Log4j vulnerability and Media Cybernetics products
Media Cybernetics was made aware of an exploit in the Java logging library,
Log4j, which impacts versions 2.14.1 and lower. This vulnerability allows
attackers, who can control log messages or parameters, to execute arbitrary
code. Full details can be found in the public advisory ( https://nvd.nist.gov/vuln/detail/CVE-2021-44228
)
After a thorough investigation of our products, this vulnerability was
identified in the Network License Server used by Image-Pro 10.0.0 and above.
Specifically, the License Administration tool, hosted in Apache Tomcat, used
versions of Log4j that were affected by this vulnerability.
Please
use the following link to download an updated version of the Image-Pro Network
License Server, version 10.0.12, that resolves this issue.
http://bit.ly/3btOozl