Announcement about the Apache Log4j vulnerabilities (CVE-2021-44228, 45046, 45105, 4104, and 44832)
Update as at 28th January 2022
FUJIFILM Business Innovation Australia has been investigating, in collaboration with research and development teams and our third-party software partners, the vulnerability to Apache Log4j.
We would like to inform you of the impact of Apache Log4j vulnerabilities (CVE-2021-44228, 45046, 45105, 4104, and 44832) on our multifunction printer, single-function printer, software products and production printer products.
Multifunction printers, single-function printers, and production printers
Multifunction printers and single-function printers under the following brands as well as all production printers are not affected by the Apache Log4j vulnerabilities:
- Apeos, ApeosPro, ApeosPort, DocuCentre, ApeosPrint, ApeosPort Print, DocuPrint, ApeosWide, and DocuWide series
- All production printers
Software products
We are continually reviewing and updating the below applications to identify impacts.
Information on this page is based on the status as of 28th January 2022. Please note that this page will be updated if there is a change in the status.
Contact
If you have an inquiry regarding this vulnerability in other products supported by us in your contract, please do not hesitate to contact us by calling 1800 028 962 or using our online form.
Fujifilm Business Innovation
Abbyy
Status | Selected modules affected |
Versions |
Cloud and on-premise products are not affected with the exception of two db connectors. |
Mitigation |
For DBMS Connector for ABBYY Timelin & ABBYY FlexiCapture connector for Pega, see ABBYY response to Apache Log4j Remote Code Execution. |
Resolution |
Development of patch to address the vulnerability. |
ApeosWare Image Log Management (AWILM)
Status | Not affected |
AWMS 2 (Apeosware Management Suite 2.x)
Status | Not affected |
CGS Oris/Lynx
Status: Not affected
DocuShare
Status: Under investigation
DocuSign
Status: Under investigation
Esker
Status | Under investigation |
Versions |
Esker AP, Purchasing, Expense. |
Mitigation |
Taken corrective measures to mitigate any instances and secure the situation. |
Resolution |
Closely monitor and audit. |
Details | https://www.trustesker.com/. |
EzeScan
Status: Not affected
FreeFlow Core
Status: Not affected
Hyland
Status | Under investigation |
Mitigation |
Actively investigating any impact on Hyland’s products and internal systems. |
Resolution |
Updates will be published in the Hyland Community blog post. |
Image Gateway for Apeos (IGA)
Status | Not affected |
Details | Does not use Apache Log4j |
Kofax ControlSuite (including AutoStore and Output Manager)
Status | Under investigation |
Details | Kofax Log4j Updates |
Kofax eCopy
Status | Affected |
Versions |
Kofax eCopy ShareScan v6.4. |
Mitigation |
Available |
Resolution |
Pending |
Details | ShareScan and Log4j. |
Kofax KTA / RPA
Status | Affected |
Versions |
RPA 10.7-11.2, KCM 5.3-5.5 |
Mitigation |
Ongoing review |
Resolution |
Kofax is in the process of evaluating the usage of log4j2 in the above products and will create patches wherever it is needed, as soon as possible |
Details | https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Apache_Log4j2_vulnerability_information. |
Lexmark Document Distributor
Status | Affected, resolved |
Versions |
All releases between v3.0 and 3.2.1 inclusive are vulnerable. |
Mitigation |
TLexmark recommends updating the application if you have a vulnerable version. |
Resolution |
The vulnerability described in this advisory has been fixed in Markvision Enterprise v3.3 and all future releases. |
Details | http://support.lexmark.com/index?id=TE897&page=content&locale=en&userlocale=EN_UK. |
LRS VPSX/MFPSecure
Status: Not affected
M-Files
Status | Not affected |
Versions |
All core products |
Mitigation | Ongoing review |
Details | https://m-files.force.com/s/article/Apache-Log4j-library-security-vulnerability-and-M-Files |
Objectif Lune
Status | Affected |
Versions |
Prior version to 2018.1 |
Mitigation |
Past versions of OL Connect used the log4j module, but it was removed from the software with the release of OL Connect 2018.1 |
Resolution | Recommend to upgrade OL Connect to 2018.1 or later, where the vulnerability is not present |
PaperCut MF
Status | Affected, Resolved |
Versions |
V21.0.0 up to and including v21.2.1 (including site server) |
Mitigation | Workaround available |
Resolution |
V21.2.3 released |
Details | See PaperCut KB on Log4Shell |
Pressero
Status: Not affected
SmartIQ
Status | Not affected |
Details | https://community.smartcommunications.com/s/feed/0D56M00007AAAL9SAP |
Solimar Systems
Status: Not affected
Upflow / PSI Capture
Status: Not affected
VMC
Status: Not affected
XDM/XDA (Xerox Device Manager/Xerox Device Agent)
Status: Not affected
XMPIE
Status: Not affected
YSoft SafeQ
Status | Affected, Resolved |
Versions |
SafeQ6 all versions up to B63 including Data Protection Tool that is included in SAFEQ 6. |
Mitigation |
Automated Log4jPatcher tool available. |
Resolution |
SafeQ6 Build 64 now available which will entirely mitigate the Apache Log4j vulnerability. |
Details | YSoft Log4j Security Advisory. |