CVE-2021-44228, CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2022-23302
Updated: Aug 10, 2023
ITC Engineering has reviewed our GoPrint source code, and our findings are:
- GoPrint Solution is using Log4J library below version 2.x and as such, is not affected by the Log4 Shell Exploit (CVE-2021-44228)
- GoPrint does not use SocketServer (CVE-2019-17571) from Log4J and is not affected by the security vulnerability
- GoPrint does not use SMTPAppender (CVE-2020-9488) or chainsaw (CVE-2022-23307) from Log4j and is not affected by the security vulnerability
- GoPrint does not use JMSAppender (CVE-2021-4104) or JDBCAppender (CVE-2022-23305) from Log4j and is not affected by the security vulnerability
- GoPrint does not use JMSSink (CVE-2022-23302) from Log4j and is not affected by the security vulnerability
- All prior known vulnerabilities against Log4J version 1.x do not apply to GoPrint as per our security code review, as we don’t use any of the following vulnerable Appenders:
-
- SocketAppender
- SMTPAppender
- JMSAppender
- JDBCAppender
- log4j.appender.server
- log4j.appender.jms
- log4j.appender.email
For GoPrint customers, no further action is required.
For customers who are using PrinterOn, we are advising you to visit
https://www.printeron.com/support/downloads.html to remedy the Log4J vulnerability.
For customers who are using PaperCut, we advise you to visit
https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228
Information about this vulnerability published on the National Vulnerability Database is located
at https://nvd.nist.gov/vuln/detail/CVE-2021-44228.
Information about this vulnerability from the Apache Software Foundation is published
at https://logging.apache.org/log4j/2.x/security.html