13/12/2021 Security Advisory
Daniela Tschelebieva

Log4J Security Advisory for DebiTEX

Information for SHS Viveon DebiTEX Customers

DebiTEX does not include the Log4j libraries that are affected by the recent remote code injection vulnerability, and for this reason is NOT affected by this vulnerability.

However, the 3rd party application requirements for DebiTEX call for ElasticSearch to be used, which is affected. You can find information on how to proceed directly from the manufacturer at Security announcements for the Elastic stack – CVE-2021-44228 – ESA-2021-31.

We have tested DebiTEX 11 FP 11 and FP 12 with the latest release of Elasticsearch 7.16.1. We encountered a problem that was solved with a patch for the latest versions of DebiTEX.

We recommend our customer to update to the latest version of Elastic Search (7.16.1).

To ensure compatibility with DebiTEX, please install the latest patch for DebiTEX FP 11 (11.5.0) or FP 12 (12.3.3) afterwards.