Is Auditbase affected by the Log4J 2 vulnerability CVE?

Is Auditbase affected by the Log4J 2 vulnerability CVE?

+44 (0) 333 444 4212

www.auditdata.com

support@auditdata.com

14 December 2021



    




Auditbase is not affected by the Log4J 2 vulnerability CVE-2021-44228.

 

Auditbase is not affected by the highly publicised Log4J 2 vulnerability CVE-2021-44228 described here https://www.ncsc.gov.uk/news/apache-log4j-vulnerability.  Log4J 2 is an Apache logging service requiring Java.  Auditbase itself does not use Java components.

 

Auditdata distribute Lyniate Rhapsody for HL7 integrations and Crystal Reports XI Developer Edition for Crystal Report editing.  These products contain an older version of Log4j 1.2 which is not subject to the vulnerability.   Log4j 1.2 whilst dated, is a proven and successful design. Core components and features used by Rhapsody and Crystal Reports XI Developer Edition have no high-rated vulnerabilities.

 

There is a related vulnerability in Log4J 1.2 (currently labelled CVE-2021-4104) used in Rhapsody which is present in its JMSAppender. Rhapsody is not impacted by this as the JMSAppender is not used by Rhapsody, nor is it possible for users to enable it as Rhapsody does not include the necessary libraries.  From a security standpoint, there is only one other Critical/High-rated vulnerability against log4J 1.2; this is CVE-2019-17571 affecting the SocketServer class, which Rhapsody does not use and is hence not impacted by.  Crystal Reports XI Developer Edition also does not include JMSAppender or SocketServer components or functionality so is not subject to any known vulnerabilities






    • Related Articles

    • Auditbase 6.6.0 Release Note

      We are committed to providing great care to our customers and therefore the changes implemented in the latest version of Auditbase (6.6.0) are based on your valued feedback. We made two changes based on high-priority areas, these are: 1. Complete ...
    • What's new in Auditbase

      Auditbase 6.6.0 Auditbase 6.5.0 Auditbase 6.4.0 Auditbase 6.3.0 Auditbase 6.2.0 Auditbase 6.1.0 Auditbase 6.0.3 Auditbase 6.0.2 Auditbase 6.0.1 Auditbase 6.0.0 Auditbase 5.4.6 Auditbase 5.4.5 Auditbase 5.4.4 Auditbase 5.4.3 Auditbase 5.4.2 Auditbase ...
    • What are the Auditbase Keyboard Shortcuts?

      Short cut Function F1 Help F2 Log Off F3 Client Search F9 Make Timetable [Booking] F10 Quick Battery Issue Ctrl+F3 Client Quick Search Ctrl+F9 Schedule Timetable [Booking] Shift+Ctrl+A Audiogram Shift+Ctrl+B Booking Shift+Ctrl+C Client Information ...
    • Auditbase 6.7.0 Release Note

      We are pleased to announce several new features and improvements in our upcoming update - release date 10th of Ju. These enhancements are designed to improve the usability, functionality, and efficiency of our system, particularly for users involved ...
    • How do I change the number of resources shown in the Booking Module?

      Auditbase will default to 5 visible resources in the Booking Module until a change is made in the Administration settings. To change this setting Auditbase Administration should be opened and then User and Workstation options -> Workstation settings ...