Skip to main content
Kofax

Log4j vulnerability in Kofax SignDoc

Article # 3037021 - Page views: 375

Issue

CVE-2021-44228 (discovered on 2021-12-10) is a remote code execution vulnerability in Apache Log4j. It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

 

Cause

The Apache Log4j2 RCE vulnerability allows to execute remote code via Log4j's JNDI API and is ranked as a critical vulnerability.

 

Solution

R&D confirmed that all supported versions of Kofax SignDoc (2.2, 3.0 and 3.1) are not affected by this issue.

Furthermore Kofax SignDoc SDK was also confirmed to be not affected.

 

General possible mitigations include:

  • Upgrade Apache Log4j to version 2.15.0 or higher.
  • Block the possibility of JNDI to communicate with non-trusted servers.
  • For releases >=2.10 the configuration value log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS can be set to true.
  • For releases >=2.7 and <=2.14.1, all PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m.
  • For releases >=2.0-beta9 and <=2.10.0, the mitigation is to remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class.

Level of Complexity 

Moderate

 

Applies to  

Product Version Build Environment Hardware
Kofax SignDoc xxx      

References

More details can be found on the Apache website: https://logging.apache.org/log4j/2.x/security.html

 

  • Was this article helpful?