Critical Severity
An update on the Apache Log4j 2.x vulnerabilities
Updated January 19, 4:35pm:
IBM’s top priority remains the security of our clients and products. IBM is actively responding to the remote code execution vulnerability in the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam).
An update on the Apache Log4j 2.x vulnerabilities
Jan 19, 2022 4:35 pm EST | Critical Severity
Updated January 19, 4:35pm: IBM’s top priority remains the security of our clients and products. IBM is actively responding to the remote code execution vulnerability in the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam). ...read more
Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Jan 21, 2022 7:01 pm EST | Critical Severity
There are multiple Apache Log4j (CVE-2021-45105, CVE-2021-45046) vulnerabilities impacting IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.0. ...read more
Security Bulletin: IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)
Jan 21, 2022 7:01 pm EST | Critical Severity
Apache Log4j is used by IBM Netcool Agile Service Manager as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1. ...read more
Security Bulletin: IBM Sterling Control Center is vulnerable to remote code execution due to Apache Log4j (CVE-2021-44832)
Jan 21, 2022 7:00 pm EST | Medium Severity
Apache Log4j remote code execution vulnerability affects IBM Sterling Control Center. Customers are strongly encouraged to take action and apply the fix below. ...read more
Security Bulletin: Sensitive information in logs vulnerability affects IBM Sterling Gentran:Server for Windows (CVE-2021-39032)
Jan 21, 2022 7:00 pm EST | Medium Severity
IBM Sterling Gentran:Server for Windows has addressed a potential vulnerability where sensitive information could be stored in log files. ...read more
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i
Jan 21, 2022 7:00 pm EST | High Severity
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. ...read more
Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Archive Enterprise Edition (CVE-2021-44832)
Jan 21, 2022 7:00 pm EST | Medium Severity
A vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Archive Enterprise Edition includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j files. The below fix package includes Apache Log4j 2.17.1. ...read more
Security Bulletin: IBM QRadar hardware appliances are vulnerable to Intel privilege escalation (CVE-2021-0144)
Jan 21, 2022 7:00 pm EST | High Severity
IBM QRadar hardware appliances are vulnerable to Intel privilege escalation ...read more
Security Bulletin: Log4j vulnerability CVE-2021-44228 affects IBM Cloud Pak for Data System 1.0
Jan 21, 2022 7:00 pm EST | Critical Severity
Log4j is used by IBM Cloud Pak for Data System 1.0 in openshift-logging. This bulletin provides a remediation and mitigation for the reported Apache Log4j vulnerability, CVE-2021-44228. ...read more
Security Bulletin: Vulnerability in Apache Log4j affects IBM Operational Decision Manager (CVE-2021-44228)
Jan 20, 2022 7:01 pm EST | Critical Severity
Rule Designer, shipped with IBM Operational Decision Manager since version 8.10.4 includes log4j-core.jar that contains the vulnerable code. The fix includes Apache Log4j 2.15. ...read more