High Severity

Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105)

Share this post:

Apache Log4j is used by IBM Cloud Pak for Data System 1.0 in Openshift Logging. This bulletin provides a remediation for the Apache Log4j vulnerability (CVE-2021-45105).

CVE(s): CVE-2021-45105

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
CPDS 1.0.0.0- 1.0.7.7

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6592581
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647

More stories

Security Bulletin: Vulnerabilities in FasterXML Jackson Databind and Apache Xerces affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

September 28, 2022 | High Severity

IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments may be affected by the below FasterXML Jackson Databind and Apache Xerces vulnerabilities (CVEs). ...read more


Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from curl, systemd, and Golang Go

September 28, 2022 | High Severity

Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.6-x packages [curl, systemd and Golang Go] that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. ...read more


Security Bulletin: Rational Service Tester contains a vulnerability which could affect Eclipse Jetty. Rational Service Tester has taken steps to mitigate this vulnerability.

September 28, 2022 | High Severity

Eclipse Jetty contains a vulnerability that may allow a remote attacker to exploit this vulnerability to consume CPU that remains high even without any traffic. ...read more