Critical Severity

An update on the Apache Log4j 2.x vulnerabilities

Updated January 19, 4:35pm: IBM’s top priority remains the security of our clients and products. IBM is actively responding to the remote code execution vulnerability in the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam).

An update on the Apache Log4j 2.x vulnerabilities

Jan 19, 2022 4:35 pm EST | Critical Severity

Updated January 19, 4:35pm: IBM’s top priority remains the security of our clients and products. IBM is actively responding to the remote code execution vulnerability in the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam). ...read more


Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus V10 (CVE-2021-44832)

Jan 18, 2022 7:03 pm EST | Medium Severity

Vulnerabilities in Apache Log4j affect the logging infrastructure in the Kafka Nodes in IBM App Connect Enterprise v11, v12 and IBM Integration Bus v10 and the logging infrastructure in the TADataCollector command line tool in IBM App Connect Enterprise v11, v12. IBM App Connect Enterprise V11, V12 and IBM Integration Bus v10 have addressed the applicable CVE. Given current information and analysis, IBM Integration Bus V9 is not affected ...read more


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-35619)

Jan 18, 2022 7:02 pm EST | High Severity

An Oracle database server vulnerability affects IBM Emptoris Strategic Supply Management Platform. The issue has been addressed. ...read more


Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45046)

Jan 18, 2022 7:02 pm EST | Low Severity

There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability (CVE-2021-45046). ...read more


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-35619)

Jan 18, 2022 7:02 pm EST | High Severity

An Oracle database server vulnerability affects IBM Emptoris Program Management. The issue has been addressed. ...read more


Security Bulletin: Apache Log4j vulnerability may affect IBM Sterling B2B Integrator (CVE-2021-44228)

Jan 18, 2022 7:02 pm EST | Critical Severity

IBM Sterling B2B Integrator is impacted by Log4Shell (CVE-2021-44228), through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. ...read more


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Contract Management (CVE-2021-35619)

Jan 18, 2022 7:02 pm EST | High Severity

An Oracle database server vulnerability affects IBM Emptoris Contract Management. The issue has been addressed. ...read more


Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-45105, CVE-2021-45046)

Jan 18, 2022 7:02 pm EST | Critical Severity

Apache Log4j has vulnerabilities that affect IBM Sterling B2B Integrator. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. ...read more


Security Bulletin: Apache Log4j vulnerability affects IBM Cloud Pak for Multicloud Management (CVE-2021-44832)

Jan 18, 2022 7:01 pm EST | Medium Severity

IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Log4j for CVE-2021-44832. Log4j is used by various microservices either directly or indirectly through dependent open source software for logging messages to files. The fix includes Apache Log4j 2.17.1. ...read more