Critical Severity

Security Bulletin: API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832)

Share this post:

Apache Log4j is used by API Connect as part of its logging and analytics infrastructure. The fix includes Apache Log4j 2.17.1 which addresses CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832.

CVE(s): CVE-2021-45105, CVE-2021-45046, CVE-2021-44832

Affected product(s) and affected version(s):

API Connect V10.0.0.0 – V10.0.4.0
API Connect V10.0.1.0 – V10.0.1.5
API Connect V2018.4.1.0 – 2018.4.1.17
API Connect V5.0.0.0 –

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin:
X-Force Database:
X-Force Database:
X-Force Database:

More stories

Security Bulletin: OpenSSL for IBM i is vulnerable to command injection due to a flaw in c_rehash script (CVE-2022-1292)

June 28, 2022 | Critical Severity

OpenSSL is vulnerable to a command injection due to improper user validation in the c_rehash script as described in the vulnerability details section. IBM i has addressed the vulnerability in OpenSSL with a fix as described in the remediation/fixes section. more

Security Bulletin: IBM Robotic Process Automation may be affected by multiple vulnerabilities in open source components (CVE-2019-0820, CVE-2020-15522, CVE-2021-43569)

June 27, 2022 | Critical Severity

Multiple vulnerabilities in IBM Robotic Process Automation 21.0.1Bouncy Castle is used by IBM Robotic Process Automation as part of it's cryptograpy implementation. CVE-2020-15522.Stark Bank Elixir is used by IBM Robotic Process Automation as part of it's cryptograpy implementation. CVE-2021-43569.IBM Robotic Process Automation is built using C# using Microsoft .NET Framework and Microsoft .NET Core. CVE-2020-15522. more

Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

June 24, 2022 | Critical Severity

IBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. QVM utilizes the Spring Framework to support our Java backed user interface.. The fix includes Spring 5.3.18. more