Search Results for "IBM WebSphere Application Server log4j"

Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities

January 20, 2022 | High Severity

This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.0 IF11, 10.4.1 IF12 and 10.4.2 IF17. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM® Runtime Environment Java™ Version 8 Service Refresh 6 Fix Pack 15. If you run your own Java code using IBM® Runtime Environment Java™ delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the "IBM Java SDK Security Bulletin", located in the References section for more information. There are vulnerabilities in IBM WebSphere Application Server Liberty used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM WebSphere Application Server Liberty 20.0.0.7. XML External Entity (XXE), Authentication Bypass, External (XXE) and Modification of Assumed-Immutable Data (MAID) vulnerabilities have also been addressed in applicable versions. Please note that IBM Cognos Controller 10.4.2 IF17 also addresses Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832. (See References). ...read more


Security Bulletin: Due to use of Apache Log4j, IBM StoredIQ for Legal is vulnerable to arbitrary code execution (CVE-2021-44228, CVE-2021-45046) and denial of service (CVE-2021-45105)

January 13, 2022 | Critical Severity

Apache Log4j is included in WebSphere Application Server (WAS), which is distributed with IBM Stored IQ for Legal. There are multiple Apache Log4j vulnerabilities (CVE-2021-44228, CVE-2021-45105, CVE-2021-45046) impacting IBM StoredIQ for Legal application. IBM StoredIQ for Legal uses Apache Log4j for logging. The interim fix PH42762 removes Apache Log4j from WAS. ...read more


Security Bulletin: Rational Asset Analyzer (RAA) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)

January 12, 2022 | High Severity

A vulnerability in Apache Log4j (CVE-2021-4104) affects WebSphere Application Server (WAS) Liberty which is used by RAA. The vulnerability was addressed by removing Apache Log4j from WAS Liberty. ...read more


Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832)

January 11, 2022 | High Severity

There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server traditional in the Admin Console and UDDI Registry application. This has been addressed in IBM WebSphere Application Server by removing log4j from the Admin Console and UDDI Registry application. ...read more


Security Bulletin: Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)

January 10, 2022 | Critical Severity

Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832). The fix addresses the vulnerability by removing Apache Log4j. ...read more


Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

January 10, 2022 | High Severity

There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application and used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. This has been addressed in IBM WebSphere Application Server by removing log4j from the Admin Console and UDDI Registry application. This has been addressed in IBM WebSphere Application Server Liberty for z/OS by removing log4j from the zosConnect-1.0 and zosConnect-1.2 features. ...read more


Security Bulletin: Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832)

January 7, 2022 | High Severity

There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server traditional in the Admin Console and UDDI Registry application. This has been addressed in IBM WebSphere Application Server by removing log4j from the Admin Console and UDDI Registry application. ...read more


Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring installed WebSphere Application Server (CVE-2021-44228)

January 5, 2022 | Critical Severity

The following security issue has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server. Note that log4j 2.x is not actually used by ITM but is present as part of the Tivoli Portal Server component installation as it prereqs and installs WebSphere Application Server. WebSphere Application server includes log4j in an installable ear file, uddi.ear, that is not automatically deployed. You can safely remove this uddi.ear file. ...read more


Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j

January 5, 2022 | High Severity

The following security issues has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server. ...read more