We are posting this communication to provide an update on the security vulnerability that has been discovered in version 2.8.2 of the Apache Log4j as documented in the United States National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2021-44228.
This post is related to Agilent LC/MS and GC/MS Software products only.
Products Not Affected:
The Apache Log4j vulnerability does NOT affect any version of the following products:
- MassHunter Qualitative Analysis
- MassHunter Quantitative Analysis
- MassHunter Acquisition for LC/MS TOF/QTOF
- MassHunter Acquisition for LC/MS QQQ
- MassHunter Acquisition for Ultivo
- MassHunter Acquisition for GC/MS Systems
- Mass Profiler Professional
- PCDL Manager
Also not affected are other software products that are clients of affected OpenLab Server and ECM XT products. For these products, no changes are required on the client-side and updates on the server-side are fully supported with these applications (see this post for more information: https://community.agilent.com/technical/software/b/announcements-865833490/posts/apache-log4j-security-vulnerability-in-some-openlab-products).
- MassHunter Networked Workstation for LC-TOF/QTOF 11.0
- MassHunter BioConfirm Networked Workstation 11.0
Thank you for selecting Agilent products for your laboratory. For questions, contact your local Agilent support representative or Customer Contact Center (go to https://www.agilent.com/en/contact-us/page).