Log4j Vulnerability CVE-2021-44228 and the LPS Family

No action is required for Loftware Print Server (LPS), or Loftware LabelClosed A label is a design area on the computer screen where a label format is created or edited. Manager (LLM) customers in regard to the recently identified Log4j vulnerability. This includes any clients, ConnectorClosed See Loftware Connector. applications, or Loftware WebAccess (LWA).

Problem

Tracked as CVE-2021-44228, the vulnerability may allow unauthenticated remote code execution as the user running the application utilizes the Java logging library. For more on the Log4j vulnerability CVE2021-44228, please review: https://logging.apache.org/log4j/2.x/security.html.

Solution

Loftware has determined that neither LPS, LLM, LWA nor any of the Connectors or Clients are affected by the Log4j vulnerability, CVE-2021-44228. There is no action required.

Important: The versions of the log4j library affected by CVE-2021-44228 are "all versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.14.1." None of the LPS family of products uses an affected version of the library.

More Information

If you are a Spectrum on premise (not cloud) customer please see the following:

Loftware Spectrum Version 4.0 and earlier

Loftware Spectrum Version 4.1 and later

References

US National Vulnerability Database

Apache Log4j Website