Critical Severity

Security Bulletin: Financial Transaction Manager is affected by a vulnerability in Apache log4j (CVE-2021-44228)

Share this post:

A vulnerability was identified within the Apache Log4j library that is used by IBM Financial Transaction Manager to provide logging functionality. This vulnerability has been addressed.

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s) Affected Version
Financial Transaction Manager for Digital Payments (DP) 3.2.3.0 ifix 2
Financial Transaction Manager for Corporate Payment Services (CPS)  3.2.4.0 ifix 2
Financial Transaction Manager for Corporate Payment Services (CPS)  3.2.4.0 ifix 6
Financial Transaction Manager for Corporate Payment Services (CPS)  3.2.4.0 ifix 9
Financial Transaction Manager for Digital Payments (DP)  3.2.4.0 ifix 6
Financial Transaction Manager for Digital Payments (DP)  3.2.5.0 ifix 3
Financial Transaction Manager for Digital Payments (DP)  3.2.6.1 ifix 4
Financial Transaction Manager for Digital Payments (DP)  3.2.7.0 ifix 1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6527940
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

More stories

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in MS Visual Studio (CVE-2022-24765).

August 4, 2022 | Critical Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to vulnerable to arbitrary code execution in MS Visual Studio, caused by an uncontrolled search for the Git directory in Git (CVE-2022-24765). Git for Visual Studio is used in the base operating system of IBM Watson Speech. Please read the details for remediation below. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Perl (CVE-2020-12723).

August 4, 2022 | Critical Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Perl, caused by recursive S_study_chunk calls in regcomp.c (CVE-2020-12723). This could allow a remote attacker to overflow a buffer and execute arbitrary code on the system. Perl is included in some of the operators used in IBM Watson Speech. Please read the details for remediation below. ...read more


Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)

August 3, 2022 | Critical Severity

IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring Framework is used in the web application. Updated Spring library will be shipped in upcoming fix pack. ...read more