The below information is from Papercut in regards to the Log4j library vulnerability:
|
Log4j library vulnerability—how it affects PaperCut and how to fix it |
|
PaperCut is aware of the RCE vulnerability in the Apache Log4j library also known as Log4Shell or CVE-2021-44228. This issue has been classified by the Apache Logging security team as a critical severity issue.
The Log4j library is in widespread use by Java-based software globally—you can expect to hear from a number of software vendors on this topic.
PaperCut has confirmed that PaperCut MF and PaperCut NG 21.0 and above can be exploited by this issue. We have also verified that previous versions do not include the vulnerable Apache Log4j component.
|
|
|
What’s the risk?
This vulnerability is being actively exploited by attackers using mass scanning methods to identify software and sites that they can compromise. This means for PaperCut MF and PaperCut NG 21.0 and above you should ensure that you apply our proposed mitigation below as soon as possible.
This issue can lead to remote code execution or information disclosure on the system running software containing the log4j component where a malicious actor can control any string that is logged.
|
|
|
Need more information?
Log a Support Call