Search Results for "IBM WebSphere Application Server log4j"

Security Bulletin: IBM StoredIQ for Legal is vulnerable to denial of service and remote code execution due to Apache log4j ( CVE-2021-44228, CVE-2021-45105)

June 9, 2022 | High Severity

There are multiple Apache Log4j vulnerabilities (CVE-2021-44228, CVE-2021-45105) impacting IBM StoredIQ for Legal. Apache Log4j is included in WebSphere Application Server (WAS), which is distributed with IBM Stored IQ for Legal. These vulnerabilities are addressed by removing Apache Log4j from WAS. ...read more


Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Cloud Pak System

May 30, 2022 | Critical Severity

Multple vulnerabilities exist in Apache log4j that could allow someone to execute arbitrary code on the system. Apache Log4j v1 is used by Cloud Pak System in order to generate logs and diagnostic traces in some of its components; IBM DB2 , IBM Tivoli Monitoring, IBM Spectrum Scale and IBM WebSphere Application Server. IBM Cloud Pak System has addressed these vulnerabilities. This security bulletin applies to Cloud Pak System, Cloud Pak System Software and Cloud Pak System Software Suite. ...read more


Security Bulletin: Vulnerability in Apache log4j affects WebSphere Service Registry and Repository (CVE-2021-4104)

March 22, 2022 | High Severity

There is a vulnerability in the Apache log4j library shipped with WebSphere Service Registry and Repository. This vulnerability also affects IBM WebSphere Application Server which is shipped with WebSphere Service Registry and Repository. For both products this vulnerability has been addressed by removing the log4j library. ...read more


Security Bulletin: Vulnerablity in Apache Log4j affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2021-44228)

March 14, 2022 | Critical Severity

The following security vulnerability has been identified in the WebSphere Application Server. Apache Log4j 2.x is not used by IBM Tivoli Composite Application Manager for Application Diagnostics, but log4j-1.2.4.jar is present in one of the ear files installed on WebSphere Application Server and should be removed from the installation. ...read more


Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to IBM Dojo (CVE-2021-234550), Java SE (CVE-2021-35578), IBM WebSphere Application Server – Liberty (CVE-2021-39031), Apache Log4j (CVE-2021-44832) and Gson (217225)

March 7, 2022 | Critical Severity

IBM Spectrum Control has multiple vulnerabilities: arbitrary code execution due to Apache Log4j (CVE-2021-44832) and Dojo (CVE-2021-23450), denial of service due to Java SE (CVE-2021-35578) and Gson (217225) and LDAP injection due to IBM Websphere Application Security - Liberty (CVE-2021-39031). The fix includes Apache Log4j 2.17.1. ...read more


Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to IBM Dojo (CVE-2021-234550), Java SE (CVE-2021-35578), IBM WebSphere Application Server – Liberty (CVE-2021-39031), Apache Log4j (CVE-2021-44832) and Gson (217225)

March 3, 2022 | Critical Severity

IBM Spectrum Control has multiple vulnerabilities: arbitrary code execution due to Apache Log4j (CVE-2021-44832) and Dojo (CVE-2021-23450), denial of service due to Java SE (CVE-2021-35578) and Gson (217225) and LDAP injection due to IBM Websphere Application Security - Liberty (CVE-2021-39031). The fix includes Apache Log4j 2.17.1. ...read more


Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to arbitrary code execution and SQL injection due to Apache Log4j. (CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)

February 17, 2022 | Critical Severity

Multiple vulnerabilities exist in the Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application. The same Apache library is also used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. All vulnerabilities have been addressed previously by removing all existing Apache Log4j versions. ...read more


An update on the Apache Log4j 2.x vulnerabilities

February 11, 2022 | Critical Severity

Updated February 11, 3:42pm: IBM’s top priority remains the security of our clients and products. IBM is actively responding to the remote code execution vulnerability in the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam). ...read more


Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring installed WebSphere Application Server (CVE-2021-44228)

February 3, 2022 | Critical Severity

The following security issue has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server. Note that log4j 2.x is not actually used by ITM but is present as part of the Tivoli Portal Server component installation as it prereqs and installs WebSphere Application Server. WebSphere Application server includes log4j in an installable ear file, uddi.ear, that is not automatically deployed. You can safely remove this uddi.ear file. ...read more