High Severity
Security Bulletin: IBM Cognos Controller 10.4.2 IF17: Apache Log4j vulnerability (CVE-2021-45105 & CVE-2021-44832)
January 15, 2022
Categorized: High Severity
Share this post:
IBM Cognos Controller is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Controller has upgraded Apache Log4j to v2.17.1. Please note that this update also addresses CVE-2021-44228 and CVE-2021-45046.
CVE(s): CVE-2021-45105, CVE-2021-44832
Affected product(s) and affected version(s):
IBM Cognos Controller 10.4.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6540664
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216189
Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778
May 20, 2022 | High Severity
An issue was identifed in OpenSSL when MQ is using it to parse certificates. ...read more
Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation
May 17, 2022 | High Severity
IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL ...read more
Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal
May 17, 2022 | High Severity
IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. ...read more