Apache Log4j (CVE-2021-44228) impact statement

In December 2021 information security media reported the discovery of the critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). The threat, also named Log4Shell or LogJam, is a Remote Code Execution (RCE) class vulnerability.

Workflow Doctor Software

No software developed by Workflow Doctor uses the Apache Log4j library and so our platforms introduce no vulnerability to your business.

Third Party Software supported by Workflow Doctor

Many of our solutions include software from third part vendors. We have checked with these vendors and, where available, include their impact statements attached to this article.

ABBYY Software

ABBYY has performed a full review – including source code and production environments – and has determined that its Cloud and on-premises products are NOT affected by this vulnerability with the exception of two db connectors.

DBMS Connector for ABBYY Timeline

While the overall ABBYY Timeline core product is not affected by the log4j vulnerability, an auxiliary component, the db connector uses log4j. To avoid the CVE-2021-44228 vulnerability you should start the connector using java and parameter -Dlog4j2.formatMsgNoLookups=true

ABBYY FlexiCapture connector for Pega

While the overall ABBYY FlexiCapture core product is not affected, the FlexiCapture connector for Pega is affected by the vulnerability. ABBYY is actively developing a patch to address this vulnerability as quickly as possible and is reaching out to affected customers. None of our customers are affected.

Spielberg Software

Spielberg has confirmed that neither the ECM software solution FileDirector nor the document management solution ScanFile uses directly or indirectly any parts of Apache Log4j library and is therefore not affected by any associated security vulnerabilities.

Gearmage Software

Gearmage email automation software does not use the Apache Log4j library.