Skip to content
Get An Assessment
    December 20, 2021

    Apache Log4j Vulnerability; How it Affects UBEO and Our Customers

    Apache Log4j

    Network security is an important topic due to the negative impact a breach can have on a business. The recent Apache Log4j global vulnerability demonstrates how software relies upon many different platforms and how a single event can have a ripple effect across the industry. Below is an overview of what the Apache Log4j vulnerability is and how it affects UBEO and its customers.

    What is Apache Log4j?

    Apache is a web server application that allows a server or an application to display webpages. Apache utilizes Java, which is a programming language, to accomplish many common tasks. One of the built-in programs in Java is called Log4j, which was discovered to have a vulnerability that can be used to take control of a computer. Other applications that utilize the Java programming language may also have this same vulnerability. To maintain security, it is a good reminder to patch applications and operating systems regularly.

    What are the risks?

    The Log4j vulnerability is considered a severity risk score 10.0 CRITICAL with the government agency NIST. If a server or application can be accessed directly from the internet and has this vulnerability, it needs to be fixed or taken offline immediately. Most servers are not accessible from the internet which means a hacker will have to first gain access to your internal network, however, this vulnerability still needs to be addressed.

    UBEO and Customers' Software

    UBEO has evaluated all internal software and has taken the necessary steps to address this vulnerability. As a technology provider, UBEO’s customers purchase industry-leading software and expect a high level of security. UBEO has reviewed all major sold and supported customer software and determined the current status of the Log4j vulnerability listed below:

     

     Application

    Affected

    Detail/Resolution

     AutoStore

    No Ver 6, 7

    Confirmed with the manufacturer but no online reference available at this time

     DocuWare Server

    No

    Security Advisory:Docuware and log4J2 vulnerability

     DocuWare Cloud

    No

    Confirmed with the manufacturer but no online reference available at this time

     EquiTrac

    No Ver 5.x

    ControlSuite and the Log4j vulnerability CVE-2021-44228

     LaserFiche Server

    No

    Laserfiche Answers: Apache Log4j2 Vulnerability (CVE-2021-44228)

     LaserFiche Cloud   Output Manager

    No Ver 4.x

    Laserfiche Answers: Apache Log4j2 Vulnerability (CVE-2021-44228)

    PrinterLogic and Cloud

       No

       Printer Logic Security Bulletin

     PaperCut Server

    Yes Ver 21

    Log4Shell (CVE-2021-44228) - How is PaperCut Affected?

     PaperCut Hive

    No

    Confirmed with the manufacturer but no online reference available at this time

     UniFlow Server

    No

    Uniflow Security & Maintenance: December 13th

     UniFlow Cloud

    No

    Uniflow Security & Maintenance: December 13th

     xMedius Server

    Yes Ver 7 and 8

     Contact UBEO mfpsolutionssupport@ubeo.com

     xMedius Cloud

    No

    Confirmed with the manufacturer but no online reference available at this time

     Ricoh MFP

    No

    Ricoh Security Announcements

     Canon MFP

    No

    Security Related to Canon Products

     HP MFP

    No

    Confirmed with the manufacturer but no online reference available at this time

     HP WebJet Admin

    No

    Confirmed with the manufacturer but no online reference available at this time

     Konica Minolta

    No

    Confirmed with the manufacturer but no online reference available at this time

    Tag(s): Security

    Erick Miller

    Erick Miller has more than 20 years of experience in information technology management and serves as UBEO's VP of Technology Solutions. Erick oversees the Information Technology, Solutions and AV, ECM, and Managed Services teams. In his leadership, Erick holds firm to the belief that you are only good as your team so...

    Other posts you might be interested in