Security Notice

Date: 2021-12-15

APACHE LOG4J (LOG4SHELL / CVE-2021-44228)

At OPTEL, the security and integrity of our technologies and solutions is a top priority, which is why we believe in taking a proactive approach whenever a potential security breach is reported. We do this by analyzing the vulnerability of all our products and communicating the results of this analysis to our customers as quickly as possible.

On December 9, 2021, a vulnerability (Log4Shell / CVE-2021-44228) impacting versions 2.0-beta9 to 2.14.1 of the Apache Log4j library was disclosed publicly via the project’s GitHub.

Apache Log4j is a Java-based logging librarythat is part of the Apache Logging Services, a project of the Apache Software. This utility is commonly used in numerous products around the globe.

OPTEL is aware of and is evaluating this vulnerability and its potential impact on our products. Below you will find the results of our analysis for each OPTEL product.

PRODUCT POTENTIALLY VULNERABLE

Kompano itself is not vulnerable, but it uses logstash and ElasticSearch as a logging service, which are affected by the vulnerability.

Logstash and ElasticSearch (which are located in the customer’s infrastructure) should be upgraded to 7.16.1 or higher.

Contact OPTEL at [email protected] if you require any assistance.

  • Kompano

PRODUCTS NOT VULNERABLE

Product does not use the Log4j library. No workarounds or mitigation are required

  • Association Station
  • BlisterSafe
  • BottleTracker
  • BundleTracker
  • CartonTracker
  • Certa
  • CIS PrintSafe
  • CLTracker
  • CountSafe
  • GeoTraceability platform
  • HD PrintSafe
  • PharmaProof / AgroProof / InspectProof / OP300
  • LabelTracker
  • LineMaster
  • Manual Print Station (MPS)
  • Offline LabelTracker
  • Open SiteMaster (OSM)
  • PackStation (FMP)
  • PalletMaster
  • VialSafe
  • Verify Platform
  • OPTEL Traceability Platform (OTP)

 

Customer Support Center

Additional Information

We continue to actively monitor our business infrastructure to identify vulnerable assets. The appropriate measures are being deployed to avoid any vulnerability in our business infrastructure. We will continue to evaluate this matter, and if we determine our customers are affected going forward, we will take all appropriate measures to help protect our customers and provide additional communications.

We appreciate your trust in us as we continue to make your success our top priority.

 

 

For any questions, contact us