Log4j notice!

14 December, 2021

This announcement contains important information about your VidiView Server installation. The intended audience for this letter is technical personal in charge of system management and maintenance.

At this time, you may be aware of the found vulnerability in the commonly used Java library log4j. The vulnerability is also commonly referred to as CVE-2021-44228. Please read more about this at https://nvd.nist.gov/vuln/detail/CVE-2021-44228

From a development perspective the log4j library exists in a .net-encapsulated form (embedded into a .dll). The functionality within the VidiView Server using this library is related to Dicom export and import and we have used our best efforts to try and investigate the inner workings of this library in relation to our application. We have not been able to expose any kind of vulnerability in our use case. Hence – no need to any action on the account of VidiView.

No other part of the VidiView products contain the log4j library.