December 21, 2021
Categorized: Critical Severity
Share this post:
Within IBM Planning Analytics 2.0, only the IBM Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilties. Apache Log4j is used by IBM Planning Analytics Workspace as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j CVE-2021-45046 and CVE-2021-45105 vulnerabilities . IBM Planning Analytics Workspace 2.0 has upgraded Apache Log4j to v2.17. Please note that this update also addresses CVE-2021-44228.
CVE(s): CVE-2021-45046, CVE-2021-45105
Affected product(s) and affected version(s):
IBM Planning Analytics Workspace 2.0.57 or higher.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6528790
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647