Is video wall management software impacted by the Log4j vulnerability?

Article number: [5649] - Legacy code: [12507]

On December 9, 2021, a vulnerability was detected in Log4j, an open-source Java logging library maintained by the Apache Software Foundation.

Ongoing analysis has shown that BCMC v5.x and GBCM v5.x for OL-OVL-OLS-MVL are also partly affected by this vulnerability.

Below you can find details about how to mitigate these vulnerabilities immediately and what will be the long-term solutions:

BCMC (Pico Box) v5.2.0 or lower for OL-OVL-OLS-MVL  (R330609/00)

CVE-2019-17571

Affected Log4j version: 1.2.16
Impacted: Not affected as the vulnerable components JMSAppender and SocketServer are not used.
Mitigation: No mitigation is required.
Solution: No immediate action is required.

 

CVE-2021-4104

Affected Log4j version: 1.2.16
Impacted: Not affected as the vulnerable components JMSAppender and SocketServer are not used.
Mitigation: No mitigation is required.
Solution: No immediate action is required.

GBCM V5.4.0 or lower for OVL-MVL-OL-OLS  (R330625/00)

CVE-2019-17571

Affected Log4j version: 1.2.16
Impacted: Not affected as the vulnerable components JMSAppender and SocketServer are not used.
Mitigation: No mitigation is required.
Solution: No immediate action is required.

 

CVE-2021-4104

Affected Log4j version: 1.2.16
Impacted: Not affected as the vulnerable components JMSAppender and SocketServer are not used.
Mitigation:No mitigation is required.
Solution: No immediate action is required.

 

Green BCM v1.13.4.1.2 support for ODL/S/H, KVD-B, LVD-B, OVD, IVD, HVD, and BVD UniSee displays (R330613/18)

CVE-2019-17571

Affected Log4j version: 1.2.17
Impacted: Not affected as the vulnerable components JMSAppender and SocketServer are not used.
Mitigation: No mitigation is required.
Solution: No immediate action is required.

 

CVE-2021-4104

Affected Log4j version: 1.2.17
Impacted: Not affected as the vulnerable components JMSAppender and SocketServer are not used.
Mitigation: No mitigation is required.
Solution: No immediate action is required.

Please be aware that some security scanning tools only verify the version of a component to indicate if it is vulnerable or not. Based on our internal investigation of how the component is used and configured, we indicate if the vulnerability is exploitable or not. (cf. impact statement per CVE identifier in the KB).

Please note that the above article contains preliminary information and will be updated regularly.

Properties

Last updated Sep 25, 2022