Low Severity

Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to an issue in Apache Log4j (CVE-2021-45046)

Share this post:

A Remote Code Execution issue was identified within the Log4j fix for CVE-2021-44228 that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and Hyperledger Fabric. The IBM MQ Blockchain Bridge is shipped as part of IBM MQ Advanced on Linux x86-64 only, under the MQSeriesBCBridge RPM package. Based on current knowledge and analysis, no other IBM MQ components or installable packages are affected. This bulletin provides patch information to address the reported both Log4j vulnerabilities (CVE-2021-45046)

CVE(s): CVE-2021-45046

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM MQ 9.2 CD
IBM MQ 9.1 CD
IBM MQ 9.2 LTS

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6527924
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195

More stories

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393)

May 12, 2022 | Low Severity

IBM WebSphere Application Server Liberty is vulnerable to an information disclosure with the adminCenter-1.0 feature enabled. This has been addressed. ...read more


Security Bulletin: IBM i components are vulnerable to data access due to CVE-2022-22481

May 6, 2022 | Low Severity

IBM Navigator for i - heritage version GUI is vulnerable to data access as described in the vulnerability details section. IBM has addressed the vulnerability for IBM Navigator for i - heritage version with a fix as described in the remediation/fixes section. ...read more


Security Bulletin: Vulnerability CVE-2021-39023 in IBM Guardium Data Encryption (GDE)

May 5, 2022 | Low Severity

Vulnerability identified in IBM Guardium Data Encryption (GDE). Please apply the latest version for the fixes. ...read more