This section provides an overview of all critical uniFLOW sysHUB security advisories. For further information regarding these advisories, please get in touch with your local Canon office, authorized reseller, or NT-ware support representative. Access to the NT-ware Knowledgebase is granted to all local Canon offices and authorized resellers to receive more detailed information and patches.
NT-ware is aware that recently, Apache has released patches for two of their products called “Commons Configurations” and “Commons Text”, both are libraries used by Java developed software. For both libraries, Remote Code Execution vulnerabilities (CVE-2022-33980 and CVE-2022-42889 respectively) are identified that can be misused if the system is directly or indirectly connected to the internet.
2022.1 and 2022.2
If you require further assistance, please reach out to your Canon consultant for further support.
NT-ware is aware of a new remote code execution vulnerability affecting the Java Spring framework. Named Spring4Shell and tracked under CVE-2022-22965, this vulnerability is in the Java ‘Spring’ library. We actioned our security and development team to investigate, mitigate and communicate our activities. The result of these activities have concluded and are listed below. As it is early in the release of this vulnerability, the information below is subject to change if new exploits are identified.
Below you can find a breakdown of the activity for NT-ware as a company and our individual products:
None of the uniFLOW components are affected:
None of the uniFLOW Online/uniFLOW Online Express components are affected:
None of the uniFLOW sysHUB (Cosmos) components are affected:
None of the PRISMAsatellite components are affected.
A critical vulnerability, CVE-2021-44228, has been identified in the popular Java logging library, Apache Log4j 2, or also referred to as Log4Shell. This has had a devastating impact globally on millions of systems and applications which impacts almost every company in some way.
NT-ware actioned last week our security response plans to investigate, mitigate and communicate our activities. The result of these activities have concluded with that we have no exposed system or products that are susceptible to this vulnerability.
Below you can find a breakdown of the activity for NT-ware as a company and our individual products:
PRISMAsatellite does NOT use LOG4J (for Java), but DOES use log4JS (for JavaScript) as a component in the Dashboard. We can confirm that Log4JS (for JavaScript) is used in all versions of PRISMAsatellite, is NOT vulnerable to the LOG4J (for Java) exploit.