Charlotte, NC —December 17, 2021 -On December 12, 2021, MS Technology became aware of Critical Vulnerability Exploit CVE-2021-44228, which affects the Log4j Java library. Upon investigation, it was determined that eViewer v5, MST Applet Viewer, MST JavaFX Viewer, and MST Java Batch Converter are not affected by the vulnerability.
MS Technology is using version 1.2.8 of the Log4j library. The official NIST affected configurations are 2.0.1 - 2.15 (excluding), meaning that our solutions are not using an affected version of this library. MS Technology currently does not intend to remediate and move to a higher version of the Log4j library since our solutions are not using an affected version of this library.
If you have any questions or concerns about this, please reach out to your MS Technology representative to discuss this or any other issue regarding your particular software solution.