Notification about the vulnerability in FUJIFILM WORKFLOW XMF Remote
March 29, 2024
Dear Customers,
We would like to thank you for your continued support towards FUJIFILM products.
We are aware of the reported remote code execution vulnerability with ActiveMQ (CVE-2023-46604) and determined that the vulnerability exists in our products.
Affected products and versions
XMF Remote R10.16_0004 and earlier versions
Potential impact
If the recommended configuration below is not applied, there is a potential risk that XMF Remote server may receive attacks targeting the vulnerability from external sources.
*Recommended configuration:
Limit the inbound communication from the Internet to the XMF Remote server to port 443 and 80 only (or to port 443 only if not using HTTP) for the firewall in the network where the XMF Remote Server is installed.
Countermeasure
We have prepared the upgraded software.
If you are using the affected products, please contact the distributor where you purchased this software.
Please also make sure the recommended configuration is applied in your network environment.
Contact
Please contact the distributor where you purchased your software.