I believe I already answered this off-list. Ralph
> On Jan 20, 2022, at 7:17 AM, anchit parmar > <anchit.par...@idbiintech.com.invalid> wrote: > > Dear Team, > > > > Please confim if 2.12.4 is vuln to following CVE's > > 1) <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105> > CVE-2021-45105 > > 2) <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046> > CVE-2021-45046 > > 3) <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228> > CVE-2021-44228 > > > > Also, > > As per https://endoflife.date/log4j log4j version 2.12.x has reached its > EOL. The Log4j team no longer supports Java 7. > > > > Please confirm if above statement is true or not. > > > > > > Warm Regards, > > Anchit Parmar > > Team Lead - Vulnerability Management & Penetration Testing Practice > > Information Security Department > > IDBI Intech Limited , IDBI Bank Building, Plot No. 39-41, Sector-11, > > CBD Belapur, Navi Mumbai - 400 614 . > > Cell- 8779522843 > > > > > Disclaimer: This e-mail contains privileged information or information > belonging to IDBI Intech Ltd and is intended solely for the addressee/s. > Access to this email by anyone else is unauthorized. Any copying (whole or > partial) or further distribution beyond the original recipient is not > intended, and may be unlawful. The recipient acknowledges that IDBI Intech > Ltd is unable to exercise control or ensure or guarantee the integrity of the > contents of the information contained in e-mail transmissions and further > acknowledges that any views expressed in this message are those of the > individual sender and are not binding on IDBI Intech Ltd. E-mails are > susceptible to alteration and their integrity cannot be guaranteed. IDBI > Intech Ltd does not accept any liability for any damages caused on account of > this e-mail. If you have received this email in error, please contact the > sender and delete the material from your computer.