Dear Customers,

We would like to thank you for your continued support towards FUJIFILM products.
We are aware of the reported remote code execution vulnerability with ActiveMQ (CVE-2023-46604) and determined that the vulnerability exists in our products.

Affected products and versions

XMF Remote R10.16_0004 and earlier versions

Potential impact

If the recommended configuration below is not applied, there is a potential risk that XMF Remote server may receive attacks targeting the vulnerability from external sources.

*Recommended configuration:
Limit the inbound communication from the Internet to the XMF Remote server to port 443 and 80 only (or to port 443 only if not using HTTP) for the firewall in the network where the XMF Remote Server is installed.

Countermeasure

We have prepared the upgraded software.
If you are using the affected products, please contact the distributor where you purchased this software.
Please also make sure the recommended configuration is applied in your network environment.

Contact

Please contact the distributor where you purchased your software.