Product Security Bulletins

Apache Log4j Vulnerability 

RE: Log4j 

Publication Date: December 13, 2021 

Updated: December 29, 2021 

SUMMARY 

Epiphany is currently monitoring the recently published announcement of vulnerabilities affecting Log4j Java-based logging library. The Log4j library is developed by the Apache Foundation and is widely used by both enterprise applications and cloud services for logging purposes. The vulnerabilities have been classified as critical. 

For a more detailed description of these vulnerabilities, it is recommended customers view the information provided by Apache. 

RESPONSE 

Please note that the Apache Log4j vulnerabilities are not Epiphany-specific vulnerabilities. As part of the company’s product security policy and protocols, Epiphany’s team continues to evaluate Epiphany’s Java-based products and solutions for potential impacts from these reported vulnerabilities and evaluating further possible actions as needed. 

IMPACTED PRODUCTS

At the time of the publication of this update, all Epiphany products are either not impacted, patched, or mitigations have been applied. Epiphany will continue to monitor all available information and we will provide an update to this bulletin if necessary. For questions regarding cybersecurity of any Epiphany product contact: productsecurity@baxter.com 

For information on Baxter or Hillrom products, please see: Responsible Disclosures 

Learn More >