Critical Severity
Security Bulletin: IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
January 19, 2022
Categorized: Critical Severity
Share this post:
Log4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046.
CVE(s): CVE-2021-45105, CVE-2021-45046
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Cloud Pak for Data System 2.0 Openshift Container Platform 4 | 2.0.0.0 – 2.0.1.1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6541934
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift
May 12, 2022 | Critical Severity
IBM Security Guardium has fixed these vulnerabilities by updating the Apache Thrift component. ...read more
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)
May 12, 2022 | Critical Severity
A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code on the system. ...read more
Security Bulletin: Vulnerability in IBM SDK Java affects IBM Cloud Pak System (CVE-2020-27221)
May 11, 2022 | Critical Severity
Vulnerability in IBM SDK Java affects IBM Cloud Pak System. OS Image for Red Enterprise Linux shipped with Cloud Pak System addressed this vulnerability. ...read more