Is SafeCom affected by the published Log4j vulnerabilities?
None of the SafeCom components are affected by the known Log4j vulnerabilities.
Following SafeCom components use the Log4j library:
- SafeCom Device Server (Log4j v1.2.16)
- SafeCom Device Web Server / HP Unified Client (Log4j v1.2.16)
- SafeCom Mobile Print (Log4j v1.2.17)
SafeCom components use version 1.2.x, and this vulnerability is about versions between 2.0 and 2.14.1 (inclusive), so it's not impacted.
SafeCom components doesn't use the impacted SocketServer class (used for remote logging), so it's not impacted.
CVE-2021-44228 / CVE-2021-4104
SafeCom components doesn’t use either JNDI or JMSAppender within its configuration, so it's not impacted.