It’s in the news that a new vulnerability, termed Log4j, has been discovered which affects some open-source software applications. Open-source software is used in a variety of applications by a large number of technology companies. Naturally, you would like to know ‘what about Xerox?’
To help answer your questions about the Log4j and your Xerox products, security bulletins were released in December. The bulletins are being updated as more information becomes available, and evaluation is completed.
Two security bulletins have been posted on the Xerox Security site. The first bulletin Xerox Security Bulletin XRX21-021 Special Bulletin Regarding CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 is a document to identify Xerox products that may be impacted. At this point no Xerox printer or multifunction devices are impacted by the Log4j vulnerability. This document will be updated as more printers are evaluated. The bulletin also includes software and solutions. If your product is not yet listed, please check back periodically as more products are evaluated and added to the bulletin.
The second bulletin, DocuShare Security Bulletin XRX21-022 Special Bulletin Regarding CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105, addresses the impact of Log4j on DocuShare software. Please review this document if you use DocuShare for possible vulnerabilities that may require action.
Both documents have links to more information about the Log4j vulnerability to help you understand the threat and how to protect your network. These are third party links offered to provide further information.
Please remember to periodically check the Xerox Security site for new information you may need. The site is updated frequently to keep you updated on things you need to know or actions you may need to take to keep your Xerox products safe and secure. You can subscribe to the feed for the site or for specific products to be notified when new information in posted.
If you would like more information or have other questions, please refer to the contact information provided on the above-noted bulletins.