Urgent cyber security

16 views
Skip to first unread message

Rob Cox

unread,
Dec 17, 2021, 10:44:31 AM12/17/21
to COPASI User Forum

Hello,

Our company’s Cyber Security department has made us aware of a critical vulnerability, catalogued as CVE-2021-44228.

In brief, this vulnerability allows a hacker to execute arbitrary code via applications that are based on Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI.

Please refer to this link for details on this threat:  https://nvd.nist.gov/vuln/detail/CVE-2021-44228

We currently use the following software from your company:  COPASI

Could you please answer the following questions related to this software and the CVE-2021-44228 vulnerability?

 

  1. Does this application use Java?
    1. If so, is Apache Log4j2 used in this application?

                                                               i.      Is the version of Apache Log4j2 2.0-beta9 through 2.12.1 or 2.13.0 through 2.15.0 JNDI?

  1. If so, do you have a permanent fix or a temporary fix?
    1. When will this fix be available?

 

We appreciate your response back on this as quickly as possible.

Reply all
Reply to author
Forward
0 new messages