OrthoView – Response to the Log4j Vulnerability (LogShell)
Details on this vulnerability and possible mitigations can be found on these Government websites:
US: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
UK: https://www.ncsc.gov.uk/news/apache-log4j-vulnerability
The reported exploit is typically achieved by sending a corrupting http request to a vulnerable server.
We have reviewed all the OrthoView products for this vulnerability.
- The OrthoView Template Delivery Server (TDS) was found to be vulnerable to this attack. This server has already been fixed and has never exploited.
- All OrthoView products prior to 7.1 do not have this library or vulnerability.
- OrthoView 7.1.x and 7.3.x use this library but are considered very low risk because:
- All OrthoView installations should be located inside of the hospital network and (other than the TDS) have no external access which could be exploited.
- OrthoView servers use a different logging framework and hence are not vulnerable to these attacks even if accessed by unauthorised users.
- The affected log4J libraries are used by OrthoView only when executed as a Desktop application (either installed explicitly on a Desktop or auto installed from an OrthoView server). They do not accept http requests.
- OrthoView 7.4.x also uses this library and when installed with the zero footprint (ZFP module) does accept http requests. This is considered low risk as:
- All OrthoView installations should be located inside of the hospital network and (other than the TDS) have no external access which could be exploited.
- Most 7.4.x usage is of the “standard” product which is very low risk as indicated for 7.1.x, and 7.3.x.
- All other OrthoView websites and services are unaffected.
Although low risk, the mere presence of this library is likely to concern Hospital IT and therefore we will provide the patch for all server deployed versions of OrthoView (including ZFP). We also will supply patches to any Desktop installed versions on request.
If you require the patch or have any queries, please do not hesitate to contact our support teams on:
+15,000
Orthopaedic surgeons
+6,000,000
Planned procedures
Worldwide, orthopaedic surgeons use Materialise OrthoView to accurately template their procedures, go into surgery better prepared, and achieve a more predictable patient outcome. Usability and clinical relevance have always been at the core and result in a high customer satisfaction of 94%.
For primary and revision hip and knee arthroplasties as well as shoulder and small joint replacements, fracture management, deformity correction and spine procedures, Materialise OrthoView offers the latest innovations driven by surgeons since 2002.
Discover our free online trial and join our worldwide planning community!
Smart planning
From joint replacement and trauma to spine and pediatrics, our smart planning tools automate the analysis and planning of your procedures.
+220,000 intelligent templates
Our extensive online digital template library is always up-to-date and provides instant access to high-quality and intuitive templates that are carefully created according to specifications provided by each device manufacturer.
Easy to learn &
excellent support
Discover how others have benefited from using Materialise OrthoView, watch online video tutorials to get started easily, or request an on-site training. Our PACS partners and technical teams are there for you for any consultations.
What our community says
Secure planning, anywhere
As a web or a desktop application, OrthoView is easily accessible from anywhere in the hospital network.
Full PACS integration
Materialise has partnerships with all of the major PACS providers to seamlessly plan your procedures.
Flexible Purchase Options
From individual to enterprise and across specialties, we have a license solution for you.
This content is intended for Health Care Professionals only - L-100891