Re: GNU Project (GNU Parallel) | Zoom Log4j Vulnerability Questionnaire

[Third Party Risk Management]

Hi GNU Project Team,

The Log4j questionnaire sent on Feb 15, 2022, is overdue. Zoom requires this information in order to ensure no further compromise due to the vulnerability. Please submit the questionnaire as soon as possible.

Thank you for doing your part in protecting Zoom!
Zoom Third Party Risk Management

On Wed, Feb 16, 2022 at 5:55 AM Third Party Risk Management <third-party-risk-management@zoom.us> wrote:

Hi GNU Project Team,

 

Zoom needs your assistance regarding the recent Apache Log4j vulnerability. Log4j is a Java-based logging utility. Older versions are vulnerable to remote code execution (RCE) attacks, where an attacker could be able to modify logging configuration files. In order to provide assurance to our customers, Zoom is conducting outreach to our third parties to mitigate the potential risk of compromise due to these vulnerabilities.

As a third party to Zoom, we are requesting that your company complete the attached questionnaire by February 18, 2022 (Friday). Please provide any supporting documentation on your company’s formal response to how you are addressing the vulnerability.

Your response must cover the following products/applications in use at Zoom:

• GNU Parallel

If you have any questions or concerns, please reach out to TPRM@zoom.us. Thank you for your participation!

Zoom Third Party Risk Management

--

Third Party Risk Management Zoom Video Communications

Zoom_Vendor Questionnaire_Log4j Vulnerability.docx
Description: MS-Word 2007 document