Important Notification: Log4J Vulnerability
Ricoh Australia is advising our valued customers that the Apache Software Foundation (Apache) has released multiple security advisories to address issues affecting Log4j versions 2.0-beta9 to 2.16 these are CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
These threats vary in severity from a Remote Code Execution (critical) to a Denial of Service (high). Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services.
Below is a list of solutions sold by Ricoh Australia that shows if the product is impacted by the Log4j vulnerability. Please click on the link provided for the latest information from each vendor:
|Product name||Current status|
|Globalscan NX||Not affected|
|Streamline NX v2.x||Not affected|
|Streamline NX V3.x||Not affected|
|CAP (Card Authentication Package)||Not affected|
|ELP (Enhanced Locked Print)||Not affected|
|@Remote Connector NX||Not affected|
|Device Manager NX Lite||Not affected|
|Ricoh Smart Integration (RSI) Platform||Affected - Fixed patch will be released 14 December 2021|
|Papercut||Affected - Vendor remediation can be found here|
|Ysoft||Affected - Vendor remediation can be found in the attached document|
|Kofax products - Equitrac, ControlSuite||Affected - Vendor information can be found here|
The above list is not comprehensive and there are other solutions that may be impacted these will be added as more vendor information comes to hand.
Ricoh Australia can confirm that none of the Ricoh hardware products are affected, and we will provide updates as we receive further information from relevant vendors.
What you can do now to remediate the vulnerability
Apache advises that the actions to remediate this issue are as per the following link: https://logging.apache.org/log4j/2.x/security.html
Additional options to mitigate this vulnerability may be as below, these options need to be discussed with your IT Security to see if they are suitable for your environment:
- Turn off internet access on affected Apache servers:
a) Ensure all internet access is blocked to and from Apache affected servers
b) Disable any internet facing end points
- Shut Apache servers down
If you have questions or require further information, please log a ticket at https://www.ricoh.com.au/contact-us and include “Log4J” in the description field.
*While every effort is made by Ricoh Australia Pty Ltd to ensure that the information contained in this document is accurate, it makes no representation about the content and suitability of this information for any purpose. This information is provided as is without express or implied warranty.Ricoh Australia Pty Ltd disclaims all warranties with regards to this information, including all implied warranties of merchantability and fitness. In no event shall Ricoh Australia Pty Ltd be liable for any special, indirect, or consequential damages or any damages whatsoever resulting from loss of income or profits, whether in an action of contract, negligence or other tortious action arising in connection with the use or performance of this information.
News & Events
Keep up to date
Ricoh launches its first renewable energy self-consignment
Prima PMI Expands with 10 Ricoh 9500s To Deliver Enhanced Value to End Customers
Ricoh received a five-star rating in the Fifth Nikkei SDGs Management Survey
Ricoh Chairperson hands policy proposal on accelerating decarbonization through green transformation to Minister of Economy, Trade and Industry as Co-chair of JCLP