OrthoView – Response to the Log4j Vulnerability (LogShell)
Details on this vulnerability and possible mitigations can be found on these Government websites:
US: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
UK: https://www.ncsc.gov.uk/news/apache-log4j-vulnerability
The reported exploit is typically achieved by sending a corrupting http request to a vulnerable server.
We have reviewed all the OrthoView products for this vulnerability.
- The OrthoView Template Delivery Server (TDS) was found to be vulnerable to this attack. This server has already been fixed and has never exploited.
- All OrthoView products prior to 7.1 do not have this library or vulnerability.
- OrthoView 7.1.x and 7.3.x use this library but are considered very low risk because:
- All OrthoView installations should be located inside of the hospital network and (other than the TDS) have no external access which could be exploited.
- OrthoView servers use a different logging framework and hence are not vulnerable to these attacks even if accessed by unauthorised users.
- The affected log4J libraries are used by OrthoView only when executed as a Desktop application (either installed explicitly on a Desktop or auto installed from an OrthoView server). They do not accept http requests.
- OrthoView 7.4.x also uses this library and when installed with the zero footprint (ZFP module) does accept http requests. This is considered low risk as:
- All OrthoView installations should be located inside of the hospital network and (other than the TDS) have no external access which could be exploited.
- Most 7.4.x usage is of the “standard” product which is very low risk as indicated for 7.1.x, and 7.3.x.
- All other OrthoView websites and services are unaffected.
Although low risk, the mere presence of this library is likely to concern Hospital IT and therefore we will provide the patch for all server deployed versions of OrthoView (including ZFP). We also will supply patches to any Desktop installed versions on request.
If you require the patch or have any queries, please do not hesitate to contact our support teams on:
Secure planning, anywhere
As a web or a desktop application, OrthoView is easily accessible from anywhere in the hospital network.
Hassle-free & secure deployment
Hospital IT management can deploy Materialise OrthoView as a web application in the hospital requiring zero footprint on the desktop computers and without hardware or software (i.e. Java, Citrix) dependencies.
Patient data never leaves the hospital network as Materialise OrthoView is hosted by the hospital IT department, neither in the cloud by Materialise nor by any third party.
For more information about our licensing and installation options, please contact us to discuss the most suitable options based on your institution’s needs.
Seamless access
Throughout the hospital network, Materialise OrthoView can be run as a desktop or web application and can be quickly and easily launched with any PACS to fit a surgeon’s daily work. In fact, 86% of OrthoView customers report good or higher satisfaction with the fit into the clinical routine.
Powerful insights,
inspiring outcomes
Here’s a selection of articles on digital templating you might be interested in.
- How Accurately Can Templating Software Predict Implant Sizes?
Dr. Michael Newman, Queen Alexandra Hospital, UK
- How to Plan Your Joint Replacement Surgeries More Precisely
Dr. Andrew Noble, Palm Beach Orthopaedic Institute, USA
- How to Save Costs and Time with Materialise OrthoView
Dr. Brett Levine, Rush University Medical Center, USA
Experience templating with OrthoView
Our online OrthoView trial allows you to discover smart planning with +220,000 templates in OrthoView in your web browser. No installation is needed. Simply create an account to get started.
To test integration in your hospital, you can also request a 30-day trial license and download an OrthoView installer. We’ll assist with the installation.
This content is intended for Health Care Professionals only - L-100891