Cytiva Security Advisory for Apache CVE-2021-44228

Security Advisory | Critical | Created: December 17, 2021 | Modified: December 22, 2021

Products covered by this advisory

Cytiva products containing software

Description of problem

Cytiva is closely monitoring the recent vulnerability disclosure by Apache Software Foundation on November 26, 2021 - CVE-2021-44228 and https://logging.apache.org/log4j/2.x/security.html

Cytiva has mobilized its Product Privacy and Security Team and development organizations to investigate the issue and immediately mitigate potential risks. Cytiva has conducted assessments of our Cytiva products containing software.

The below list contains Cytiva products affected by the vulnerability or are still under investigation.

Cytiva product name Affected Mitigation / Patch status
Biacore 8K Affected See mitigation instructions
Biacore Insight Affected See mitigation instructions
OptiRun Connect Affected Mitigated / Patched
PDCentral Affected Mitigated / Patched
XDR50-2000 Affected Patch pending

What Cytiva customers should do

Customers are recommended to monitor this web page for the latest updates to the above product list. Cytiva will continue to monitor for and respond to new information related to this vulnerability.

What Cytiva is doing

Cytiva is notifying customers and channel partners about this potential security issue. Cytiva will periodically update this page as new information becomes available.

Obtaining support on this issue

If you require technical assistance with this issue, please contact Cytiva Support.

Disclaimer

This document is provided and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. Cytiva reserves the right to change or update this document at any time.