UBEO Blog

Apache Log4j Vulnerability; How it Affects UBEO and Our Customers

Written by Erick Miller | Dec 20, 2021 10:20:00 PM

Network security is an important topic due to the negative impact a breach can have on a business. The recent Apache Log4j global vulnerability demonstrates how software relies upon many different platforms and how a single event can have a ripple effect across the industry. Below is an overview of what the Apache Log4j vulnerability is and how it affects UBEO and its customers.

What is Apache Log4j?

Apache is a web server application that allows a server or an application to display webpages. Apache utilizes Java, which is a programming language, to accomplish many common tasks. One of the built-in programs in Java is called Log4j, which was discovered to have a vulnerability that can be used to take control of a computer. Other applications that utilize the Java programming language may also have this same vulnerability. To maintain security, it is a good reminder to patch applications and operating systems regularly.

What are the risks?

The Log4j vulnerability is considered a severity risk score 10.0 CRITICAL with the government agency NIST. If a server or application can be accessed directly from the internet and has this vulnerability, it needs to be fixed or taken offline immediately. Most servers are not accessible from the internet which means a hacker will have to first gain access to your internal network, however, this vulnerability still needs to be addressed.

UBEO and Customers' Software

UBEO has evaluated all internal software and has taken the necessary steps to address this vulnerability. As a technology provider, UBEO’s customers purchase industry-leading software and expect a high level of security. UBEO has reviewed all major sold and supported customer software and determined the current status of the Log4j vulnerability listed below:

 

 Application

Affected

Detail/Resolution

 AutoStore

No Ver 6, 7

Confirmed with the manufacturer but no online reference available at this time

 DocuWare Server

No

Security Advisory:Docuware and log4J2 vulnerability

 DocuWare Cloud

No

Confirmed with the manufacturer but no online reference available at this time

 EquiTrac

No Ver 5.x

ControlSuite and the Log4j vulnerability CVE-2021-44228

 LaserFiche Server

No

Laserfiche Answers: Apache Log4j2 Vulnerability (CVE-2021-44228)

 LaserFiche Cloud   Output Manager

No Ver 4.x

Laserfiche Answers: Apache Log4j2 Vulnerability (CVE-2021-44228)

PrinterLogic and Cloud

   No

   Printer Logic Security Bulletin

 PaperCut Server

Yes Ver 21

Log4Shell (CVE-2021-44228) - How is PaperCut Affected?

 PaperCut Hive

No

Confirmed with the manufacturer but no online reference available at this time

 UniFlow Server

No

Uniflow Security & Maintenance: December 13th

 UniFlow Cloud

No

Uniflow Security & Maintenance: December 13th

 xMedius Server

Yes Ver 7 and 8

 Contact UBEO mfpsolutionssupport@ubeo.com

 xMedius Cloud

No

Confirmed with the manufacturer but no online reference available at this time

 Ricoh MFP

No

Ricoh Security Announcements

 Canon MFP

No

Security Related to Canon Products

 HP MFP

No

Confirmed with the manufacturer but no online reference available at this time

 HP WebJet Admin

No

Confirmed with the manufacturer but no online reference available at this time

 Konica Minolta

No

Confirmed with the manufacturer but no online reference available at this time