ChemAxon’s response to CVE-2021-44228 (“Log4Shell”) together with CVE-2021-45046
Updated 3 January, 2022
Log4j is a Java-based logging utility found in a wide number of software products.
The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021. If exploited, it could potentially allow a remote attacker to execute code on the server if the system logs an attacker-controlled string value on an affected endpoint.
As soon as we learned of this vulnerability, ChemAxon promptly evaluated all cloud-hosted systems and customer premise agents to determine what might be impacted and methodically set about remediating any exposure.
The new incident CVE-2021-45046 poses no additional threat as all affected ChemAxon products are updated to use log4j 2.16.
The new incident CVE-2021-45105 involves no further ChemAxon product.
This page will continue to be updated as more information becomes available.
ChemAxon is taking prompt action to patch and mitigate the potential impact of this vulnerability on: Fixes have been published in frequent releases for the following affected products
All other ChemAxon products remain unaffected.
We also recommend customers check whether any other (non-ChemAxon) software they are running may be impacted and check in with applicable vendors for available patches.
We will continue to provide updates as necessary in this document.