High Severity

Security Bulletin: IBM Integration Designer is vulnerable to arbitrary code execution because of Apache Log4j (CVE-2021-4104)

Share this post:

This fix removes the Apache Log4j.jar file from IBM Integration Designer.

CVE(s): CVE-2021-4104

Affected product(s) and affected version(s):

Affected products Versions
Integration Designer 21.0.3
Integration Designer 21.0.2
Integration Designer 20.0.0.2
Integration Designer 19.0.0.2
Integration Designer 8.5.7

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6562361
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048

More stories

Security Bulletin: IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2022-22489)

August 18, 2022 | High Severity

IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard. ...read more


Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-35948 and CVE-2022-35949

August 18, 2022 | High Severity

Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API endpoint via an untrusted proxy. This bulletin provides patch information to address the reported vulnerabilities CVE-2022-35948 and CVE-2022-35949 in Node.js module undici. ...read more


Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

August 18, 2022 | High Severity

IBM Security Guardium has addressed the following vulnerabilities. ...read more