Critical Severity

Security Bulletin: IBM Security Guardium is vulnerable to a remote code execution vulnerability in log4j2 component

December 15, 2021

Share this post:

IBM Security Guardium has fixed this vulnerability

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Security Guardium	10.6
IBM Security Guardium	11.3
IBM Security Guardium	11.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6527082
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

Critical Severity

Security Bulletin: IBM® Db2® could allow a local user elevated privileges due to allowing modification of columns of existing tasks (CVE-2021-38926)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs

May 20, 2022 | Critical Severity

The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is potentially vulnerable to the following remote code execution CVE's: CVE-2021-46143 CVE-2022-25314 CVE-2022-23990 CVE-2022-22825 CVE-2022-23852 CVE-2022-22824 CVE-2022-22823 CVE-2022-22826 CVE-2022-22827 CVE-2022-22822 CVE-2022-25315 and the following denial of service CVE's: CVE-2021-45960 CVE-2022-25236 CVE-2022-25235 CVE-2022-25313. Most of the vulnerabilities would require the system to be locally compromised such that a bad actor could modify file locally. ...read more

Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)

May 20, 2022 | Critical Severity

There is a vulnerability in Python open source used by IBM Cloud Private for scripting. The vulnerability could be exploited by an attacker to conduct SSRF or local file include attacks. This bulletin identifies the security fixes to apply to address the Python vulnerability (CVE-2021-29921) ...read more

Security Bulletin: TXSeries for Multiplatforms is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450)

May 20, 2022 | Critical Severity

WebSphere Application Server Liberty is used by TXSeries for Multiplatforms to provide a web based administration console. The fix removes the arbitrary code execution vulnerability CVE-2021-23450 from Liberty. ...read more

Critical Severity

Security Bulletin: IBM Security Guardium is vulnerable to a remote code execution vulnerability in log4j2 component

Security Bulletin: IBM® Db2® could allow a local user elevated privileges due to allowing modification of columns of existing tasks (CVE-2021-38926)

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-44228)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs

May 20, 2022 | Critical Severity

Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)

May 20, 2022 | Critical Severity

Security Bulletin: TXSeries for Multiplatforms is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450)

May 20, 2022 | Critical Severity