Critical Severity

Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

January 20, 2022

Share this post:

Apache Log4j (CVE-2021-45105, CVE-2021-45046) is used by IBM Operations Analytics Predictive Insights as part of its UI and REST Mediation components . The fix includes Apache log4j 2.17.

CVE(s): CVE-2021-45105, CVE-2021-45046

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Operations Analytics Predictive Insights	1.3.6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6549360
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195

Critical Severity

Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

June 24, 2022 | Critical Severity

IBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. QVM utilizes the Spring Framework to support our Java backed user interface.. The fix includes Spring 5.3.18. ...read more

Security Bulletin: IBM CICS TX Standard is vulnerable to arbitrary code execution (CVE-2022-31767)

June 22, 2022 | Critical Severity

IBM CICS TX Advanced could allow a remote attacker to execute arbitrary commands. The fix removes this vulnerability (CVE-2022-31767) from IBM CICS TX Advanced. ...read more

Security Bulletin: IBM CICS TX Advanced is vulnerable to arbitrary code execution (CVE-2022-31767)

June 22, 2022 | Critical Severity

IBM CICS TX Advanced could allow a remote attacker to execute arbitrary commands. The fix removes this vulnerability (CVE-2022-31767) from IBM CICS TX Advanced. ...read more

Critical Severity

Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities

Security Bulletin: Vulnerability in Java Batch affects WebSphere Application Server Liberty (CVE-2021-20492)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

June 24, 2022 | Critical Severity

Security Bulletin: IBM CICS TX Standard is vulnerable to arbitrary code execution (CVE-2022-31767)

June 22, 2022 | Critical Severity

Security Bulletin: IBM CICS TX Advanced is vulnerable to arbitrary code execution (CVE-2022-31767)

June 22, 2022 | Critical Severity