Critical Severity

Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105) due to Apache Log4j

Share this post:

There are vulnerabilities in the version of Apache Log4j that is used by IBM Data Virtualization on Cloud Pak for Data (CVE-2021-45046 and CVE-2021-45105) which is used for logging. The fix includes Apache Log4j 2.17.1.

CVE(s): CVE-2021-45105, CVE-2021-45046

Affected product(s) and affected version(s):

Affected Product(s) DV Version(s)

CPD Version(s)

IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 1.3.0 2.5.0
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 1.4.1 3.0.1
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 1.5.0

3.5,

3.5 Refresh 1 – 9

IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 1.7.1 – 1.7.3 4.0 Refresh 1 – 3
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 1.7.3 4.0 Refresh 4

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6551744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195

More stories

Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data

June 29, 2022 | Critical Severity

IBM has released the following fix for IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

June 29, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains vulnerable versions of Node.js modules used in Web clients. ...read more


Security Bulletin: OpenSSL for IBM i is vulnerable to command injection due to a flaw in c_rehash script (CVE-2022-1292)

June 28, 2022 | Critical Severity

OpenSSL is vulnerable to a command injection due to improper user validation in the c_rehash script as described in the vulnerability details section. IBM i has addressed the vulnerability in OpenSSL with a fix as described in the remediation/fixes section. ...read more