Technical Notes, Zetafax, Zetadocs

INFO: Apache Log4j security vulnerability

ZTN2150

This technical note applies to the following products:

  • Zetafax including Zetafax FoIP Connector (SR140 Edition)
  • Zetadocs PDF
  • Zetadocs Express
  • Zetadocs Delivery
  • Zetadocs Capture including Zetadocs OCR Engine
  • Zetadocs Expenses
  • Zetadocs Approvals
  • Timemaster

Summary

None of the Equisys products listed above are affected by the Log4j vulnerability.

More information

A security vulnerability has been discovered in a software component called Apache-Log4j. This vulnerability is registered under CVE-2021-44228. 

The vulnerability, also known as Log4shell, was identified in Apache’s Log4j software library that helps developers log changes in applications they build.  Bad actors can use remote code execution attacks to exploit the vulnerability to take control of unpatched java-based web servers.

Equisys have reviewed their product set, including components supplied by Enghouse and Abbyy, and have determined that none of its on-premises products or online services are affected by this vulnerability.

No action is required by Equisys customers using any of the products listed above regarding those products.

References

NVD - CVE-2021-44228 (nist.gov)

Last updated: 14 December 2021 (GC/GW)