Apache Log4j 2 Vulnerability
On this page, we provide the latest update of the potential impact of the open-source Apache “Log4j 2” vulnerability on Google Cloud products and services based on the findings of our ongoing investigation. For the latest updates from the Google Cybersecurity Action Team on recommendations for investigating and responding to this vulnerability please visit our blog post.
Google Cloud is actively following the security vulnerabilities in the open-source Apache “Log4j 2" utility (CVE-2021-44228 and CVE-2021-45046). We are also aware of the reported Apache “Log4j 1.x” vulnerability (CVE-2021-4104). We encourage you to update to the latest version of Log4j 2. We are currently assessing the potential impact of the vulnerability for Google Cloud products and services. This is an ongoing event and we will continue to provide updates through this page and our customer communications channels.
Based on our findings, Google Workspace core services for consumer and paid users are not using Log4j 2 and are not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. See below for a detailed status of the Workspace core services and other related products.
We recommend Google customers review all third-party apps and solutions accessing their data and validate the security status of those apps with their respective vendors. More details on managing apps authorized to access Google Workspace data are here and customers can review their list of solutions from the Google Cloud Marketplace by logging into their account. We also recommend validating the security status of any apps developed and deployed by customers within their environments.
Background: The Apache Log4j 2 utility is a commonly used component for logging requests. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j 2 version 2.15 or below to be compromised and allow an attacker to execute arbitrary code.
On December 10, 2021, NIST published a critical Common Vulnerabilities and Exposure alert, CVE-2021-44228. More specifically, Java Naming Directory Interface (JNDI) features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from remote servers when message lookup substitution is enabled.
What should I do to protect myself? We strongly encourage customers who manage environments containing Log4j 2 to update to the latest version.
Google Cloud product and service-specific information
Filter table by status (select one at a time):
| Product Name | Product Category | Status | Additional Information |
|---|---|---|---|
| AI Platform Data Labeling | Vertex AI, AI Platform, and Accelerators | Not Impacted | December 21, 2021 Update: AI Platform Data Labeling does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| AI Platform Neural Architecture Search (NAS) | Vertex AI, AI Platform, and Accelerators | Not Impacted | December 21, 2021 Update: AI Platform Neural Architecture Search (NAS) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| AI Platform Training and Prediction | Vertex AI, AI Platform, and Accelerators | Not Impacted | December 21, 2021 Update: AI Platform Training and Prediction does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Access Approval | Identity & Access | Not Impacted | December 22, 2021 Update: Access Approval does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Access Context Manager | Identity & Access | Not Impacted | December 22, 2021 Update: Access Context Manager does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Access Transparency | Security | Not Impacted | December 21, 2021 Update: Access Transparency does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Actifio | Mitigated, Customer Action Needed | December 15, 2021 Update: Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit https://now.actifio.com for the full statement and to obtain the hotfix (available to Actifio customers only). | |
| Anthos | Hybrid and Multi-Cloud | Not Impacted |
December 21, 2021 Update: Anthos does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. |
| Config Management | Hybrid and Multi-Cloud | Not Impacted | December 21, 2021 Update: Config Management does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Anthos Connect | Hybrid and Multi-Cloud | Not Impacted | December 21, 2021 Update: Anthos Connect does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Anthos Hub | Hybrid and Multi-Cloud | Not Impacted | December 21, 2021 Update: Anthos Hub does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Anthos Identity Service | Hybrid and Multi-Cloud | Not Impacted | December 21, 2021 Update: Anthos Identity Service does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Anthos Premium Software | Hybrid and Multi-Cloud | Not Impacted | December 21, 2021 Update: Anthos Premium Software does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Service Mesh | Hybrid and Multi-Cloud | Not Impacted | December 21, 2021 Update: Service Mesh does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Anthos on VMware | Service Infrastructure | Not Impacted | December 21, 2021 Update: Anthos on VMware does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. |
| Apigee | API Management | Not Impacted |
December 17, 2021 Update: Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. December 11, 2021 Update: Apigee has conducted a detailed investigation and we believe that the Edge and OPDK products are not vulnerable to the Log4j 2 vulnerability. Visit the Apigee Incident Report for more information. |
| App Engine | Compute | Not Impacted |
December 21, 2021 Update: App Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. |
| AppSheet | Mitigated, No Action Needed | December 14, 2021 Update: The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | |
| Artifact Registry | Developer Tools | Not Impacted | December 21, 2021 Update: Artifact Registry does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Assured Workloads | Security | Not Impacted | December 21, 2021 Update: Assured Workloads does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| AutoML | AI and Machine Learning | Not Impacted | December 21, 2021 Update: AutoML does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| AutoML Natural Language | AI and Machine Learning | Not Impacted | December 21, 2021 Update: AutoML Natural Language does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| AutoML Tables | AI and Machine Learning | Not Impacted | December 21, 2021 Update: AutoML Tables does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| AutoML Translation | AI and Machine Learning | Not Impacted | December 21, 2021 Update: AutoML Translation does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| AutoML Video | AI and Machine Learning | Not Impacted | December 21, 2021 Update: AutoML Video does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| AutoML Vision | AI and Machine Learning | Not Impacted | December 21, 2021 Update: AutoML Vision does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| BeyondCorp Enterprise | Identity & Access | Not Impacted | December 22, 2021 Update: BeyondCorp Enterprise does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| BigQuery | Databases | Not Impacted | December 19, 2021 Update: BigQuery on Google Cloud does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| BigQuery Data Transfer Service | Data Analytics, Migration | Not Impacted | December 20, 2021 Update: BigQuery Data Transfer Service does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. |
| BigQuery Omni | Databases | Not Impacted | March 1, 2022 Update: BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Binary Authorization | Security | Not Impacted | December 21, 2021 Update: Binary Authorization does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Certificate Authority Service | Security | Not Impacted | December 23, 2021 Update: Certificate Authority Service does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Certificate Manager | Security | Not Impacted | December 21, 2021 Update: Certificate Manager does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Chronicle | Security | Not Impacted | December 20, 2021 Update: Chronicle on Google Cloud does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Asset Inventory | Security | Not Impacted | December 21, 2021 Update: Cloud Asset Inventory does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Bigtable | Databases | Mitigated, No Action Needed | December 19, 2021 Update: Cloud Bigtable has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers do not need to take any actions. |
| Cloud Build | Developer Tools | Not Impacted |
December 21, 2021 Update: Cloud Build does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. |
| Cloud CDN | Networking | Not Impacted | December 20, 2021 Update: Cloud CDN does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Composer | Data Analytics | Not Impacted | December 15, 2021 Update: Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. |
| Cloud DNS | Networking | Not Impacted | December 20, 2021 Update: Cloud DNS does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Data Loss Prevention | Security | Not Impacted | December 21, 2021 Update: Cloud Data Loss Prevention does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Debugger | Operations | Not Impacted | December 21, 2021 Update: Cloud Debugger does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Deployment Manager | Management Tools | Not Impacted | December 21, 2021 Update: Cloud Deployment Manager does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Endpoints | API Management | Not Impacted | December 21, 2021 Update: Cloud Endpoints does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud External Key Manager (EKM) | Security | Not Impacted | December 21, 2021 Update: Cloud External Key Manager (EKM) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Functions | Serverless Computing | Not Impacted |
December 21, 2021 Update: Cloud Functions does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. |
| Cloud HSM (Hardware Security Module) | Security | Not Impacted | December 21, 2021 Update: Cloud HSM (Hardware Security Module) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Healthcare | Cloud AI, Healthcare and Life Sciences | Mitigated, Customer Action Required |
December 28, 2021 Update: Cloud Healthcare has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent notifications with instructions on December 23, 2021 with the subject line “Important information about three GitHub OSS Healthcare API subcomponents and the Log4j 2 vulnerabilities” and December 27, 2021 with the subject line “Important information about a GitHub OSS Healthcare API subcomponent and the Log4j 2 vulnerabilities.” |
| Cloud IDS (Intrusion Detection System) | Networking | Not Impacted | December 20, 2021 Update: Cloud IDS (Intrusion Detection System) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Identity Services | Identity & Access | Not Impacted | December 22, 2021 Update: Cloud Identity Services does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Identity Services | Google Workspace | Not Impacted | December 23, 2021 Update: Cloud Identity Services does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Interconnect | Networking | Not Impacted | December 20, 2021 Update: Cloud Interconnect does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Key Management Service | Security | Not Impacted | December 21, 2021 Update: Cloud Key Management Service does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Life Sciences (formerly Google Genomics) | Data Analytics | Not Impacted | December 23, 2021 Update: Cloud Life Sciences (formerly Google Genomics) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Load Balancing | Networking | Not Impacted | December 20, 2021 Update: Cloud Load Balancing does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Logging | Operations | Not Impacted | December 21, 2021 Update: Cloud Logging does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Monitoring | Operations | Mitigated, Customer Action Needed | December 22, 2021 Update: Cloud Monitoring has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers using the BindPlane metrics collector have been provided details and instructions in a notification sent between December 18, 2021 and December 20, 2021 with the subject line containing “Important information about BindPlane Metrics Collector.” |
| Cloud NAT (Network Address Translation) | Networking | Not Impacted | December 20, 2021 Update: Cloud NAT (Network Address Translation) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Natural Language API | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Cloud Natural Language API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Profiler | Operations | Not Impacted | December 21, 2021 Update: Cloud Profiler does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Router | Networking | Not Impacted | December 20, 2021 Update: Cloud Router does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Run | Serverless Computing | Not Impacted |
December 21, 2021 Update: Cloud Run does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. |
| Cloud Run for Anthos | Serverless Computing | Not Impacted |
December 21, 2021 Update: Cloud Run for Anthos does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. |
| Cloud SDK | Developer Tools | Mitigated, No Action Needed | December 21, 2021 Update: Cloud SDK has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers do not need to take any actions. |
| Cloud SQL | Databases | Not Impacted | December 19, 2021 Update: Cloud SQL does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Scheduler | Serverless Computing | Not Impacted | December 21, 2021 Update: Cloud Scheduler does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Shell | Management Tools | Not Impacted |
December 21, 2021 Update: Cloud Shell does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. |
| Cloud Source Repositories | Developer Tools | Not Impacted | December 21, 2021 Update: Cloud Source Repositories does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Spanner | Databases | Not Impacted | December 19, 2021 Update: Cloud Spanner does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Storage | Storage | Not Impacted | December 20, 2021 Update: Cloud Storage does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Tasks | Serverless Computing | Not Impacted | December 21, 2021 Update: Cloud Tasks does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Trace | Operations | Not Impacted | December 21, 2021 Update: Cloud Trace does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Traffic Director | Networking | Not Impacted | December 20, 2021 Update: Cloud Traffic Director does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Translation | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Cloud Translation does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud VPN | Networking | Not Impacted | December 20, 2021 Update: Cloud VPN does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Vision | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Cloud Vision does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Cloud Vision OCR On-Prem | Google Cloud Platform Premium Software | Not Impacted | December 21, 2021 Update: Cloud Vision OCR On-Prem does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| CompilerWorks | Data Analytics | Not Impacted | December 20, 2021 Update: CompilerWorks does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. |
| Compute Engine | Compute | In Progress | December 20, 2021 Update: Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. |
| Config Connector | Google Cloud Platform Software | Not Impacted | December 22, 2021 Update: Config Connector does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Contact Center AI (CCAI) | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Contact Center AI (CCAI) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Contact Center AI Insights | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Contact Center AI Insights does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Container Registry | Developer Tools | Not Impacted | December 21, 2021 Update: Container Registry does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Currents | Google Workspace | Not Impacted | December 23, 2021 Update: Currents does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Data Catalog | Data Analytics | Mitigated, No Action Needed | December 20, 2021 Update: Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. |
| Data Fusion | Data Analytics | Mitigated, Customer Action Needed | December 20, 2021 Update: Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” |
| Database Migration Service (DMS) | Databases, Migration | Not Impacted | December 19, 2021 Update: DMS does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Dataflow | Data Analytics | Not Impacted | December 17, 2021 Update: Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” |
| Datalab | Data Analytics | Not Impacted | December 22, 2021 Update: Datalab does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Dataproc | Data Analytics | Mitigated, Customer Action Needed |
December 20, 2021 Update: Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. December 17, 2021 Update: Dataproc released new images on December 16, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow Dataproc documentation to take advantage of the mitigation. December 15, 2021 Update: Dataproc released new images on December 12, 2021 to address the vulnerability in CVE-2021-44228. Customers must follow Dataproc documentation to take advantage of the mitigation. |
| Dataproc Metastore | Data Analytics | Mitigated, Customer Action Needed |
December 20, 2021 Update: Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” |
| Datastore | Databases | Not Impacted | December 19, 2021 Update: Datastore does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Datastream | Databases | Not Impacted | December 19, 2021 Update: Datastream does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Deep Learning Containers | Vertex AI, AI Platform, and Accelerators | Mitigated, Customer Action Needed |
December 28, 2021 Update: Deep Learning Containers has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent notifications with instructions on December 23, 2021 with the subject line “Important information about Deep Learning. |
| Deep Learning VMs | Vertex AI, AI Platform, and Accelerators | Mitigated, Customer Action Needed |
December 24, 2021 Update: Deep Learning VMs has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent notifications with instructions on December 22, 2021 with the subject line “Important information about Deep Learning VM and the Log4j 2 vulnerabilities.” |
| Dialogflow Customer Experience Edition (CX) | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Dialogflow Customer Experience Edition (CX) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Dialogflow Essentials (ES) | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Dialogflow Essentials (ES) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Directions API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Directions API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Distance Matrix API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Distance Matrix API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Document AI | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Document AI does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Event Threat Detection | Security | Not Impacted | December 21, 2021 Update: Event Threat Detection does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Eventarc | Serverless Computing | Not Impacted | December 21, 2021 Update: Eventarc does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Filestore | Storage | Not Impacted | December 21, 2021 Update: Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. |
| Firebase | Databases, Developer Tools | Not Impacted | December 21, 2021 Update: Firebase does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Firestore | Databases | Not Impacted | December 19, 2021 Update: Firestore does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Game Servers | Media and Gaming | Not Impacted | December 21, 2021 Update: Game Servers does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Gaming Services | Google Maps Platform | Not Impacted | January 7, 2022 Update: Gaming Services does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Geocoding API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Geocoding API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Geolocation API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Geolocation API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Gmail | Google Workspace | Not Impacted | December 23, 2021 Update: Gmail does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Cloud App | Management Tools | Not Impacted | December 21, 2021 Update: Google Cloud App does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Calendar | Google Workspace | Not Impacted | December 23, 2021 Update: Google Calendar does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Chat | Google Workspace | Not Impacted | December 23, 2021 Update: Google Chat does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Cloud Armor | Networking | Not Impacted | December 20, 2021 Update: Google Cloud Armor does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Cloud Armor Managed Protection Plus | Networking | Not Impacted | December 20, 2021 Update: Google Cloud Armor Managed Protection Plus does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Cloud Directory Sync (GCDS) | Google Workspace Related Products | Not Impacted |
December 30, 2021 Update: Versions 4.4.19 and higher of Google Cloud Directory Sync (GCDS) do not use Log4j 2 and are not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. December 23, 2021 Update: The current version of Google Cloud Directory Sync (GCDS) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Cloud Identity-Aware Proxy | Identity & Access | Not Impacted | December 22, 2021 Update: Google Cloud Identity-Aware Proxy does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Cloud Search | Google Workspace | Not Impacted | December 23, 2021 Update: Google Cloud Search does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Cloud Threat Intelligence for Chronicle | Security | Not Impacted | December 23, 2021 Update: Google Cloud Threat Intelligence for Chronicle does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Cloud VMware Engine | Compute | In Progress | December 11, 2021 Update: We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. |
| Google Contacts | Google Workspace | Not Impacted | December 23, 2021 Update: Google Contacts does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Docs | Google Workspace | Not Impacted | December 23, 2021 Update: Google Docs does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Drive | Google Workspace | Not Impacted | December 23, 2021 Update: Google Drive does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Forms | Google Workspace | Not Impacted | December 23, 2021 Update: Google Forms does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Groups for Business | Google Workspace | Not Impacted | December 23, 2021 Update: Google Groups for Business does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Hangouts | Google Workspace | Not Impacted | December 23, 2021 Update: Google Hangouts does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Jamboard | Google Workspace | Not Impacted | December 23, 2021 Update: Google Jamboard does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Keep | Google Workspace | Not Impacted | December 23, 2021 Update: Google Keep does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Kubernetes Engine | Compute | Not Impacted |
December 21, 2021 Update: Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. |
| Google Meet | Google Workspace | Not Impacted | December 23, 2021 Update: Google Meet does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Sheets | Google Workspace | Not Impacted | December 23, 2021 Update: Google Sheets does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Sites | Google Workspace | Not Impacted | December 23, 2021 Update: Google Sites does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Slides | Google Workspace | Not Impacted | December 23, 2021 Update: Google Slides does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Tasks | Google Workspace | Not Impacted | December 23, 2021 Update: Google Tasks does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Vault | Google Workspace | Not Impacted | December 23, 2021 Update: Google Vault does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Voice | Google Workspace | Not Impacted | December 23, 2021 Update: Google Voice does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Google Workspace Assured Controls | Google Workspace | Not Impacted | December 23, 2021 Update: Google Workspace Assured Controls does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Healthcare Data Engine (HDE) | Healthcare and Life Sciences | Not Impacted | December 21, 2021 Update: Healthcare Data Engine (HDE) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Human-in-the-Loop AI | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Human-in-the-Loop AI does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Identity & Access Management (IAM) | Identity & Access | Not Impacted | December 22, 2021 Update: Identity & Access Management (IAM) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Identity Platform | Management Tools | Not Impacted | December 22, 2021 Update: Identity Platform does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| IoT Core | Internet of Things (IoT) | Not Impacted | December 21, 2021 Update: IoT Core does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Key Access Justifications (KAJ) | Security | Not Impacted | December 21, 2021 Update: Key Access Justifications (KAJ) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Kf | Google Cloud Platform Software | Not Impacted |
December 22, 2021 Update: Kf does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Kf environments to identify components dependent on Log4j 2 and update them to the latest version. |
| Looker | Data Analytics | Mitigated, Customer Action Needed |
December 30, 2021 Update: For Looker-hosted instances, we have deployed updated third-party driver software that is not vulnerable to CVE-2021-44228 and CVE-2021-45046. For Looker customers who self-manage their Looker instances, we have provided instructions, through their technical contacts, to download the latest published jars that contain updates to the third-party driver dependencies. Customers who have questions or require assistance, please visit Looker Support. December 18, 2021 Update: Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. |
| Managed Service for Microsoft Active Directory (AD) | Identity & Access | Not Impacted | December 22, 2021 Update: Managed Service for Microsoft Active Directory (AD) does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Maps Elevation API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Maps Elevation API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Maps Embed API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Maps Embed API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Maps JavaScript API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Maps JavaScript API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Maps SDK for Android | Google Maps Platform | Not Impacted | January 7, 2022 Update: Maps SDK for Android does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Maps SDK for iOS | Google Maps Platform | Not Impacted | January 7, 2022 Update: Maps SDK for iOS does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Maps Static API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Maps Static API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Maps URLs | Google Maps Platform | Not Impacted | January 7, 2022 Update: Maps URLs does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Media Translation API | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Media Translation API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Memorystore | Databases | Not Impacted | December 19, 2021 Update: Memorystore does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Migrate to Containers | Google Cloud Platform Software | Not Impacted | December 21, 2021 Update: Migrate to Containers does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Migrate to Virtual Machines | Compute, Migration | Mitigated, Customer Action Needed |
December 19, 2021 Update: M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. December 15, 2021 Update: M4CE has been updated to mitigate the issues identified in CVE-2021-44228. A fix for M4CE v4.11 (or below) has been provided in a notification sent to customers on December 13, 2021 with subject line “Important information about CVE-2021-44228” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. |
| Network Connectivity Center | Networking | Not Impacted | December 20, 2021 Update: Network Connectivity Center does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Network Intelligence Center | Networking | Not Impacted | December 20, 2021 Update: Network Intelligence Center does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Network Service Tiers | Networking | Not Impacted | December 20, 2021 Update: Network Service Tiers does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Notebooks | Vertex AI, AI Platform, and Accelerators | Mitigated, Customer Action Needed |
December 24, 2021 Update: Notebooks has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent notifications with instructions on December 22, 2021 with the subject line “Important information about Vertex AI Workbench and the Log4j 2 vulnerabilities.” |
| On-demand Rides & Deliveries solution | Google Maps Platform | Not Impacted | January 7, 2022 Update: On-demand Rides & Deliveries solution does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Persistent Disk | Storage | Not Impacted | December 20, 2021 Update: Persistent Disk does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Places API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Places API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Places Library, Maps JavaScript API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Places Library, Maps JavaScript API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Places SDK for Android | Google Maps Platform | Not Impacted | January 7, 2022 Update: Places SDK for Android does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Places SDK for iOS | Google Maps Platform | Not Impacted | January 7, 2022 Update: Places SDK for iOS does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Policy Intelligence | Identity & Access | Not Impacted | December 22, 2021 Update: Policy Intelligence does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Pub/Sub | Data Analytics | Not Impacted | December 16, 2021 Update: Pub/Sub does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. |
| Pub/Sub Lite | Data Analytics | Not Impacted | December 16, 2021 Update: Pub/Sub Lite does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. |
| reCAPTCHA Enterprise | Security | Not Impacted | December 21, 2021 Update: reCAPTCHA Enterprise does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Recommendations AI | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Recommendations AI does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Recommenders | Management Tools | Not Impacted | December 22, 2021 Update: Recommenders does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Resource Manager API | Identity & Access | Not Impacted | December 22, 2021 Update: Resource Manager API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Retail Search | Industry Solutions | Not Impacted | December 21, 2021 Update: Retail Search does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Risk Manager | Security | Not Impacted | December 21, 2021 Update: Risk Manager does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Roads API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Roads API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Secret Manager | Security | Not Impacted | December 21, 2021 Update: Secret Manager does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Security Command Center | Security | Not Impacted | December 21, 2021 Update: Security Command Center does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Service Directory | Networking | Not Impacted | December 20, 2021 Update: Service Directory does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Service Infrastructure | Management Tools | Not Impacted | December 21, 2021 Update: Service Infrastructure does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Speaker ID | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Speaker ID does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Speech-to-Text | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Speech-to-Text does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Speech-to-Text On-Prem | Google Cloud Platform Premium Software | Not Impacted | December 21, 2021 Update: Speech-to-Text On-Prem does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Storage Transfer Service | Storage, Migration | Not Impacted | December 20, 2021 Update: Storage Transfer Service does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Street View Static API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Street View Static API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Talent Solution | Industry Solutions | Not Impacted | December 21, 2021 Update: Talent Solution does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Text-to-Speech | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Text-to-Speech does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Time Zone API | Google Maps Platform | Not Impacted | January 7, 2022 Update: Time Zone API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Transcoder API | Media and Gaming | Not Impacted | December 21, 2021 Update: Transcoder API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Transfer Appliance | Storage, Migration | Not Impacted | December 21, 2021 Update: Transfer Appliance does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| VPC Service Controls | Security | Not Impacted | December 23, 2021 Update: VPC Service Controls does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Vertex AI | Vertex AI, AI Platform, and Accelerators | Not Impacted | December 24, 2021 Update: Vertex AI does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Vertex AI Workbench | Vertex AI, AI Platform, and Accelerators | Mitigated, Customer Action Needed |
December 24, 2021 Update: Vertex AI Workbench has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent notifications with instructions on December 22, 2021 with the subject line “Important information about Vertex AI Workbench and the Log4j 2 vulnerabilities.” |
| Video Intelligence API | AI and Machine Learning | Not Impacted | December 21, 2021 Update: Video Intelligence API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Virtual Private Cloud | Networking | Not Impacted | December 20, 2021 Update: Virtual Private Cloud does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| VirusTotal | Security | Not Impacted | December 23, 2021 Update: VirusTotal does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Web Risk API | User Protection Services | Not Impacted | December 22, 2021 Update: Web Risk API does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Web Security Scanner | Security | Not Impacted | December 21, 2021 Update: Web Security Scanner does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
| Workflows | Serverless Computing | Not Impacted | December 21, 2021 Update: Workflows does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |
Information on this page is based on findings in our ongoing investigations.