Cadwell became aware of the recent Java JNDI vulnerability discovered on December 9th, 2021 which impacts systems with log4j version 2.0 and higher. Cadwell’s core software packages (CadLink, Arc EEG, Cascade Surgical Studio, Easy III PSG, and Sierra) do not use Java components and are not impacted.
Cadwell’s optional Mirth interface engine does use Java. The Nextgen Mirth team has concluded, however, that CVE-2021-44228 does not impact Mirth as it utilizes log4j version 1.2.x and does not include the vulnerable JNDI component.
At this time, Cadwell and Mirth software is not known to be vulnerable to CVE-2021-44228 and no remediation is necessary. If you have any questions, please feel free to contact our Application Support team at 1-800-245-3001 or email us at firstname.lastname@example.org.