Critical Severity

Security Bulletin: IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Share this post:

Log4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046.

CVE(s): CVE-2021-45105, CVE-2021-45046

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Pak for Data System 2.0 Openshift Container Platform 4 2.0.0.0 – 2.0.1.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6541934
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195

More stories

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift

May 12, 2022 | Critical Severity

IBM Security Guardium has fixed these vulnerabilities by updating the Apache Thrift component. ...read more


Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)

May 12, 2022 | Critical Severity

A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code on the system. ...read more


Security Bulletin: Vulnerability in IBM SDK Java affects IBM Cloud Pak System (CVE-2020-27221)

May 11, 2022 | Critical Severity

Vulnerability in IBM SDK Java affects IBM Cloud Pak System. OS Image for Red Enterprise Linux shipped with Cloud Pak System addressed this vulnerability. ...read more