You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@netbeans.apache.org by Arvind Aprameya <ar...@oracle.com> on 2022/01/06 10:59:58 UTC
RE: [External] : Re: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application?
Thank you for all your responses Geertjan !
regards,
Arvind
-----Original Message-----
From: Geertjan Wielenga <ge...@googlemail.com.INVALID>
Sent: Wednesday, January 5, 2022 6:20 PM
To: dev <de...@netbeans.apache.org>; kieran.forshaw@astrazeneca.com
Cc: users@netbeans.apache.org
Subject: [External] : Re: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application?
https://urldefense.com/v3/__http://blogs.apache.org/netbeans/entry/log4j-and-apache-netbeans__;!!ACWV5N9M2RV99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8yS_lUyLnHkPpbBDjcaofjYhD$
Gj
On Wed, Jan 5, 2022 at 12:01 PM Forshaw, Kieran < kieran.forshaw@astrazeneca.com> wrote:
> Hi,
>
> Please let me know if there is any update on this.
>
> Kieran Forshaw
> Data Science Degree Apprentice
> _____________________________________________________________________
>
> AstraZeneca
> Pharmaceutical Technology & DevelopmentāOral Product Development
> Macclesfield, Cheshire, SK10 2NA kieran.forshaw@astrazeneca.com
>
> Please consider the environment before printing this e-mail
>
>
>
>
>
> From: Forshaw, Kieran
> Sent: 22 December 2021 09:24
> To: users@netbeans.apache.org; dev@netbeans.apache.org
> Subject: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact
> on Apache Netbeans IDE 12.5 Application?
>
> Hello,
>
> Our company's Cyber Security department has made us aware of a
> critical vulnerability, cataloged as CVE-2021-44228.
>
> In brief, this vulnerability allows a hacker to execute arbitrary code
> via applications that are based on Apache Log4j2 2.0-beta9 through
> 2.12.1 and
> 2.13.0 through 2.15.0 JNDI.
>
> Please refer to this link for details on this threat:
> https://urldefense.com/v3/__https://nvd.nist.gov/vuln/detail/CVE-2021-
> 44228__;!!ACWV5N9M2RV99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8
> yS_lUyLnHkPpbBDjcaHAmA2K$
>
> We currently use the following software from your company: Apache
> Netbeans IDE 12.5
>
> Could you please answer the following questions related to this
> software and the CVE-2021-44228 vulnerability?
>
>
> 1. Does this application use Java?
> * If so, is Apache Log4j2 used in this application?
>
> i. Is
> the version of Apache Log4j2 2.0-beta9 through 2.12.1 or 2.13.0
> through
> 2.15.0 JNDI?
>
> * If so, do you have a permanent fix or a temporary fix?
> * When will this fix be available?
>
> We appreciate your response back on this as quickly as possible.
>
> Thank you,
>
>
> Kieran Forshaw
> Data Science Apprentice
> _____________________________________________________________________
>
> AstraZeneca
> Pharmaceutical Technology & DevelopmentāOral Product Development
> Macclesfield, Cheshire, SK10 2NA
> kieran.forshaw@astrazeneca.com<ma...@astrazeneca.com>
>
> Please consider the environment before printing this e-mail
>
>
>
> ________________________________
>
> AstraZeneca UK Limited is a company incorporated in England and Wales
> with registered number:03674842 and its registered office at 1 Francis
> Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA.
>
> This e-mail and its attachments are intended for the above named
> recipient only and may contain confidential and privileged
> information. If they have come to you in error, you must not copy or
> show them to anyone; instead, please reply to this e-mail,
> highlighting the error to the sender and then immediately delete the
> message. For information about how AstraZeneca UK Limited and its
> affiliates may process information, personal data and monitor
> communications, please see our privacy notice at
> https://urldefense.com/v3/__http://www.astrazeneca.com__;!!ACWV5N9M2RV
> 99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8yS_lUyLnHkPpbBDjcVNz2
> qeH$
> <https://urldefense.com/v3/__https://www.astrazeneca.com__;!!ACWV5N9M2
> RV99hQ!eCxps_cswAS-TwSLgH7VL6N_8g4vBP_6CsmOjlQSiAa8yS_lUyLnHkPpbBDjcUl
> tXVYE$ >
>