Tungsten Automation (Formerly Kofax)
      Back to home
      1. Knowledge Base and Help Center
      2. Tungsten Automation (Formerly Kofax)

      Kofax products and Apache Log4j2 vulnerability information

      Kofax is aware of the recently disclosed Apache Log4j2 vulnerability (CVE-2021-44228). The following Kofax products are using the potentially vulnerable Log4j2 version Kofax is in the process of evaluating the usage of log4j2 in the above products and will create patches wherever it is needed, as a priority.


      Products not listed on this page have been evaluated and are not vulnerable.

      Affected Kofax Products Remediation Status Kofax Community Product Discussion URL
      Robotic Process Automation (RPA) 10.7-11.2 Patches are available. See  Kofax RPA CVE-2021-44228 log4j Security Exploit Information article.

      Robotic Process Automation Release Announcements
      Kofax Communication Manager (KCM) 5.3-5.5 Patches are available. See log4j vulnerability in Kofax Communications Manager article. Communications Manager Release Announcements
      Device Web Service (DWS) 10.2
      The DWS is used with AutoStore, Equitrac and Output Manager when deploying embedded clients, including the Kofax Unified Client.      		 See ControlSuite and the Log4j vulnerability CVE-2021-44228 for more information. ControlSuite Release Announcements
      Device Web Service (DWS) 5.11 See ControlSuite and the Log4j vulnerability CVE-2021-44228 for more information. ControlSuite Release Announcements
      eCopy ShareScan 6.x Until the ShareScan patches are ready, follow the steps in the ShareScan and Log4j vulnerability (CVE-2021-44228) - Kofax article. MFD and Productivity Release Announcements
      Invoice Portal Potential vulnerability remediated ReadSoft Release Announcements
      Supplier Portal Potential vulnerability remediated ReadSoft Release Announcements
      ReadSoft Online Potential vulnerability remediated ReadSoft Release Announcements
      Exder Potential vulnerability remediated ReadSoft Release Announcements
      Device Registration Service (DRS) 7.13.0.3 See ControlSuite and the Log4j vulnerability CVE-2021-44228 for more information. ControlSuite Release Announcements

       

      Kofax TotalAgility 7.10 is affected by CVE-2021-44228 - Please see the following: https://knowledge.kofax.com/Smart_Process_Applications_-_TotalAgility/New_Articles/Kofax_TotalAgility_and_CVE-2021-44228_log4j_security_exploit_Information

      Taken from Kofax Knowledge Base: https://knowledge.kofax.com/General_Support/General_Troubleshooting/Kofax_products_and_Apache_Log4j2_vulnerability_information