Security Advisory for Log4Shell (CVE-2021-44228)
Overview
On or about December 10, 2021, a vulnerability was disclosed in the Apache Log4J software, which is a common logging system used by many applications built on Java. The vulnerability is commonly known as “Log4Shell.” More information on this vulnerability is available at https://logging.apache.org/log4j/2.x/security.html.
Leica Biosystems is evaluating our products to determine whether they are impacted by this vulnerability.
Product Status
Product | Status regarding Log4Shell | Description |
---|---|---|
Aperio AT2 | Not Vulnerable | Log4J is not used. |
Aperio AT2 DX | Not Vulnerable | Log4J is not used. |
Aperio CS2 | Not Vulnerable | Log4J is not used. |
Aperio eSlide Manager | Not Vulnerable | Log4J is not used. |
Aperio GT 450 | Not Vulnerable | Log4J is not used. |
Aperio GT 450 DX | Not Vulnerable | Log4J is not used. |
Aperio ImageScope DX | Not Vulnerable | Log4J is not used. |
Aperio LV1 | Not Vulnerable | Log4J is not used. |
Aperio SAM DX Server For GT 450 DX | Not Vulnerable | Uses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to https://logging.apache.org/log4j/2.x/security.html |
Aperio Scanner Administration Manager (SAM) Server for GT 450 | Not Vulnerable | Uses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to https://logging.apache.org/log4j/2.x/security.html |
Aperio VERSA | Not Vulnerable | Log4J is not used. |
Aperio WebViewer DX | Not Vulnerable | Log4J is not used. |
BOND-ADVANCE | Not Vulnerable | Log4J is not used. |
BOND Controller | Not Vulnerable | Log4J is not used. |
BOND-III | Not Vulnerable | Log4J is not used. |
BOND-MAX | Not Vulnerable | Log4J is not used. |
BOND RX | Not Vulnerable | Log4J is not used. |
BOND RXm | Not Vulnerable | Log4J is not used. |
CEREBRO | Not Vulnerable | Uses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to https://logging.apache.org/log4j/2.x/security.html |
CytoVision | Not Vulnerable | Log4J is not used. |
HistoCore PEARL | Not Vulnerable | Log4J is not used. |
HistoCore PEGASUS | Not Vulnerable | Log4J is not used. |
HistoCore PELORIS 3 | Not Vulnerable | Log4J is not used. |
HistoCore SPECTRA CV | Not Vulnerable | Log4J is not used. |
HistoCore SPECTRA ST | Not Vulnerable | Log4J is not used. |
HistoCore SPIRIT ST | Not Vulnerable | Log4J is not used. |
HistoCore SPRING ST | Not Vulnerable | Log4J is not used. |
Leica ASP300S | Not Vulnerable | Log4J is not used. |
Leica ASP6025S | Not Vulnerable | Log4J is not used. |
Leica CV5030 | Not Vulnerable | Log4J is not used. |
Leica IP C | Not Vulnerable | Log4J is not used. |
Leica IP S | Not Vulnerable | Log4J is not used. |
Leica ST4020 | Not Vulnerable | Log4J is not used. |
Leica ST5010 | Not Vulnerable | Log4J is not used. |
Leica ST5020 | Not Vulnerable | Log4J is not used. |
Leica TP1020 | Not Vulnerable | Log4J is not used. |
Leica PELORIS | Not Vulnerable | Log4J is not used. |
LIS Connect | Not Vulnerable | Uses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to https://logging.apache.org/log4j/2.x/security.html |
PathDX | Not Vulnerable | Log4J is not used. |
ThermoBrite Elite | Not Vulnerable | Log4J is not used. |