On December 9, 2021, a vulnerability was detected in Log4j, an open-source Java logging library maintained by the Apache Software Foundation.
Ongoing analysis has shown that MediCal QAWeb Agent and MediCal QAWeb Relay are also partly affected by this vulnerability.
Below you can find details about how to mitigate these vulnerabilities immediately and what will be the long-term solutions.
Impact for MediCal QAWeb:
|
Affected Log4j version: |
1.2.8 & 1.2.14 |
|
Impacted: |
No |
|
Information: |
Not applicable to MediCal QAWeb because the vulnerable component JMSAppender is not used. |
|
Affected Log4j version: |
1.2.8 and 1.2.14 |
|
Impacted: |
No |
|
Information: |
Not applicable to MediCal QAWeb because the vulnerable component SocketServer class is not used. |
Please be aware that some security scanning tools only verify the version of a component to indicate if it is vulnerable or not. Based on our internal investigation of how the component is used and configured, we indicate if the vulnerability is exploitable or not. (cf. impact statement per CVE identifier in the KB).
Please note that the above article contains preliminary information and will be updated regularly.
Barco recommends existing MediCal QAWeb users migrate to QAWeb Enterprise (www.barco.com/qaweb).
