The below information is from HP in regards to the Zero Day Exploit for Apache Log4j:
December 12, 2021 - UPDATE December 13, 2021 5:18 PM MST
Zero Day exploit Apache Log4j, CVE-2021-44228 - Under Investigation
On Friday, December 10, a zero day vulnerability was announced for Apache Log4j (a.k.a. Log4shell), a high-severity vulnerability that affects the core function of Log4j library. HP is currently reviewing products for potential impact. More information will be provided as it becomes available.
NOT AFFECTED:
- HP Enterprise LaserJet and Managed LaserJet Printers and MFPs running FutureSmart 3/4/5
- HP Enterprise PageWide and Managed PageWide printers and MFPs running FutureSmart 3/4/5
- HP Digital Senders running FutureSmart firmware
- HP Scanjet running FutureSmart firmware
- HP Workpath
- HP Laser products (NOTE: these products are not LaserJet, and run legacy HPPK firmware)
- HP JetDirect accessory products
- HP Pro PageWide and Managed PageWide printers and MFPs
- HP Pro LaserJet and Managed LaserJet Printers and MFPs
- HP DeskJet products
- HP Officejet products
- HP SmartTank products
- HP Neverstop Laserjet products
- Samsung Branded print products
- Device Connect
- JetAdvantage Management
- SDS platform
- HP CR - verbal confirmation not affected
- HP Access Control
- HP Advance Products
- HP Web JetAdmin
- HP Security Manager
Under investigation:
- HP Large Format products
- HP Command Center
- HP DSS
Additional Third party solution information:
- Papercut: See vendor response.
- LRS VPSX Products - not affected
- Pharos - See vendor response
- Printer On - in progress
- Printer Logic - in progress
- Everyone Print - Impacted. Contact vendor for guidance.
- Troy Group solutions - not affected.
- Ysoft - See vendor response.
- Upland - in progress
- Safecom/Kofax - See vendor response
- Celiveo - in progress (initial assessment is that standard Celiveo Enterprise product is not affected)
****************************************************************