High Severity

Security Bulletin: A vulnerability in Apache log4j (CVE-2021-45105) affects IBM Operations Analytics Predictive Insights

Share this post:

There is a vulnerability in the Apache Log4j open source library used by IBM Operations Analytics Predictive Insights. Apache Log4j versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups which allows a Denial of Service attack. This affects the IBM Operations Analytics Predictive Insights Analytics, UI and REST Mediation components. This vulnerability has been addressed and the fix upgrades to Apache Log4j v. 2.17.1

CVE(s): CVE-2021-45105

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Operations Analytics Predictive Insights 1.3.6

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6541268
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647

More stories

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

June 27, 2022 | High Severity

IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, Java SE and various other libraries. ...read more


Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent(CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915).

June 27, 2022 | High Severity

There is a high risk Remote Attack Vulnerability in Apache Log4j (CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915) which is used by IBM LKS Administration And Reporting Tool and its Agent. A fix is available to address the vulnerability. ...read more