitigated
Adobe ColdFusion
Mitigated 
Mitigated
Adobe Photoshop Elements N/A N/A
Adobe Premiere Elements N/A N/A
Adobe Primetime Mitigated Mitigated
Adobe RoboHelp (client/server) N/A
N/A
Adobe Feature Restricted Licensing (FRL) LAN Server
N/A
N/A

We are actively working with our third-party vendors to help ensure that they have mitigations in place.

If you have further questions, please reach out to your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM) or Adobe Customer Care.

Revisions:

December 20, 2021: Added Photoshop Elements and Premiere Elements as "N/A"; corrected Adobe Experience Manager (on premise, v6.3 - v6.5) to "N/A".

December 21, 2021: Added Adobe Advertising Cloud as "Mitigated"; Added Adobe Experience Manager Dynamic Media (Scene 7) as a Managed Service as "Mitigated"; Added Adobe Experience Platform Offer Decisioning Service as "N/A"; Added Adobe Fonts (Typekit) as "Mitigated".

January 5, 2022: Added information for CVE-2021-45046; corrected Adobe Portfolio to "N/A".

January 11, 2022: Added Adobe Remote Update Manager (RUM) as "N/A"; Added Adobe Update Server Setup Tool (AUSST) as "N/A"; Updated note around investigation status.

February 2, 2022: Added Adobe UXP Developer Tool as "N/A".

July 1, 2022: Renamed Creative Cloud Express to Adobe Express and removed Adobe Spark as a duplicate

 Adobe

Get help faster and easier

New user?