High Severity

Security Bulletin: IBM Maximo Asset Management may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104)

Share this post:

A vulnerability in Apache Log4j 1.2 (CVE-2021-4104) may affect IBM Maximo Asset Management which utilizes log4j for its logging functionality. Although no known vulnerability impact has been proven, it is strongly recommended to apply the fix that upgrades log4j from version 1.2 to version 2.17.1 IBM Maximo Asset Management version 7.6.1.2 IFX019 ships the latest library available 2.17.1.

CVE(s): CVE-2021-4104

Affected product(s) and affected version(s):

This vulnerability affects the following versions of the IBM Maximo Asset Management core product.  Older versions of Maximo Asset Management may be impacted. The recommended action is to update to the latest version.

Maximo Asset Management core product versions affected:

Affected Product(s) Version(s)
IBM Maximo Asset Management 7.6.1.2

* To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version. Please consult the Platform Matrix for a list of supported product combinations.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6569189
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048

More stories

Security Bulletin: Multiple vulnerabilities in Golang Go affect Cloud Pak System

August 16, 2022 | High Severity

Multiple vulnerabilities in Golang Go affect Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. ...read more


Security Bulletin: Vulnerabilities in Intel Chipset affect IBM Cloud Pak System (CVE-2021-0060, CVE-2021-0147, CVE-2021-33080)

August 16, 2022 | High Severity

Vulnerabilities in Intel Chipset affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. ...read more


Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)

August 16, 2022 | High Severity

A vulnerability in the libxml2 library can cause a denial of service in IBM InfoSphere Identity Insight. Other vulnerabilities that do not impact Identity Insight are present in four libraries that are currently included with the product but not used. ...read more