Critical Severity
Security Bulletin: IBM® Disconnected Log Collector is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
January 19, 2022
Categorized: Critical Severity
Share this post:
Apache Log4j is used by IBM® Disconnected Log Collector to log system events. This bulletin provides a remediation for the vulnerabilities, CVE-2021-45105 and CVE-2021-45046 by upgrading IBM® Disconnected Log Collector and thus addressing the exposure to the Apache Log4j vulnerabilities. The fix includes includes Apache Log4j v.2.17.
CVE(s): CVE-2021-45105, CVE-2021-45046
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Disconnected Log Collector | v1 – v1.7.1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6541922
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195
Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Protect Plus
June 30, 2022 | Critical Severity
PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Spectrum Protect Plus. ...read more
Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data
June 29, 2022 | Critical Severity
IBM has released the following fix for IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. ...read more
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
June 29, 2022 | Critical Severity
IBM Watson Discovery for IBM Cloud Pak for Data contains vulnerable versions of Node.js modules used in Web clients. ...read more