Most of the CIS products like CSAT PRO, CAT Prov Assessor v4, CAT Pro Assessor v4 Service, CAT Lite, CAT Pro Assessor v3 Full have been impacted by Log4j Vulnerability. Rest of the products like Hosted CSAT, CAT Pro Dashboard and workbench have not been impacted by this. CIS has released updated versions of all these affected products where the Log4j version has been upgraded to 2.15.0 (But the 2.16.0 version is the most recent one which takes care of other vulnerabilities)
| CIS Product | Version | Status | Patched? |
|---|---|---|---|
| CIS CSAT Pro | All | Vulnerable | Patched |
| CIS-CAT Pro Assessor v4 | All | Vulnerable | Patched |
| CIS-CAT Pro Assessor v4 Service | All | Vulnerable | Patched |
| CIS-CAT Lite | All | Vulnerable | Patched |
| CIS-CAT Pro Assessor v3 Full and Dissolvable | All | Vulnerable | Patched |
| CIS-Hosted CSAT | All | Not Vulnerable | Not Needed |
| CIS-CAT Pro Dashboard | All | Not Vulnerable | Not Needed |
| CIS WorkBench | All | Not Vulnerable | Not Needed |