Security issue CVE-2021-42392 in H2 database - is Cryptshare affected?

If you are concerned about the use of the H2 database by Cryptshare, because of the recently published security incident CVE-2021-42392 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392), you can rest assured.

We are not exposing the affected H2 APIs to the local network or the Internet. Therefore, Cryptshare is not affected by this vulnarability.

Log4Shell vulnerability CVE-2021-44228 - is Cryptshare affected?

About the Log4Shell vulnerability

A zero-day vulnerability “Log4Shell” (CVE-2021-44228) has been disclosed on 9 December 2021 and is already actively being exploited. For details about this vulnerability, please refer to https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Is Cryptshare affected by this vulnerability?

The Cryptshare products are not affected by the Log4Shell vulnerability. 

We have checked the use of the affected software components for all Cryptshare products. This applies to the entire product range (Cryptshare Server, Cryptshare for Outlook with Cryptshare Config Creator, Cryptshare for OWA, Cryptshare for Notes, Cryptshare Robot, Cryptshare Java API, Cryptshare .NET API, Cryptshare for NTA 7516) for both current and out-of-date versions.

In Cryptshare Server (current version: 5.1.0) Log4J was in use until version 3.10.3 (release date 30.05.2016), but in a version that is not affected by the security vulnerability.

Important note regarding the Cryptshare Software Development Kit (SDK)

Please note, however, that our Software Development Kit (SDK) includes a third-party mail server (Apache James) which is affected by the vulnerability. We are making the SDK available to customers who would like to try out the possibilities of automation with Cryptshare on a trial basis via our website. If the SDK is used as intended, this does not pose a risk, as the components of the SDK are not used productively and should not be accessible from the Internet. 

If you are using the Cryptshare SDK for the test implementation of an automation, ensure this intended use or refrain from using the test environment for the time being. An update for the SDK will be provided after a suitable fix for the included third-party components is available.

Productive automations using Java API, .NET API or Cryptshare Robot are not affected.

Important note on the use of virtual appliances

If your system is operated on VMware, please note the manufacturer's information on the effects of Log4Shell on VMware at https://www.vmware.com/security/advisories/VMSA-2021-0028.html 

Need support for Cryptshare?

The quality of our products and customer satisfaction mean a great deal to us and we aim to make our support legendary! Our target is to satisfy your requirements fast and in an intelligent manner meeting your expectations of a well engineered product for business use.

Do you know our online documentation?

Technical support

Technical support

The Cryptshare Service Promise does not end with the purchase of a Cryptshare license.

Installation, Customization and daily operations of Cryptshare. Our professional Support team based in Germany offers assistance every step of the way.

We are available for you

Every Monday to Friday 8:00 a.m. to 5:00 p.m. CET, except on first day of Christmas and new year's day.

Extended services

For requests that go beyond regular support, we have a professional service (available for a fee).

If your partner, IT service provider, or a partner from our network are unable to assist, you can always refer to us.

Extended services

Open support ticket

Legendary support

You can communicate any kind of problem to us. In case of technical problems, we suggest to use the "Export Support Information" function on the admin frontend of your Cryptshare system. This will send all relevant information such as version number and system log directly to us in a secure way and enables us to help you as quick as possible.

Of course you can also use this support form. Our specialists will immediately seek a solution and get back to you. This service is inclusive for licence holders.

You can also make suggestions for improvement at any time using this form and we welcome all ideas. We aim to improve Cryptshare and it is a key part of our product strategy for continually aligning to market demands. No-one knows exactly what you need better than you do, so don’t hold back.

If you would like to send us big files, please use our Cryptshare Web App.

You can call us under +49 761 / 38913-100

Open support ticket