Is MediCal QAWeb impacted by the Log4j vulnerability?

商品编号: [5647] - 旧代码: [12508]

On December 9, 2021, a vulnerability was detected in Log4j, an open-source Java logging library maintained by the Apache Software Foundation.

Ongoing analysis has shown that MediCal QAWeb Agent and MediCal QAWeb Relay are also partly affected by this vulnerability.

Below you can find details about how to mitigate these vulnerabilities immediately and what will be the long-term solutions. 

Impact for MediCal QAWeb

CVE-2021-4104

Affected Log4j version: 

1.2.8 & 1.2.14

Impacted: 

No

Information: 

Not applicable to MediCal QAWeb because the vulnerable component JMSAppender is not used.

 

CVE-2019-17571

Affected Log4j version: 

1.2.8 and 1.2.14

Impacted: 

No

Information: 

Not applicable to MediCal QAWeb because the vulnerable component SocketServer class is not used.

Please be aware that some security scanning tools only verify the version of a component to indicate if it is vulnerable or not. Based on our internal investigation of how the component is used and configured, we indicate if the vulnerability is exploitable or not. (cf. impact statement per CVE identifier in the KB).

Please note that the above article contains preliminary information and will be updated regularly.

Barco recommends existing MediCal QAWeb users migrate to QAWeb Enterprise (www.barco.com/qaweb).

特性

上次更新时间 2023年8月3日