Skip to main content
Kofax

SafeCom and Log4j vulnerabilities

Article # 3037016 - Page views: 2618

Question: 

Is SafeCom affected by the published Log4j vulnerabilities?

Answer: 

None of the SafeCom components are affected by the known Log4j vulnerabilities.

Following SafeCom components use the Log4j library:
- SafeCom Device Server (Log4j v1.2.16)
- SafeCom Device Web Server / HP Unified Client (Log4j v1.2.16)
- SafeCom Mobile Print (Log4j v1.2.17)

CVE-2021-44228
SafeCom components use version 1.2.x, and this vulnerability is about versions between 2.0 and 2.14.1 (inclusive), so it's not impacted.

CVE-2019-17571
SafeCom components doesn't use the impacted SocketServer class (used for remote logging), so it's not impacted.

CVE-2021-44228 / CVE-2021-4104
SafeCom components doesn’t use either JNDI or JMSAppender within its configuration, so it's not impacted.

 

Applies to:  

Product Version
SafeCom G4
SafeCom DS
SafeCom DWS
SafeCom SMP

 

 

  • Was this article helpful?