Important Notification: Log4J Vulnerability

20 Dec 2021

Ricoh Australia is advising our valued customers that the Apache Software Foundation (Apache) has released multiple security advisories to address issues affecting Log4j versions 2.0-beta9 to 2.16 these are CVE-2021-44228, CVE-2021-45046, CVE-2021-45105

These threats vary in severity from a Remote Code Execution (critical) to a Denial of Service (high). Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services.

Below is a list of solutions sold by Ricoh Australia that shows if the product is impacted by the Log4j vulnerability. Please click on the link provided for the latest information from each vendor:

Product name Current status
Globalscan NX Not affected
Streamline NX v2.x Not affected
Streamline NX V3.x Not affected
CAP (Card Authentication Package) Not affected
ELP (Enhanced Locked Print) Not affected
@Remote Connector NX Not affected
Device Manager NX Lite Not affected
Ricoh Smart Integration (RSI) Platform Affected - Fixed patch will be released 14 December 2021
Papercut Affected - Vendor remediation can be found here
Ysoft Affected - Vendor remediation can be found in the attached document
MyPrint Not affected
Kofax products - Equitrac, ControlSuite Affected - Vendor information can be found here
Ezescan Not affected

The above list is not comprehensive and there are other solutions that may be impacted these will be added as more vendor information comes to hand.

Ricoh Australia can confirm that none of the Ricoh hardware products are affected, and we will provide updates as we receive further information from relevant vendors.

What you can do now to remediate the vulnerability

Apache advises that the actions to remediate this issue are as per the following link: https://logging.apache.org/log4j/2.x/security.html

Additional options to mitigate this vulnerability may be as below, these options need to be discussed with your IT Security to see if they are suitable for your environment:

  1. Turn off internet access on affected Apache servers:
    a) Ensure all internet access is blocked to and from Apache affected servers
    b) Disable any internet facing end points
  2. Shut Apache servers down

More information

If you have questions or require further information, please log a ticket at https://www.ricoh.com.au/contact-us and include “Log4J” in the description field.

*While every effort is made by Ricoh Australia Pty Ltd to ensure that the information contained in this document is accurate, it makes no representation about the content and suitability of this information for any purpose. This information is provided as is without express or implied warranty. Ricoh Australia Pty Ltd disclaims all warranties with regards to this information, including all implied warranties of merchantability and fitness. In no event shall Ricoh Australia Pty Ltd be liable for any special, indirect, or consequential damages or any damages whatsoever resulting from loss of income or profits, whether in an action of contract, negligence or other tortious action arising in connection with the use or performance of this information.