CVE-2021-44228, CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2022-23302
ITC Engineering has reviewed our GoPrint source code, and our findings are:
- GoPrint Solution is using Log4J library below version 2.x and as such, is not affected by the Log4 Shell Exploit (CVE-2021-44228)
- GoPrint does not use SocketServer (CVE-2019-17571) from Log4J and is not affected by the security vulnerability
- GoPrint does not use SMTPAppender (CVE-2020-9488) from Log4j and is not affected by the security vulnerability
- GoPrint does not use JMSAppender (CVE-2021-4104) from Log4j and is not affected by the security vulnerability
- GoPrint does not use JMSSink (CVE-2022-23302) from Log4j and is not affected by the security vulnerability
- All prior known vulnerabilities against Log4J version 1.x do not apply to GoPrint as per our security code review, as we don’t use any of the following vulnerable Appenders:
-
- SocketAppender
- SMTPAppender
- JMSAppender
- log4j.appender.server
- log4j.appender.jms
- log4j.appender.email
No further action is required:
For customers who are using PrinterOn, we are advising you to visit
https://www.printeron.com/support/downloads.html to remedy the Log4J vulnerability.
For customers who are using PaperCut, we advise you to visit
https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228
Information about this vulnerability published on the National Vulnerability Database is located
at https://nvd.nist.gov/vuln/detail/CVE-2021-44228.
Information about this vulnerability from the Apache Software Foundation is published
at https://logging.apache.org/log4j/2.x/security.html