Hi, Please let me know if there is any update on this.
Kieran Forshaw Data Science Degree Apprentice _____________________________________________________________________ AstraZeneca Pharmaceutical Technology & DevelopmentāOral Product Development Macclesfield, Cheshire, SK10 2NA [email protected] Please consider the environment before printing this e-mail From: Forshaw, Kieran Sent: 22 December 2021 09:24 To: [email protected]; [email protected] Subject: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application? Hello, Our company's Cyber Security department has made us aware of a critical vulnerability, cataloged as CVE-2021-44228. In brief, this vulnerability allows a hacker to execute arbitrary code via applications that are based on Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI. Please refer to this link for details on this threat: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 We currently use the following software from your company: Apache Netbeans IDE 12.5 Could you please answer the following questions related to this software and the CVE-2021-44228 vulnerability? 1. Does this application use Java? * If so, is Apache Log4j2 used in this application? i. Is the version of Apache Log4j2 2.0-beta9 through 2.12.1 or 2.13.0 through 2.15.0 JNDI? * If so, do you have a permanent fix or a temporary fix? * When will this fix be available? We appreciate your response back on this as quickly as possible. Thank you, Kieran Forshaw Data Science Apprentice _____________________________________________________________________ AstraZeneca Pharmaceutical Technology & DevelopmentāOral Product Development Macclesfield, Cheshire, SK10 2NA [email protected]<mailto:[email protected]> Please consider the environment before printing this e-mail ________________________________ AstraZeneca UK Limited is a company incorporated in England and Wales with registered number:03674842 and its registered office at 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA. This e-mail and its attachments are intended for the above named recipient only and may contain confidential and privileged information. If they have come to you in error, you must not copy or show them to anyone; instead, please reply to this e-mail, highlighting the error to the sender and then immediately delete the message. For information about how AstraZeneca UK Limited and its affiliates may process information, personal data and monitor communications, please see our privacy notice at www.astrazeneca.com<https://www.astrazeneca.com>
