SafeCom and Log4j vulnerabilities
Article # 3037016 - Page views: 3256
Question:
Is SafeCom affected by the published Log4j vulnerabilities?
Answer:
None of the SafeCom components are affected by the known Log4j vulnerabilities.
Following SafeCom components use the Log4j library:
- SafeCom Device Server (Log4j v1.2.16)
- SafeCom Device Web Server / HP Unified Client (Log4j v1.2.16)
- SafeCom Mobile Print (Log4j v1.2.17)
CVE-2021-44228
SafeCom components use version 1.2.x, and this vulnerability is about versions between 2.0 and 2.14.1 (inclusive), so it's not impacted.
CVE-2019-17571
SafeCom components doesn't use the impacted SocketServer class (used for remote logging), so it's not impacted.
CVE-2021-44228 / CVE-2021-4104
SafeCom components doesn’t use either JNDI or JMSAppender within its configuration, so it's not impacted.
Applies to:
| Product | Version |
|---|---|
| SafeCom | G4 |
| SafeCom | DS |
| SafeCom | DWS |
| SafeCom | SMP |