Security Advisory for Log4Shell (CVE-2021-44228)
Overview
On or about December 10, 2021, a vulnerability was disclosed in the Apache Log4J software, which is a common logging system used by many applications built on Java. The vulnerability is commonly known as “Log4Shell.” More information on this vulnerability is available at https://logging.apache.org/log4j/2.x/security.html.
Leica Biosystems is evaluating our products to determine whether they are impacted by this vulnerability.
Product Status
| Product | Status regarding Log4Shell | Description |
|---|---|---|
| Aperio AT2 | Not Vulnerable | Log4J is not used. |
| Aperio AT2 DX | Not Vulnerable | Log4J is not used. |
| Aperio CS2 | Not Vulnerable | Log4J is not used. |
| Aperio eSlide Manager | Not Vulnerable | Log4J is not used. |
| Aperio GT 450 | Not Vulnerable | Log4J is not used. |
| Aperio GT 450 DX | Not Vulnerable | Log4J is not used. |
| Aperio ImageScope DX | Not Vulnerable | Log4J is not used. |
| Aperio LV1 | Not Vulnerable | Log4J is not used. |
| Aperio SAM DX Server For GT 450 DX | Not Vulnerable | Uses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to https://logging.apache.org/log4j/2.x/security.html |
| Aperio Scanner Administration Manager (SAM) Server for GT 450 | Not Vulnerable | Uses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to https://logging.apache.org/log4j/2.x/security.html |
| Aperio VERSA | Not Vulnerable | Log4J is not used. |
| Aperio WebViewer DX | Not Vulnerable | Log4J is not used. |
| BOND-ADVANCE | Not Vulnerable | Log4J is not used. |
| BOND Controller | Not Vulnerable | Log4J is not used. |
| BOND-III | Not Vulnerable | Log4J is not used. |
| BOND-MAX | Not Vulnerable | Log4J is not used. |
| BOND RX | Not Vulnerable | Log4J is not used. |
| BOND RXm | Not Vulnerable | Log4J is not used. |
| CEREBRO | Not Vulnerable | Uses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to https://logging.apache.org/log4j/2.x/security.html |
| CytoVision | Not Vulnerable | Log4J is not used. |
| HistoCore PEARL | Not Vulnerable | Log4J is not used. |
| HistoCore PEGASUS | Not Vulnerable | Log4J is not used. |
| HistoCore PELORIS 3 | Not Vulnerable | Log4J is not used. |
| HistoCore SPECTRA CV | Not Vulnerable | Log4J is not used. |
| HistoCore SPECTRA ST | Not Vulnerable | Log4J is not used. |
| HistoCore SPIRIT ST | Not Vulnerable | Log4J is not used. |
| HistoCore SPRING ST | Not Vulnerable | Log4J is not used. |
| Leica ASP300S | Not Vulnerable | Log4J is not used. |
| Leica ASP6025S | Not Vulnerable | Log4J is not used. |
| Leica CV5030 | Not Vulnerable | Log4J is not used. |
| Leica IP C | Not Vulnerable | Log4J is not used. |
| Leica IP S | Not Vulnerable | Log4J is not used. |
| Leica ST4020 | Not Vulnerable | Log4J is not used. |
| Leica ST5010 | Not Vulnerable | Log4J is not used. |
| Leica ST5020 | Not Vulnerable | Log4J is not used. |
| Leica TP1020 | Not Vulnerable | Log4J is not used. |
| Leica PELORIS | Not Vulnerable | Log4J is not used. |
| LIS Connect | Not Vulnerable | Uses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to https://logging.apache.org/log4j/2.x/security.html |
| PathDX | Not Vulnerable | Log4J is not used. |
| ThermoBrite Elite | Not Vulnerable | Log4J is not used. |