APACHE LOG4J (LOG4SHELL / CVE-2021-44228)
At OPTEL, the security and integrity of our technologies and solutions is a top priority, which is why we believe in taking a proactive approach whenever a potential security breach is reported. We do this by analyzing the vulnerability of all our products and communicating the results of this analysis to our customers as quickly as possible.
On December 9, 2021, a vulnerability (Log4Shell / CVE-2021-44228) impacting versions 2.0-beta9 to 2.14.1 of the Apache Log4j library was disclosed publicly via the project’s GitHub.
Apache Log4j is a Java-based logging librarythat is part of the Apache Logging Services, a project of the Apache Software. This utility is commonly used in numerous products around the globe.
OPTEL is aware of and is evaluating this vulnerability and its potential impact on our products. Below you will find the results of our analysis for each OPTEL product.
PRODUCT POTENTIALLY VULNERABLE
Kompano itself is not vulnerable, but it uses logstash and ElasticSearch as a logging service, which are affected by the vulnerability.
Logstash and ElasticSearch (which are located in the customer’s infrastructure) should be upgraded to 7.16.1 or higher.
Contact OPTEL at [email protected] if you require any assistance.
PRODUCTS NOT VULNERABLE
Product does not use the Log4j library. No workarounds or mitigation are required
- Association Station
- CIS PrintSafe
- HD PrintSafe
- PharmaProof / AgroProof / InspectProof / OP300
- Manual Print Station (MPS)
- Offline LabelTracker
- Open SiteMaster (OSM)
- PackStation (FMP)
- Verify Platform
- OPTEL Traceability Platform (OTP)