CVE-2021-44228, CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2022-23302

Updated: Aug 10, 2023

 

ITC Engineering has reviewed our GoPrint source code, and our findings are:

 

  1. GoPrint Solution is using Log4J library below version 2.x and as such, is not affected by the Log4 Shell Exploit (CVE-2021-44228)
  2. GoPrint does not use SocketServer (CVE-2019-17571) from Log4J and is not affected by the security vulnerability
  3. GoPrint does not use SMTPAppender (CVE-2020-9488) or chainsaw (CVE-2022-23307) from Log4j and is not affected by the security vulnerability
  4. GoPrint does not use JMSAppender (CVE-2021-4104) or JDBCAppender (CVE-2022-23305) from Log4j and is not affected by the security vulnerability
  5. GoPrint does not use JMSSink (CVE-2022-23302) from Log4j and is not affected by the security vulnerability
  6. All prior known vulnerabilities against Log4J version 1.x do not apply to GoPrint as per our security code review, as we don’t use any of the following vulnerable Appenders:
    • SocketAppender
    • SMTPAppender
    • JMSAppender
    • JDBCAppender
    • log4j.appender.server
    • log4j.appender.jms
    • log4j.appender.email

 

For GoPrint customers, no further action is required.

 

For customers who are using PrinterOn, we are advising you to visit

https://www.printeron.com/support/downloads.html to remedy the Log4J vulnerability.

 

For customers who are using PaperCut, we advise you to visit

https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228

 

Information about this vulnerability published on the National Vulnerability Database is located

at https://nvd.nist.gov/vuln/detail/CVE-2021-44228.

 

Information about this vulnerability from the Apache Software Foundation is published

at https://logging.apache.org/log4j/2.x/security.html