Critical Severity

Security Bulletin: IBM App Connect Enterprise Certified Container Designer Authoring operands and Integration Server operands that use the JDBC connector may be vulnerable to remote code execution due to CVE-2021-44228

Share this post:

Log4J is used by IBM App Connect Enterprise Certified Container for logging when generating a bar file that contains a JDBC connector and when running a flow that contains a JDBC connector. IBM App Connect Enterprise Certified Container Designer Authoring operands and Integration Server operands that use the JDBC connector may be vulnerable to remote code execution due to CVE-2021-44228. This bulletin provides patch information to address the reported Log4j vulnerability (CVE-2021-44228).

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
App Connect Enterprise Certified Container 1.1-eus with Operator
App Connect Enterprise Certified Container 1.4 with Operator
App Connect Enterprise Certified Container 1.5 with Operator
App Connect Enterprise Certified Container 2.0 with Operator
App Connect Enterprise Certified Container 2.1 with Operator
App Connect Enterprise Certified Container 3.0 with Operator

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6527794
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

More stories

Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]

October 3, 2022 | Critical Severity

There is vulnerability in Apache Log4j used by Content Manager OnDemand for Multiplatforms. Content Manager OnDemand for Multiplatforms has addressed the applicable CVE. [CVE-2021-44228] ...read more


Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

October 3, 2022 | Critical Severity

Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud PakOpen SSL is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2022-0778Expat (aka libexpat) is used by IBM Robotic Process Automation for Cloud Pak as dependency of the .NET 6 runtime. CVE-2021-045960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315.Go ssh is used by IBM Robotic Process Automation for Cloud Pak as part of the base container images. CVE-2022-27191. ...read more


Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities

October 3, 2022 | Critical Severity

Vulnerabilities contained within libcurl (a 3rd party component) were identified and remediated in the IBM MaaS360 Cloud Extender Agent and Base Module. ...read more