Pharos software is not susceptible to the new Apache Struts vulnerability nor to the Jackson-databind vulnerability
- 05 Apr 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Pharos software is not susceptible to the new Apache Struts vulnerability nor to the Jackson-databind vulnerability
- Updated on 05 Apr 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Background
Recently, a security vulnerability was discovered inside Apache Struts:
CVE-2018-1327
https://nvd.nist.gov/vuln/detail/CVE-2018-1327
This vulnerability is reasonably serious because it allows a DoS attack when using a malicious request.
A security vulnerability was also discovered inside Jackson-databind:
CVE-2018-7489
https://nvd.nist.gov/vuln/detail/CVE-2018-7489
This vulnerability is serious because it allows unauthenticated remote code execution and is easy to exploit.
Many organizations, including Pharos customers, are urgently investigating where these tools are used and to update/repair those instances.
Pharos Software, Apache Struts and Jackson-databind
Pharos has reviewed all our software and 3 rdparty tools/libraries that we use and can confirm that we do not use Apache Struts nor Jackson-databind in any product. This includes:
Uniprint (including all web interfaces)
Blueprint (including all web interfaces)
Mobileprint
All Omega devices (including PS60, PS150, PS200)
All iMFP implementations across all manufacturers
Beacon – both the desktop components and the cloud infrastructure
Kiosks
Pharos products are therefore not vulnerable to either the Apache Struts exploit nor the Jackson-databind exploit.
Regards,
Pharos Security Team
Pharos Systems International
585-939-7000
pharossecurityteam@pharos.com
Was this article helpful?