Skip to main content

ShareScan and Log4j vulnerability (CVE-2021-44228)

Article # 3037090 - Page views: 3680


Is ShareScan affected by the published Log4j vulnerability (CVE-2021-44228)?


The Kofax eCopy ShareScan v6.4 and v6.5 web component is affected by the log4j vulnerability described in CVE-2021-44228.

- Kofax eCopy ShareScan Web Components uses Log4j (v2.13.3) library.

Since CVE-2021-44228 is about versions between 2.0 and 2.14.1 (inclusive) only ShareScan and ShareScan v6.5 release version. affected with this vulnerability

The older versions

  • v5.x,
  • v6.1,
  • v6.2
  • v6.3

are not impacted with CVE-2021-44228 vulnerability.

Offical Fix for Kofax eCopy ShareScan v6.4 to install FixPack3 (

Offical Fix for Kofax eCopy ShareScan v6.5 to install FixPack1 (

In case Canon and Ricoh devices which are JAR based ShareScan client used.
Web components are not necessary. The ShareScan server is not affected with ShareScan v6.4 and v6.5 in case web components are not installed.
However devices can still use Log4j libraries for logging. Please contact with the vendor [Canon, Ricoh] in this matter.

Only Canon or Ricoh devices are connected to ShareScan v6 server and Apache Tomcat is present in Kofax eCopy ShareScan server.
Apache Tomcat can be removed.
Remove Apache Tomcat

The following workaround can be applied ONLY for ShareScan and ShareScan v6.5 release version.


Tomcat server in ShareScan is not a public available web server, the eCopy ShareScan web client does not use JNDI, JMSAppender, and a non-default Pattern Layout with a Context Lookup and uses almost the latest JRE which ensures JNDI not to load remote code using LDAP.

The other mitigation option to remove the JndiLookup class from the classpath as described on the site can be applied as a workaround for CVE-2021-44228, but this does not mitigate other newer log4j 2.x vulnerabilities.

Therefore we rather recommend as workaround the manual replace of the log4j libraries to version 2.17.1 under eCopy ShareScan and ShareScan v6.5 release version web client if the customer is not willing to install Official Fix for eCopy ShareScan v6.4 FixPack3 or v6.5 FixPack1

For the manual replace of log4j libraries, please, perform the following steps:

1.    Download log4j 2.17.1 binary package from
        Unblock the downloaded file

2.    Extract the downloaded package to a temp folder.  
Only the following files are required form the package:

3.    Stop Apache Tomcat 9.0 windows service

4.       Move the following files from the <Apache Tomcat 9 installation folder>\webapps\ShareScan\WEB-INF\lib folder (typically C:\Program Files (x86)\Kofax\Tomcat9\webapps\ShareScan\WEB-INF\lib) to a backup folder:

5.       Copy the following files downloaded in the package in Step 1 to the <Apache Tomcat 9 installation folder>\webapps\ShareScan\WEB-INF\lib folder (typically C:\Program Files (x86)\Kofax\Tomcat9\webapps\ShareScan\WEB-INF\lib):

6.       Start Apache Tomcat 9.0 windows service




Applies to:  

Product Version
Kofax eCopy ShareScan and
Kofax eCopy ShareScan


  • Was this article helpful?