Scan2x statement on Log4J vulnerability

Context:
In mid-December 2021 a security vulnerability in the Log4J Java library was made public, labelled as CVE-2021-44228. This vulnerability in the Java logging libraries allows unauthorized remote code execution and access to affected unpatched servers.

Statement:
Neither Scan2x on-premise nor Scan2x Online are affected by this vulnerability. Most Scan2x applications are developed using .NET technologies and JavaScript, and are therefore not affected.

The only Scan2x components that use Java are the Scan2x MEAP app and the Scan2x Android app. Avantech Software developers have thoroughly checked these applications and have confirmed that they do not use Log4J. These apps are therefore unaffected by the Log4J vulnerability.

Posted by