Installing a SmartSDK Authentication App
Incident Properties
Question
Is there any special RXOP install magic for Auth Apps above and beyond std SmartSK apps?
Using RicohJavaDevice.install(AppZipFile) to install the package and getting the following:
install -- STATE_INSTALL_START
How to check Smart Scan Gui Ex package in IM C530FB device
Incident Properties
Question
Hi,
In our Installer Application. We have to check for existence of Smart Scan Gui Ex package via product id.
We see in IM C300, IM C400 it is:
M2a_SmartScanEx with product-id is1680333568
In ProC5300S: M2a_SmartScanEx with product-id is 1679877890
But in IM C530FB we think it is smartscannerex package (attached image).
So Application name and product id of Smart Scan Gui Ex package have changes.
Our questions:
1. What is product id of smartscannerex package in IM C530FB (version 2.04 and version 2.05)?
2. Because of changing Application name and Product Id, How to check for existence of Smart Scan Gui Ex package?
Please help.
Thank you very much.
RXOP 3.8.5 security issues found by VeraCode
Incident Properties
Question
Hi Ricoh Support Team
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxop-3.8.5.jar | void debug(org.apache.log4j.Logger): 96% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxop-3.8.5.jar | void debug(org.apache.log4j.Logger): 76% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxop-3.8.5.jar | void debug(org.apache.log4j.Logger): 86% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 95% | 4 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 31% | 4 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 67% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 69% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 91% | 20 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 71% | 20 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 52% | 4 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxop-3.8.5.jar | void debug(org.apache.log4j.Logger): 47% | 4 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxop-3.8.5.jar | void e(java.lang.String): 84% | 7 Paths | Open | None |
| Neutral | 502 Deserialization of Untrusted Data | 4/9/2021 3:16 PM EDT | gwt-rpc-comm-layer-ver-1.1.jar | GwtRpcCommLayerServlet.java: 203 | 1 Path | Open | None |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 23% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 28% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 41% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:40 PM EDT | EQBulkPackageManager.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 98% | 2 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 33% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 52% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 64% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 75% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 87% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 98% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 45% | 8 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 44% | 8 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 52% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 40% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 27% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 98% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 54% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxop-3.8.5.jar | void debug(org.apache.log4j.Logger): 97% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:26 PM EDT | rxfw.jar | void debug(org.apache.log4j.Logger): 48% | 2 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxop-3.8.5.jar | void debug(org.apache.log4j.Logger): 66% | 6 Paths | Open | None | |
| Neutral | 297 Improper Validation of Certificate with Host Mismatch | 4/9/2021 3:42 PM EDT | rxop-3.8.5.jar | boolean a(java.lang.String, java.lang.String, boolean, boolean): 9% | 2 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void b(java.lang.String): 87% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 95% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 98% | 5 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 5% | 6 Paths | Open | None | |
| Neutral | 319 Cleartext Transmission of Sensitive Information | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | java.lang.String getFirmwareInfoViaFtp(): 8% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 95% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void d(java.lang.String): 87% | 5 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 95% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 95% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void e(java.lang.String): 84% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 59% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 36% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 36% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 59% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 82% | 8 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 67% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 27% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 97% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 82% | 4 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 91% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 97% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 97% | 48 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 62% | 8 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void a(org.apache.log4j.Logger): 62% | 5 Paths | Open | None | |
| Neutral | 297 Improper Validation of Certificate with Host Mismatch | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void setCertlessHttps(boolean): 25% | 6 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:42 PM EDT | rxop-3.8.5.jar | void debug(org.apache.log4j.Logger): 64% | 2 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:40 PM EDT | EQBulkPackageManager.jar/rxconf-3.8.5.jar | FunctionHomeKeySetting getFunctionHomeKey(java.lang.String): 65% | 1 Path | Open | None | |
| Neutral | 502 Deserialization of Untrusted Data | 4/9/2021 3:40 PM EDT | EQBulkPackageManager.jar/rxop-3.8.5.jar | java.util.Map a(java.lang.String, org.apache.http.HttpEntity): 92% | 1 Path | Open | None |
| Neutral | 502 Deserialization of Untrusted Data | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxconf-3.8.5.jar | i a(java.lang.String, org.apache.http.HttpEntity): 87% | 6 Paths | Open | None |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 64% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:39 PM EDT | rxop.jar | void debug(org.apache.log4j.Logger): 45% | 8 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:42 PM EDT | rxop-3.8.5.jar | void debug(org.apache.log4j.Logger): 83% | 2 Paths | Open | None | |
| Neutral | 297 Improper Validation of Certificate with Host Mismatch | 4/9/2021 3:42 PM EDT | rxop-3.8.5.jar | boolean a(java.lang.String, boolean, boolean, RetryHandler): 13% | 2 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 52% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 40% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:39 PM EDT | rxop.jar | void debug(org.apache.log4j.Logger): 63% | 1 Path | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 86% | 1 Path | Open | None | |
| Neutral | 297 Improper Validation of Certificate with Host Mismatch | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | boolean a(java.lang.String, java.lang.String, boolean, boolean): 7% | 4 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 63% | 4 Paths | Open | None | |
| Neutral | 297 Improper Validation of Certificate with Host Mismatch | 4/9/2021 3:41 PM EDT | DRS-8.2.2.zip_virtualjar.jar/rxinst-3.8.5.jar | boolean a(java.lang.String, boolean, boolean, RetryHandler): 11% | 4 Paths | Open | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 63% | 1 Path | New | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 62% | 8 Paths | New | None | |
| Likely | 117 Improper Output Neutralization for Logs | 4/9/2021 3:37 PM EDT | rxinst-3.8.5.jar | void debug(org.apache.log4j.Logger): 73% | 1 Path | New | None | |
| Neutral | 209 Generation of Error Message Containing Sensitive Information | 4/9/2021 3:16 PM EDT | gwt-rpc-comm-layer-ver-1.1.jar | GwtRpcCommLayerServlet.java: 261 | 1 Path | Open | None | |
| Neutral | 209 Generation of Error Message Containing Sensitive Information | 4/9/2021 3:16 PM EDT | gwt-rpc-comm-layer-ver-1.1.jar | GwtRpcCommLayerServlet.java: 271 | 1 Path | Open | None | |
| Neutral | 209 Generation of Error Message Containing Sensitive Information | 4/9/2021 3:16 PM EDT | gwt-rpc-comm-layer-ver-1.1.jar | GwtRpcCommLayerServlet.java: 266 | 1 Path | Open | None |
Question about <app-extension> tag in .dalp file
Incident Properties
Question
Hi,
In
RICOH SmartSDK Developer's Guide
Section Start Guide -> 03. Packaging Process\ Create dalp file
I do not know how to add <app-extension> info.
I expect to add a text file to Application zip file (together apk and dalp)
Please advise.
Thank you very much.
Best Regards,
Request for an ACL file for RXOP development and investigation
Incident Properties
Question
I'd like to request a new ACL file for my RXOP client utility. Ideally, I'd like it for every SP if possible!
I thought I had a wide-open development ACL file from Ke (only for testing ROC, RXOP, etc.) but it looks like the one I have is ROC specific. So it is missing:
- 5-712-001
- 5-712-002
- 5-712-003
So, I promise to be careful with an ACL file that has every SP in it, but if that isn't possible, some subset that includes these three as well.
Thanks.
Many ricoh.rxop.rxcommon.RxopException occurs when run RXOP code based installer to install RICOH SOP app
Incident Properties
Question
Hi,
Our customer has these errors when running installer to install RICOH SOP application to the device:
ricoh.rxop.rxcommon.RxopException: -- init -- SDK/J not found on device.
ricoh.rxop.rxcommon.RxopException: -- init -- Connection reset
How to use RXOP with IP V6
Incident Properties
Question
Hi,
We have to update the installer application use RXOP based code to use IP V6.
Please advise:
- How to config the device use IP V6?
- What RXOP version support IP V6 and where to get the document?
Thank you very much.
Best Regards,
HTTPException error when install SmartScanEx_106.zip by Installer Application (RXOP based)
Incident Properties
Question
Hi,
I use RXOP based code to install SmartScanEx_106.zip to the device as following:
try
{
apps = AppZipFile.Load(f);
}
catch (AppZipFileException e)
{
String abc = null;
}
adminUsername, adminPassword, null, null);
rDevice.setAllowDeviceLock(false);
rDevice.setLogLevel(Level.DEBUG);
rDevice.addObserver(devObserver);
rDevice.install(file, (allowReboot == 0) ? false : true);
SmartScanEX 2.x have multiple ID
Incident Properties
Question
Hi,
From this incident https://ricoh-ridp.com/ridp/support-system/incident/ricoh-americas-corp-technology-center/1609785275/413261849/3988
and as we understand.
SmartScanEx version 1.x have ID 1679877888
SmartScanEx version 2.x have ID 1680333568 (IM device: IM 300, IM 400)
But I see in new model - ProC5300S - ID of SmartscanEx on this device is 1679877890
Please help to tell us why there is a new ID.
Basically, we only expect the ID must be the same as the one we worked on against SmartScanEX 2.x
Thank you very much.
security concerns over RXOP libs
Incident Properties
Question
During regular scanning of 3rd party libraries used by WhiteSource we got an alert that log4j-1.2.17.jar has been rejected for High Severity Vulnerabilities. While we use 3.8.1 I also checked 3.8.3 and that also still uses old libraries.
Side note that I also see that the following unsecure libs are being used
- commons-codec-1.11.jar - Reject Medium Severity Vulnerabilities
- httpclient-4.5.7.jar - Reject Medium Severity Vulnerabilities
Does Ricoh have an ETA on updating these libraries. I know some of them are co-dependant so it might require quite a bit of effort to update to more recent versions?