The below article contains a List of Dynatrace applications that are affected by Log4j Vulnerability.Dynatrace says that there is very low risk of how this vulnerability can be exposed because of the way Dynatrace uses Log4j within their applications and in addition to the layered security also prevents this vulnerability can be exploited by others. The fixes have been applied for almost all the customers of Dynatrace who have automatic updates turned on. Other customers should download the updates and apply them.
| Dynatrace Product | Versions | Status | Patched |
|---|---|---|---|
| Dynatrace Extensions | All | Vulnerable | Patched |
| Dynatrace ActiveGate | All | Not Affected | Not Needed |
| Dynatrace OneAgent | All | Not Vulnerable | Not Needed |
| Dynatrace Synthetic | All (See Note) | Vulnerable | Patched |
| Dynatrace Managed | All (See Note) | Vulnerable | Patched |
| Dynatrace FedRAMP | All | Vulnerable | Not Needed |
| Dynatrace SaaS | All | Vulnerable | Not Needed |
Some of the Dynatrace applications like DynaTrace Synthetic and DynaTrace Managed have different versions of their product affected by this vulnerability. For customers who are using older version of Synthetic, they should reach out to the customer support to apply the mitigation available for the vulnerability. More can be found on the Dynatrace link below the table listed above..