On December 10, the German Federal Office published an information (BSI) entitled "Critical vulnerability in log4j published (CVE-2021-44228)", which potentially endangers a large number of applications. The open source log4j library is indeed widely used for the development of Java applications. The IT community fears a massive use of this vulnerability, which is already the subject of numerous exploits. By exploiting this security flaw, an attacker can arbitrarily execute code remotely, without being authenticated.
The good news is:
The Kisters 3DViewStation product family is not affected as it does not use any JAVA at all. This applies to all member, which are
- 3DViewStation Desktop version
- 3DViewStation WebViewer version
- 3DViewStation VR-Edition
- VisShare
- Automation server KAS
Hint:
As a customer or systems integrator you might use our products together with other software, like web servers, which might use JAVA. You will have to check.
We do not ship our products together with such web servers, except for VisShare. Here Nginx is used - which is free of JAVA as our own products are.