Thank you for all your responses Geertjan ! regards, Arvind -----Original Message----- From: Geertjan Wielenga <[email protected]> Sent: Wednesday, January 5, 2022 6:20 PM To: dev <[email protected]>; [email protected] Cc: [email protected] Subject: [External] : Re: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application?
https://urldefense.com/v3/__http://blogs.apache.org/netbeans/entry/log4j-and-apache-netbeans__;!!ACWV5N9M2RV99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8yS_lUyLnHkPpbBDjcaofjYhD$ Gj On Wed, Jan 5, 2022 at 12:01 PM Forshaw, Kieran < [email protected]> wrote: > Hi, > > Please let me know if there is any update on this. > > Kieran Forshaw > Data Science Degree Apprentice > _____________________________________________________________________ > > AstraZeneca > Pharmaceutical Technology & DevelopmentāOral Product Development > Macclesfield, Cheshire, SK10 2NA [email protected] > > Please consider the environment before printing this e-mail > > > > > > From: Forshaw, Kieran > Sent: 22 December 2021 09:24 > To: [email protected]; [email protected] > Subject: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact > on Apache Netbeans IDE 12.5 Application? > > Hello, > > Our company's Cyber Security department has made us aware of a > critical vulnerability, cataloged as CVE-2021-44228. > > In brief, this vulnerability allows a hacker to execute arbitrary code > via applications that are based on Apache Log4j2 2.0-beta9 through > 2.12.1 and > 2.13.0 through 2.15.0 JNDI. > > Please refer to this link for details on this threat: > https://urldefense.com/v3/__https://nvd.nist.gov/vuln/detail/CVE-2021- > 44228__;!!ACWV5N9M2RV99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8 > yS_lUyLnHkPpbBDjcaHAmA2K$ > > We currently use the following software from your company: Apache > Netbeans IDE 12.5 > > Could you please answer the following questions related to this > software and the CVE-2021-44228 vulnerability? > > > 1. Does this application use Java? > * If so, is Apache Log4j2 used in this application? > > i. Is > the version of Apache Log4j2 2.0-beta9 through 2.12.1 or 2.13.0 > through > 2.15.0 JNDI? > > * If so, do you have a permanent fix or a temporary fix? > * When will this fix be available? > > We appreciate your response back on this as quickly as possible. > > Thank you, > > > Kieran Forshaw > Data Science Apprentice > _____________________________________________________________________ > > AstraZeneca > Pharmaceutical Technology & DevelopmentāOral Product Development > Macclesfield, Cheshire, SK10 2NA > [email protected]<mailto:[email protected]> > > Please consider the environment before printing this e-mail > > > > ________________________________ > > AstraZeneca UK Limited is a company incorporated in England and Wales > with registered number:03674842 and its registered office at 1 Francis > Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA. > > This e-mail and its attachments are intended for the above named > recipient only and may contain confidential and privileged > information. If they have come to you in error, you must not copy or > show them to anyone; instead, please reply to this e-mail, > highlighting the error to the sender and then immediately delete the > message. For information about how AstraZeneca UK Limited and its > affiliates may process information, personal data and monitor > communications, please see our privacy notice at > https://urldefense.com/v3/__http://www.astrazeneca.com__;!!ACWV5N9M2RV > 99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8yS_lUyLnHkPpbBDjcVNz2 > qeH$ > <https://urldefense.com/v3/__https://www.astrazeneca.com__;!!ACWV5N9M2 > RV99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8yS_lUyLnHkPpbBDjcUl > tXVYE$ > >
