A third party component in the EN Data IS affected and shows ONE Log4j vulnerability in its Extractor unit. Vulnerability in NiFi, the third party component in the EN Data Extractor is being addressed by the vendor in an emergency patch (v1.5.1). PerkinElmer will release an updated EN Toolkit patch that includes the NiFi 1.5.1 patch once it is available.
Our analysis is that this security risk is very low as the EN Data Extractor is installed behind the customer’s firewall and is primarily used by PerkinElmer Services for setting up and running extraction of E-Notebook data to Signals Notebook ELN Archive. EN Data Extractor is removed after extraction of data is complete. Signals Notebook services are already patched for this vulnerability.