Critical Severity

Security Bulletin: i2 Analyze, i2 Connect and Analyst's Notebook Premium are affected by the Log4j vulnerability (CVE-2021-44228)

Share this post:

Log4j is used by i2 Analyze and i2 Connect for general purpose and application error logging. It is also used in Analyst’s Notebook Premium when the chart store is deployed. This bulletin provides mitigation for the reported CVE-2021-44228 by providing configuration that addresses Log4j being vulnerable.

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

 

Software versions requiring changes to both i2 Analyze application server and Solr

Software Version Notes
i2 Analyze 4.3.5.0 bundled with EIA 2.4.1.0
i2 Analyze 4.3.4.0 bundled with EIA 2.4.0.0
i2 Analyze 4.3.3.0 bundled with EIA 2.3.4.0
i2 Connect 1.1.1 shipped with i2 Analyze 4.3.5.0
i2 Connect 1.1.0 shipped with i2 Analyze 4.3.4.0
i2 Connect 1.0.3 shipped with i2 Analyze 4.3.3.0
Analyst's Notebook Premium 9.3.1 Chart store component
Analyst's Notebook Premium 9.3.0 Chart Store component
Software versions requiring changes to Solr only
 
Software Version Notes
i2 Analyze 4.3.2.0 bundled with EIA 2.3.2.0
i2 Analyze 4.3.1.1 bundled with EIA 2.3.1.1
i2 Analyze 4.3.1.0 bundled with EIA 2.3.1.0
i2 Connect 1.0.2 shipped with i2 Analyze 4.3.2.0
i2 Connect 1.0.1.1 shipped with i2 Analyze 4.3.1.1
i2 Connect 1.0.1.0 shipped with i2 Analyze 4.3.1.0
Analyst's Notebook Preium 9.2.2 Chart Store component
 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6526220
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

More stories

Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Jan 21, 2022 7:01 pm EST | Critical Severity

There are multiple Apache Log4j (CVE-2021-45105, CVE-2021-45046) vulnerabilities impacting IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.0. ...read more


Security Bulletin: IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)

Jan 21, 2022 7:01 pm EST | Critical Severity

Apache Log4j is used by IBM Netcool Agile Service Manager as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1. ...read more


Security Bulletin: Log4j vulnerability CVE-2021-44228 affects IBM Cloud Pak for Data System 1.0

Jan 21, 2022 7:00 pm EST | Critical Severity

Log4j is used by IBM Cloud Pak for Data System 1.0 in openshift-logging. This bulletin provides a remediation and mitigation for the reported Apache Log4j vulnerability, CVE-2021-44228. ...read more