Kofax products and Apache Log4j2 vulnerability information
Apache Log4j2 vulnerabilities (CVE-2021-44228, CVE2021-45046, CVE2021-45105)
Products not listed on this page have been evaluated and are not vulnerable.
Kofax is aware of the recently disclosed Apache Log4j2 vulnerabilities (CVE-2021-44228, CVE2021-45046, CVE2021-45105). The following Kofax products are using the potentially vulnerable Log4j2 version Kofax is in the process of evaluating the usage of log4j2 in the above products and will create patches wherever it is needed, as a priority.
| Affected Kofax Products | Remediation Status | Kofax Community Product Discussion URL Bookmark your product's post for any future updates |
| Robotic Process Automation (RPA) 10.7-11.2 | Patches are available. See Kofax RPA CVE-2021-44228 log4j Security Exploit Information article. | |
| Kofax Communication Manager (KCM) 5.3-5.5 | Patches are available. See log4j vulnerability in Kofax Communications Manager article. | Communications Manager Release Announcements |
| Device Web Service (DWS) 10.2 The DWS is used with AutoStore, Equitrac and Output Manager when deploying embedded clients, including the Kofax Unified Client. |
See ControlSuite and the Log4j vulnerability CVE-2021-44228 for more information. | ControlSuite Release Announcements |
| Device Web Service (DWS) 5.11 | See ControlSuite and the Log4j vulnerability CVE-2021-44228 for more information. | ControlSuite Release Announcements |
| eCopy ShareScan 6.x | Until the ShareScan patches are ready, follow the steps in the ShareScan and Log4j vulnerability (CVE-2021-44228) - Kofax article. | MFD and Productivity Release Announcements |
| Invoice Portal | Potential vulnerability remediated | ReadSoft Release Announcements |
| Supplier Portal | Potential vulnerability remediated | ReadSoft Release Announcements |
| AP Essentials (formerly ReadSoft Online) | AP - Essentials (formerly ReadSoft Online) does not have native dependencies to Log4j. One third party component has been identified to utilize Log4j. Kofax has patched and updated according to suppliers recommendations. | ReadSoft Release Announcements |
| Exder | Potential vulnerability remediated | ReadSoft Release Announcements |
| Device Registration Service (DRS) 7.13.0.3 | See ControlSuite and the Log4j vulnerability CVE-2021-44228 for more information. | ControlSuite Release Announcements |
Monitor the indicated Community post for any future updates.
Kofax Technical Support
Article # 3037081