OrthoView – Response to the Log4j Vulnerability (LogShell)

Details on this vulnerability and possible mitigations can be found on these Government websites:

US: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

UK: https://www.ncsc.gov.uk/news/apache-log4j-vulnerability

The reported exploit is typically achieved by sending a corrupting http request to a vulnerable server.

We have reviewed all the OrthoView products for this vulnerability.

  • The OrthoView Template Delivery Server (TDS) was found to be vulnerable to this attack. This server has already been fixed and has never exploited.
  • All OrthoView products prior to 7.1 do not have this library or vulnerability.
  • OrthoView 7.1.x and 7.3.x use this library but are considered very low risk because:
    • All OrthoView installations should be located inside of the hospital network and (other than the TDS) have no external access which could be exploited.
    • OrthoView servers use a different logging framework and hence are not vulnerable to these attacks even if accessed by unauthorised users.
    • The affected log4J libraries are used by OrthoView only when executed as a Desktop application (either installed explicitly on a Desktop or auto installed from an OrthoView server). They do not accept http requests.
  • OrthoView 7.4.x also uses this library and when installed with the zero footprint (ZFP module) does accept http requests. This is considered low risk as:
    • All OrthoView installations should be located inside of the hospital network and (other than the TDS) have no external access which could be exploited.
    • Most 7.4.x usage is of the “standard” product which is very low risk as indicated for 7.1.x, and 7.3.x.
  • All other OrthoView websites and services are unaffected.

Although low risk, the mere presence of this library is likely to concern Hospital IT and therefore we will provide the patch for all server deployed versions of OrthoView (including ZFP). We also will supply patches to any Desktop installed versions on request.

If you require the patch or have any queries, please do not hesitate to contact our support teams on:

+44 (0)2380 762500 Option 2



Secure planning, anywhere

As a web or a desktop application, OrthoView is easily accessible from anywhere in the hospital network.

Request a technical consultation

Hassle-free & secure deployment

Hospital IT management can deploy Materialise OrthoView as a web application in the hospital requiring zero footprint on the desktop computers and without hardware or software (i.e. Java, Citrix) dependencies.

Patient data never leaves the hospital network as Materialise OrthoView is hosted by the hospital IT department, neither in the cloud by Materialise nor by any third party.

For more information about our licensing and installation options, please contact us to discuss the most suitable options based on your institution’s needs.

Seamless access

Throughout the hospital network, Materialise OrthoView can be run as a desktop or web application and can be quickly and easily launched with any PACS to fit a surgeon’s daily work. In fact, 86% of OrthoView customers report good or higher satisfaction with the fit into the clinical routine.

Powerful insights,
inspiring outcomes

Here’s a selection of articles on digital templating you might be interested in.

Discover more resources

Experience templating with OrthoView

Our online OrthoView trial allows you to discover smart planning with +220,000 templates in OrthoView in your web browser. No installation is needed. Simply create an account to get started. 

To test integration in your hospital, you can also request a 30-day trial license and download an OrthoView installer. We’ll assist with the installation. 

Create account Request trial license

This content is intended for Health Care Professionals only - L-100891