Low Severity

Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to an issue in Apache Log4j (CVE-2021-45046)

Share this post:

A Remote Code Execution issue was identified within the Log4j fix for CVE-2021-44228 that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and Hyperledger Fabric. The IBM MQ Blockchain Bridge is shipped as part of IBM MQ Advanced on Linux x86-64 only, under the MQSeriesBCBridge RPM package. Based on current knowledge and analysis, no other IBM MQ components or installable packages are affected. This bulletin provides patch information to address the reported both Log4j vulnerabilities (CVE-2021-45046)

CVE(s): CVE-2021-45046

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM MQ 9.2 CD
IBM MQ 9.1 CD
IBM MQ 9.2 LTS

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6527924
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195

More stories

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45046)

Jan 18, 2022 7:02 pm EST | Low Severity

There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability (CVE-2021-45046). ...read more


Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Java version used in it.(CVE-2021-2341)

Jan 17, 2022 7:03 pm EST | Low Severity

IBM Rational Build Forge version 8.0 to 8.0.0.20 is affected by the Java version used in it. CVE-2021-2341 ...read more


Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-39275)

Jan 17, 2022 7:02 pm EST | Low Severity

IBM Rational Build Forge version 8.0.x is affected by CVE-2021-39275 ...read more