Log4Shell vulnerability
The German Federal Office for Information Security (BSI) has issued a warning about a critical Log4Shell vulnerability (CVE-2021-44228) in the widely used Java library Log4j - and has upgraded its existing cyber security warning to red since 11/12/2021. In this context, additional vulnerabilities were published on 12/10/2021 (CVE-2021-45046) and 12/18/2021 (CVE-2021-45105).
Utax takes these vulnerabilities very seriously and carefully checks to what extent its own offerings or partner products distributed by us are affected.
Affected products: Information sources & contact options (as at: 18.01.2022)
- enaio®, yuuvis® RAD and yuuvis® Momentum | Release Warning for Critical Zero-Day Vulnerability in Log4j (CVE-2021-44228) (optimal-systems.com)
- Kofax Autostore | Kofax-Produkte und Informationen zur Apache Log4j2-Sicherheitslücke
- TASIM server. 1.1.2001 | Affected by CVE-2021-4428. An updated version is available. Please contact our support at support@triumph-adler.net.
- License server for TASIM and TA Capture Manager | Affected by CVE-2021-4428. Update to close the vulnerability was performed on 12/17/2021.
The following products are NOT affected by the vulnerabilities (as of 01/18/2022)
- All TA and UTAX branded printing and multifunction systems, drivers and utilities
- TA Cockpit®/ UTAX smart
- TA Fax-Server powered by IPTAM
- TA/UTAX time view
- aQrate / MyQ
- AFI applications
- Cadosys Products
- Forms4Work, Mercury
- Fiery
- KYOeasyprint
- PlanetPress Suite
- Scan2 OCR powered by ABBYY, ABBYY FineReader, ABBYY FineReader Server
- ScannerVision
- SteadyPrint
- TAKWA Form Server Version 1.2.14
We are currently reviewing further solutions and will successively publish more information here. In case of doubt, please contact our service support at kontakt@utax.de.