You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@netbeans.apache.org by "Forshaw, Kieran" <ki...@astrazeneca.com> on 2022/01/05 11:00:04 UTC

RE: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application?

Hi,

Please let me know if there is any update on this.

Kieran Forshaw
Data Science Degree Apprentice
_____________________________________________________________________

AstraZeneca
Pharmaceutical Technology & Development│Oral Product Development
Macclesfield, Cheshire, SK10 2NA
kieran.forshaw@astrazeneca.com

Please consider the environment before printing this e-mail





From: Forshaw, Kieran
Sent: 22 December 2021 09:24
To: users@netbeans.apache.org; dev@netbeans.apache.org
Subject: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application?

Hello,

Our company's Cyber Security department has made us aware of a critical vulnerability, cataloged as CVE-2021-44228.

In brief, this vulnerability allows a hacker to execute arbitrary code via applications that are based on Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI.

Please refer to this link for details on this threat:  https://nvd.nist.gov/vuln/detail/CVE-2021-44228

We currently use the following software from your company:  Apache Netbeans IDE 12.5

Could you please answer the following questions related to this software and the CVE-2021-44228 vulnerability?


  1.  Does this application use Java?
     *   If so, is Apache Log4j2 used in this application?

                                                               i.      Is the version of Apache Log4j2 2.0-beta9 through 2.12.1 or 2.13.0 through 2.15.0 JNDI?

           *   If so, do you have a permanent fix or a temporary fix?
              *   When will this fix be available?

We appreciate your response back on this as quickly as possible.

Thank you,


Kieran Forshaw
Data Science Apprentice
_____________________________________________________________________

AstraZeneca
Pharmaceutical Technology & Development│Oral Product Development
Macclesfield, Cheshire, SK10 2NA
kieran.forshaw@astrazeneca.com<ma...@astrazeneca.com>

Please consider the environment before printing this e-mail



________________________________

AstraZeneca UK Limited is a company incorporated in England and Wales with registered number:03674842 and its registered office at 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA.

This e-mail and its attachments are intended for the above named recipient only and may contain confidential and privileged information. If they have come to you in error, you must not copy or show them to anyone; instead, please reply to this e-mail, highlighting the error to the sender and then immediately delete the message. For information about how AstraZeneca UK Limited and its affiliates may process information, personal data and monitor communications, please see our privacy notice at www.astrazeneca.com<https://www.astrazeneca.com>

RE: [External] : Re: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application?

Posted by Arvind Aprameya <ar...@oracle.com>.

Thank you for all your responses Geertjan !

regards,
Arvind
-----Original Message-----
From: Geertjan Wielenga <ge...@googlemail.com.INVALID> 
Sent: Wednesday, January 5, 2022 6:20 PM
To: dev <de...@netbeans.apache.org>; kieran.forshaw@astrazeneca.com
Cc: users@netbeans.apache.org
Subject: [External] : Re: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application?

https://urldefense.com/v3/__http://blogs.apache.org/netbeans/entry/log4j-and-apache-netbeans__;!!ACWV5N9M2RV99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8yS_lUyLnHkPpbBDjcaofjYhD$ 

Gj

On Wed, Jan 5, 2022 at 12:01 PM Forshaw, Kieran < kieran.forshaw@astrazeneca.com> wrote:

> Hi,
>
> Please let me know if there is any update on this.
>
> Kieran Forshaw
> Data Science Degree Apprentice
> _____________________________________________________________________
>
> AstraZeneca
> Pharmaceutical Technology & Development│Oral Product Development 
> Macclesfield, Cheshire, SK10 2NA kieran.forshaw@astrazeneca.com
>
> Please consider the environment before printing this e-mail
>
>
>
>
>
> From: Forshaw, Kieran
> Sent: 22 December 2021 09:24
> To: users@netbeans.apache.org; dev@netbeans.apache.org
> Subject: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact 
> on Apache Netbeans IDE 12.5 Application?
>
> Hello,
>
> Our company's Cyber Security department has made us aware of a 
> critical vulnerability, cataloged as CVE-2021-44228.
>
> In brief, this vulnerability allows a hacker to execute arbitrary code 
> via applications that are based on Apache Log4j2 2.0-beta9 through 
> 2.12.1 and
> 2.13.0 through 2.15.0 JNDI.
>
> Please refer to this link for details on this threat:
> https://urldefense.com/v3/__https://nvd.nist.gov/vuln/detail/CVE-2021-
> 44228__;!!ACWV5N9M2RV99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8
> yS_lUyLnHkPpbBDjcaHAmA2K$
>
> We currently use the following software from your company:  Apache 
> Netbeans IDE 12.5
>
> Could you please answer the following questions related to this 
> software and the CVE-2021-44228 vulnerability?
>
>
>   1.  Does this application use Java?
>      *   If so, is Apache Log4j2 used in this application?
>
>                                                                i.      Is
> the version of Apache Log4j2 2.0-beta9 through 2.12.1 or 2.13.0 
> through
> 2.15.0 JNDI?
>
>            *   If so, do you have a permanent fix or a temporary fix?
>               *   When will this fix be available?
>
> We appreciate your response back on this as quickly as possible.
>
> Thank you,
>
>
> Kieran Forshaw
> Data Science Apprentice
> _____________________________________________________________________
>
> AstraZeneca
> Pharmaceutical Technology & Development│Oral Product Development 
> Macclesfield, Cheshire, SK10 2NA 
> kieran.forshaw@astrazeneca.com<ma...@astrazeneca.com>
>
> Please consider the environment before printing this e-mail
>
>
>
> ________________________________
>
> AstraZeneca UK Limited is a company incorporated in England and Wales 
> with registered number:03674842 and its registered office at 1 Francis 
> Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA.
>
> This e-mail and its attachments are intended for the above named 
> recipient only and may contain confidential and privileged 
> information. If they have come to you in error, you must not copy or 
> show them to anyone; instead, please reply to this e-mail, 
> highlighting the error to the sender and then immediately delete the 
> message. For information about how AstraZeneca UK Limited and its 
> affiliates may process information, personal data and monitor 
> communications, please see our privacy notice at 
> https://urldefense.com/v3/__http://www.astrazeneca.com__;!!ACWV5N9M2RV
> 99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8yS_lUyLnHkPpbBDjcVNz2
> qeH$ 
> <https://urldefense.com/v3/__https://www.astrazeneca.com__;!!ACWV5N9M2
> RV99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8yS_lUyLnHkPpbBDjcUl
> tXVYE$ >
>

Re: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application?

Posted by Geertjan Wielenga <ge...@googlemail.com.INVALID>.

http://blogs.apache.org/netbeans/entry/log4j-and-apache-netbeans

Gj

On Wed, Jan 5, 2022 at 12:01 PM Forshaw, Kieran <
kieran.forshaw@astrazeneca.com> wrote:

> Hi,
>
> Please let me know if there is any update on this.
>
> Kieran Forshaw
> Data Science Degree Apprentice
> _____________________________________________________________________
>
> AstraZeneca
> Pharmaceutical Technology & Development│Oral Product Development
> Macclesfield, Cheshire, SK10 2NA
> kieran.forshaw@astrazeneca.com
>
> Please consider the environment before printing this e-mail
>
>
>
>
>
> From: Forshaw, Kieran
> Sent: 22 December 2021 09:24
> To: users@netbeans.apache.org; dev@netbeans.apache.org
> Subject: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on
> Apache Netbeans IDE 12.5 Application?
>
> Hello,
>
> Our company's Cyber Security department has made us aware of a critical
> vulnerability, cataloged as CVE-2021-44228.
>
> In brief, this vulnerability allows a hacker to execute arbitrary code via
> applications that are based on Apache Log4j2 2.0-beta9 through 2.12.1 and
> 2.13.0 through 2.15.0 JNDI.
>
> Please refer to this link for details on this threat:
> https://nvd.nist.gov/vuln/detail/CVE-2021-44228
>
> We currently use the following software from your company:  Apache
> Netbeans IDE 12.5
>
> Could you please answer the following questions related to this software
> and the CVE-2021-44228 vulnerability?
>
>
>   1.  Does this application use Java?
>      *   If so, is Apache Log4j2 used in this application?
>
>                                                                i.      Is
> the version of Apache Log4j2 2.0-beta9 through 2.12.1 or 2.13.0 through
> 2.15.0 JNDI?
>
>            *   If so, do you have a permanent fix or a temporary fix?
>               *   When will this fix be available?
>
> We appreciate your response back on this as quickly as possible.
>
> Thank you,
>
>
> Kieran Forshaw
> Data Science Apprentice
> _____________________________________________________________________
>
> AstraZeneca
> Pharmaceutical Technology & Development│Oral Product Development
> Macclesfield, Cheshire, SK10 2NA
> kieran.forshaw@astrazeneca.com<ma...@astrazeneca.com>
>
> Please consider the environment before printing this e-mail
>
>
>
> ________________________________
>
> AstraZeneca UK Limited is a company incorporated in England and Wales with
> registered number:03674842 and its registered office at 1 Francis Crick
> Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA.
>
> This e-mail and its attachments are intended for the above named recipient
> only and may contain confidential and privileged information. If they have
> come to you in error, you must not copy or show them to anyone; instead,
> please reply to this e-mail, highlighting the error to the sender and then
> immediately delete the message. For information about how AstraZeneca UK
> Limited and its affiliates may process information, personal data and
> monitor communications, please see our privacy notice at
> www.astrazeneca.com<https://www.astrazeneca.com>
>

Re: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application?

Posted by Geertjan Wielenga <ge...@googlemail.com.INVALID>.

http://blogs.apache.org/netbeans/entry/log4j-and-apache-netbeans

Gj

On Wed, Jan 5, 2022 at 12:01 PM Forshaw, Kieran <
kieran.forshaw@astrazeneca.com> wrote:

> Hi,
>
> Please let me know if there is any update on this.
>
> Kieran Forshaw
> Data Science Degree Apprentice
> _____________________________________________________________________
>
> AstraZeneca
> Pharmaceutical Technology & Development│Oral Product Development
> Macclesfield, Cheshire, SK10 2NA
> kieran.forshaw@astrazeneca.com
>
> Please consider the environment before printing this e-mail
>
>
>
>
>
> From: Forshaw, Kieran
> Sent: 22 December 2021 09:24
> To: users@netbeans.apache.org; dev@netbeans.apache.org
> Subject: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on
> Apache Netbeans IDE 12.5 Application?
>
> Hello,
>
> Our company's Cyber Security department has made us aware of a critical
> vulnerability, cataloged as CVE-2021-44228.
>
> In brief, this vulnerability allows a hacker to execute arbitrary code via
> applications that are based on Apache Log4j2 2.0-beta9 through 2.12.1 and
> 2.13.0 through 2.15.0 JNDI.
>
> Please refer to this link for details on this threat:
> https://nvd.nist.gov/vuln/detail/CVE-2021-44228
>
> We currently use the following software from your company:  Apache
> Netbeans IDE 12.5
>
> Could you please answer the following questions related to this software
> and the CVE-2021-44228 vulnerability?
>
>
>   1.  Does this application use Java?
>      *   If so, is Apache Log4j2 used in this application?
>
>                                                                i.      Is
> the version of Apache Log4j2 2.0-beta9 through 2.12.1 or 2.13.0 through
> 2.15.0 JNDI?
>
>            *   If so, do you have a permanent fix or a temporary fix?
>               *   When will this fix be available?
>
> We appreciate your response back on this as quickly as possible.
>
> Thank you,
>
>
> Kieran Forshaw
> Data Science Apprentice
> _____________________________________________________________________
>
> AstraZeneca
> Pharmaceutical Technology & Development│Oral Product Development
> Macclesfield, Cheshire, SK10 2NA
> kieran.forshaw@astrazeneca.com<ma...@astrazeneca.com>
>
> Please consider the environment before printing this e-mail
>
>
>
> ________________________________
>
> AstraZeneca UK Limited is a company incorporated in England and Wales with
> registered number:03674842 and its registered office at 1 Francis Crick
> Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA.
>
> This e-mail and its attachments are intended for the above named recipient
> only and may contain confidential and privileged information. If they have
> come to you in error, you must not copy or show them to anyone; instead,
> please reply to this e-mail, highlighting the error to the sender and then
> immediately delete the message. For information about how AstraZeneca UK
> Limited and its affiliates may process information, personal data and
> monitor communications, please see our privacy notice at
> www.astrazeneca.com<https://www.astrazeneca.com>
>