CIS Products | Log4j Vulnerability

Most of the CIS products like CSAT PRO, CAT Prov Assessor v4, CAT Pro Assessor v4 Service, CAT Lite, CAT Pro Assessor v3 Full have been impacted by Log4j Vulnerability. Rest of the products like Hosted CSAT, CAT Pro Dashboard and workbench have not been impacted by this. CIS has released updated versions of all these affected products where the Log4j version has been upgraded to 2.15.0 (But the 2.16.0 version is the most recent one which takes care of other vulnerabilities)

CIS Product	Version	Status	Patched?
CIS CSAT Pro	All	Vulnerable	Patched
CIS-CAT Pro Assessor v4	All	Vulnerable	Patched
CIS-CAT Pro Assessor v4 Service	All	Vulnerable	Patched
CIS-CAT Lite	All	Vulnerable	Patched
CIS-CAT Pro Assessor v3 Full and Dissolvable	All	Vulnerable	Patched
CIS-Hosted CSAT	All	Not Vulnerable	Not Needed
CIS-CAT Pro Dashboard	All	Not Vulnerable	Not Needed
CIS WorkBench	All	Not Vulnerable	Not Needed

CSAT Pro	< 1.7.1	Vulnerable	source
CIS-CAT Pro Assessor v4	< 4.13.0	Vulnerable	source
CIS-CAT Pro Assessor Service v4	< 1.13.0	Vulnerable	source
CIS-CAT Pro Assessor v3	< 3.0.77	Vulnerable	source
CIS-CAT Pro Dashboard	All	Not vuln	source