Is the family of Waters informatics solutions affected by the Apache log4j vulnerability? - WKB224967

ENVIRONMENT

• EDS365
• Empower
• MassLynx
• NuGenesis
• waters_connect/UNIFI
• Log4j
• Log4Shell

ANSWER

Waters is aware of the "zero day" vulnerability (CVE-2021-44228) announced by security researchers on Dec. 9, 2021, affecting a common software package (Apache Log4j). Because Log4j is widely used across web applications and cloud service providers, the full scope of this vulnerability is complex, and its impact is still being determined. Waters product and engineering teams are continuing to investigate this matter. Waters will provide updates about the Log4j vulnerability as needed and will notify customers when the assessment is complete.

The following articles contain details of the current assessment of the Log4j impact

Does the Log4Shell (Log4j) vulnerability impact Empower? - WKB224539

Does the Apache "Log4Shell" vulnerability in log4j affect NuGenesis? - WKB224434

Is MassLynx or it's associated processing software affected by the Log4J2 vulnerability? - WKB224560

Does the Apache "Log4Shell" vulnerability in log4j impact waters_connect/UNIFI releases? - WKB224535

Is EDS365 software affected by the Log4J vulnerability? - WKB224722

ADDITIONAL INFORMATION

In addition to MassLynx, the above statement applies to Waters data processing products used with MassLynx data, such as Progenesis QI, Progenesis QI for Proteomics, PLGS, Driftscope, MSe Data Viewer, HDI, LiveID, Symphony, BiopharmaLynx, and HDMS Compare.