Critical Severity

Security Bulletin: Due to use of Apache Log4j, IBM StoredIQ for Legal is vulnerable to arbitrary code execution (CVE-2021-44228, CVE-2021-45046) and denial of service (CVE-2021-45105)

Share this post:

Apache Log4j is included in WebSphere Application Server (WAS), which is distributed with IBM Stored IQ for Legal. There are multiple Apache Log4j vulnerabilities (CVE-2021-44228, CVE-2021-45105, CVE-2021-45046) impacting IBM StoredIQ for Legal application. IBM StoredIQ for Legal uses Apache Log4j for logging. The interim fix PH42762 removes Apache Log4j from WAS.

CVE(s): CVE-2021-44228, CVE-2021-45105, CVE-2021-45046

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM StoredIQ for Legal 2.0.3

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6540518
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195

More stories

Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysis

November 22, 2022 | Critical Severity

There are multiple vulnerabilities in various versions of Data-Binding functionality for Jackson that affect IBM Operations Analytics - Log Analysis. It has been fixed. The vulnerabilities are listed in the Vulnerability Details section below. ...read more


Security Bulletin: Vulnerabilities in Apache Hadoop affect IBM Operations Analytics – Log Analysis (CVE-2022-26612, CVE-2022-25168)

November 22, 2022 | Critical Severity

Multiple vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis. This has been fixed. The vulnerabilities are in Vulnerability Details section. ...read more


Security Bulletin: Apache Commons Text as used by IBM QRadar SIEM is vulnerable to code execution [CVE-2022-42889]

November 22, 2022 | Critical Severity

Apache Commons Text as used by IBM QRadar SIEM is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. [CVE-2022-42889] ...read more