Pharos software is not susceptible to the Apache Struts vulnerability

Version 1

    Background

    Recently, a security vulnerability was discovered inside Apache Struts:

    CVE-2017-5638

    https://www.cvedetails.com/cve/CVE-2017-5638/

    This vulnerability is serious because it allows remote execution, it is widespread, easy to exploit and under active use. Many organizations, including Pharos customers, are urgently investigating where this tool is used and to update/repair those instances.

     

    Pharos Software and Apache Struts

    Pharos has reviewed all our software and 3rd party tools/libraries that we use, and can confirm that we do not use Apache Struts in any product. This includes:

    • Uniprint (including all web interfaces)
    • Blueprint (including all web interfaces)
    • Mobileprint
    • All Omega devices (including PS60, PS150, PS200)
    • All iMFP implementations across all manufacturers
    • Beacon both the desktop components and the cloud infrastructure
    • Kiosks

     

    Pharos products are therefore not vulnerable to the Apache Struts exploit.