Notification about the vulnerability in FUJIFILM WORKFLOW XMF Remote

March 4, 2024

Dear Customers,

We would like to thank you for your continued support towards FUJIFILM products.
We are aware of the reported remote code execution vulnerability with ActiveMQ (CVE-2023-46604) and determined that the vulnerability exists in our products.

Affected products and versions

XMF Remote R10.16_0004 and earlier versions

Potential impact

If the recommended configuration below is not applied, there is a potential risk that XMF Remote server may receive attacks targeting the vulnerability from external sources.

  • * Recommended configuration:
    Limit the inbound communication from the Internet to the XMF Remote server to port 443 and 80 only (or to port 443 only if not using HTTP) for the firewall in the network where the XMF Remote Server is installed.

Workaround

Please make sure the recommended configuration is applied in your network environment.
If you have any questions, please contact the distributor where you purchased this software.

Contact

Please contact the distributor where you purchased your software.