Security Reports:
Vulnerability | Comments | Remediation |
CVE-2021-44228 |
The version of Log4j used in Universal Type Server (UTS) 7 is not affected | |
CVE-2021-45046 |
The version of Log4j used in Universal Type Server (UTS) 7 is not affected | |
CVE-2018-19409 |
Only effects Linux servers (not support by Universal Type Server) | |
CVE-2018-18284 |
Only effects Linux servers (not support by Universal Type Server) | |
CVE-2018-16509 |
Requires local access to the system to be exploited. A secure network should mitigate this issue | |
CVE-2016-7979 |
Requires local access to the system to be exploited. A secure network should mitigate this issue | |
CVE-2019-14813 |
Requires local access to the system to be exploited. A secure network should mitigate this issue | |
CVE-2022-23302 |
Requires local access to the system to be exploited. A secure network should mitigate this issue | |
CVE-2022-42252 |
Only applicable if Universal Type Server is behind a reverse proxy that also fails to reject the request with the invalid header. Reverse proxies are not part of our standard configuration when developing Universal Type Server | |
CVE-2022-45143 |
Universal Type Server does not use this feature of Tomcat | |
CVE-2022-29885 |
Universal Type Server does not use any of the clustering features outlined in the vulnerability. A secure network should further mitigate this issue | |
CVE-2021-4104 |
We do not use JMSAppender in any of our products | |
CVE-2019-17571 |
We do not use the Log4j network logging features and are not affected | |
CVE-2020-9488 |
We do not use the Log4j SMTPAppender and are not affected | |
CVE-2022-23305 |
We do not use the Log4j JDBCAppender and are not affected | |
CVE-2022-23307 |
This is related to Apache Chainsaw, a gui log reader that an be included with log4j. We do not include this with our distribution and are not affected | |
CVE-2020-9493 |
This is related to Apache Chainsaw, a gui log reader that an be included with log4j. We do not include this with our distribution and are not affected | |
CVE-2022-23305 |
We do not use the JDBCAppender | |
CVE-2020-9488 |
We do not use the SMTPAppender | |
CVE-2021-2341 | This vulnerability does not apply to Java deployments that load and run only trusted code, which is how our application operates | |
CVE-2021-2369 |
We not use Oracle JDK distributions | |
CVE-2021-2388 |
We not use Oracle JDK distributions | |
CVE-2021-35550 |
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This does not describe our application | |
CVE-2021-35556 |
This vulnerability does not apply to Java deployments that load and run only trusted code, which is how our application operates | |
CVE-2021-35559 |
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This does not describe our application | |
CVE-2021-35561 |
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This does not describe our application | |
CVE-2021-35564 |
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This does not describe our application | |
CVE-2021-35567 | This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This does not describe our application | |
CVE-2021-35586 |
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This does not describe our application | |
CVE-2021-35588 |
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This does not describe our application | |
CVE-2021-35603 |
This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This does not describe our application | |
CVE-2021-2432 |
This does not affect our version of OpenJDK | |
CVE-2021-3517 | While UTS does use the effected component Exploitation of this exploit is highly unlikely, if not impossible | Please contact Support for a potential hotfix |
CVE-2021-3522 | Our version of OpenJDK is listed in the affected configurations | Please contact Support for a potential hotfix |
If you are on version 6.x or earlier of Universal Type Server, please submit a support request to get assistance on how you may be able to update to UTS version 7.0.6. Updates may require you to have a current maintenance/service contract or a subscription with Extensis.