Skip to content

Ivanti Products affected by Log4j Vulnerability

Only few of the Ivanti products like Avanlanche, Ivanti File Director, Ivanti Security Controls (Patch ISec) , MobileIron Core , MobileIron Sentry (Core / Cloud) , MobileIron Core Connector have been affected by Log4j Vulnerability. If the systems are within DMZ then there is less of risk in getting exploited whereas if the systems are outside DMZ then there is more risk of these applications getting exploited by Log4j Vulnerability

Products not affect by Log4j Vulnerability: Application Control for Linux , Application Control for Windows, Automation, Avalanche,Avalanche Remote Control, Cherwell Asset Management (CAM), Cherwell Service Management (CSM), Connect Pro, Credential mgr (PivD Manager), Discovery Classic, DSM, Environment Manager, GoldMine, HEAT Classic, IIRIS (Neurons for IIOT), ITSM 6/7, Incapptic Connect, Insight, Ivanti Asset Lifecycle Management, Ivanti Device Application Control, Ivanti Endpoint Manager, Ivanti EPM  – Cloud Service Appliance, Ivanti Endpoint Security, Ivanti Environment Manager, Ivanti File Director, Ivanti Identity Director, Ivanti License Optimizer (ILO), Ivanti Management Center, Ivanti Neurons Platform,Ivanti Performance Manager, Ivanti Service Desk, Ivanti Service Manager,Ivanti Service Manager for Neurons,
Ivanti Security Controls, Ivanti Voice, Ivanti Workspace Control,MI Appconnect, MI Email+, MI Go Client, MI Mobile@Work, MI Security Productivity Apps,MI Tunnel App, MobileIron Access/ZSO, MobileIron BYOD Portal, MobileIron Cloud, MobileIron Cloud Connector etc.,

Ivanti ProductVersionsStatusPatched
Application Control for Linux AllNot VulnerableNot Affected
Application Control for Windows All Not Vulnerable Not Affected
Automation  All Not Vulnerable Not Affected
Avalanche All Vulnerable Affected – See INFO
Avalanche Remote Control  All Not Vulnerable Not Affected
Cherwell Asset Management (CAM) All Not Vulnerable Not Affected
Cherwell Service Management (CSM) All Not Vulnerable Not Affected
Connect Pro All Not Vulnerable Not Affected
Credential mgr (PivD Manager) All Not Vulnerable Not Affected
Discovery Classic All Not Vulnerable Not Affected
DSM All Not Vulnerable Not Affected
Environment Manager All Not Vulnerable Not Affected
GoldMine All Not Vulnerable Not Affected
HEAT Classic All Not Vulnerable Not Affected
IIRIS (Neurons for IIOT) All Not Vulnerable Not Affected
ITSM 6/7 All Not Vulnerable Not Affected
Incapptic Connect All Not Vulnerable Not Affected
Insight All Not Vulnerable Not Affected
Ivanti Asset Lifecycle Management All Not Vulnerable Not Affected
Ivanti Device Application Control All Not Vulnerable Not Affected
Ivanti Endpoint Manager All Not Vulnerable Not Affected
Ivanti EPM  – Cloud Service Appliance All Not Vulnerable Not Affected
Ivanti Endpoint Security All Not Vulnerable Not Affected
Ivanti Environment Manager All Not Vulnerable Not Affected
Ivanti File Director All Vulnerable Affected – SEE INFO
Ivanti Identity Director All Not Vulnerable Not Affected
Ivanti License Optimizer (ILO) All Not Vulnerable Not Affected
Ivanti Management Center All Not Vulnerable Not Affected
Ivanti Neurons Platform All Not Vulnerable Not Affected
Ivanti Performance Manager All Not Vulnerable Not Affected
Ivanti Service Desk All Not Vulnerable Not Affected
Ivanti Service Manager All Not Vulnerable Not Affected
Ivanti Service Manager for Neurons (Cloud) All Not Vulnerable Not Affected
Ivanti Security Controls (Patch ISec) All Vulnerable Not Affected
Ivanti Voice All Not Vulnerable Not Affected
Ivanti Workspace Control All Not Vulnerable Not Affected
MI Appconnect All Not Vulnerable Not Affected
MI Email+ All Not Vulnerable Not Affected
MI Go Client All Not Vulnerable Not Affected
MI Mobile@Work All Not Vulnerable Not Affected
MI Security Productivity Apps All Not Vulnerable Not Affected
MI Tunnel App All Not Vulnerable Not Affected
MobileIron Access/ZSO All Vulnerable Mitigated – No Impact
MobileIron BYOD Portal All Not Vulnerable Not Affected
MobileIron Cloud All Not Vulnerable Not Affected
MobileIron Cloud Connector All Not Vulnerable Not Affected
MobileIron Core All Vulnerable Affected – SEE INFO
MobileIron Sentry (Core / Cloud) All Vulnerable Affected – SEE INFO
MobileIron Core Connector All Vulnerable Affected – SEE INFO
Patch MEM (Microsoft Endpoint Manager) All Not Vulnerable Not Affected
Patch OEM APIs All Not Vulnerable Not Affected
Performance Manager All Not Vulnerable Not Affected
Pulse Desktop Client All Not Vulnerable Not Affected
Pulse Mobile Client All Not Vulnerable Not Affected
Pulse Services Director All Not Vulnerable Not Affected
Pulse Virtual Traffic Manager All Not Vulnerable Not Affected
Pulse Web Application Firewall All Not Vulnerable Not Affected
Pulse Connect Secure All Not Vulnerable Not Affected
Pulse One All Not Vulnerable Not Affected
Pulse Policy Secure All Not Vulnerable Not Affected
Pulse ZTA All Not Vulnerable Not Affected
Risksense Threat and Vulnerability Management All Not Vulnerable Not Affected
SpeakEasy (add-on to Velocity) All Not Vulnerable Not Affected
SpeakEasy (WinCE) All Not Vulnerable Not Affected
Terminal Emulation and Industrial Browser All Not Vulnerable Not Affected
Velocity All Not Vulnerable Not Affected
VelocityCE All Not Vulnerable Not Affected
ConnectPro(Termproxy) All Not Vulnerable Not Affected
Wavelink License server All Not Vulnerable Not Affected
CETerm(Naurtech) All Not Vulnerable Not Affected
Virtual Desktop Extender All Not Vulnerable Not Affected
Xtraction All Not Vulnerable Not Affected
Source: https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US