Technical Notes, Zetafax, Zetadocs
INFO: Apache Log4j security vulnerability
ZTN2150
This technical note applies to the following products:
- Zetafax including Zetafax FoIP Connector (SR140 Edition)
- Zetadocs PDF
- Zetadocs Express
- Zetadocs Delivery
- Zetadocs Capture including Zetadocs OCR Engine
- Zetadocs Expenses
- Zetadocs Approvals
- Timemaster
Summary
None of the Equisys products listed above are affected by the Log4j vulnerability.
More information
A security vulnerability has been discovered in a software component called Apache-Log4j. This vulnerability is registered under CVE-2021-44228.
The vulnerability, also known as Log4shell, was identified in Apache’s Log4j software library that helps developers log changes in applications they build. Bad actors can use remote code execution attacks to exploit the vulnerability to take control of unpatched java-based web servers.
Equisys have reviewed their product set, including components supplied by Enghouse and Abbyy, and have determined that none of its on-premises products or online services are affected by this vulnerability.
No action is required by Equisys customers using any of the products listed above regarding those products.
References
NVD - CVE-2021-44228 (nist.gov)
Last updated: 14 December 2021 (GC/GW)