Critical Severity

Security Bulletin: Log4j remote code execution vulnerability in Apache Solr and Logstash shipped with IBM Operations Analytics – Log Analysis (CVE-2021-44228)

Share this post:

IBM Operations Analytics – Log Analysis is bundled with Apache-Solr and Logstash (Third-party components) which are affected by the “CVE-2021-44228” security vulnerability.

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Log Analysis 1.3.5.3, 1.3.6, 1.3.6.1, 1.3.7, 1.3.7.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6527250
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

More stories

Security Bulletin: IBM Robotic Process Automation may be affected by multiple vulnerabilities in open source components (CVE-2019-0820, CVE-2020-15522, CVE-2021-43569)

June 27, 2022 | Critical Severity

Multiple vulnerabilities in IBM Robotic Process Automation 21.0.1Bouncy Castle is used by IBM Robotic Process Automation as part of it's cryptograpy implementation. CVE-2020-15522.Stark Bank Elixir is used by IBM Robotic Process Automation as part of it's cryptograpy implementation. CVE-2021-43569.IBM Robotic Process Automation is built using C# using Microsoft .NET Framework and Microsoft .NET Core. CVE-2020-15522. ...read more


Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

June 24, 2022 | Critical Severity

IBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. QVM utilizes the Spring Framework to support our Java backed user interface.. The fix includes Spring 5.3.18. ...read more


Security Bulletin: IBM CICS TX Standard is vulnerable to arbitrary code execution (CVE-2022-31767)

June 22, 2022 | Critical Severity

IBM CICS TX Advanced could allow a remote attacker to execute arbitrary commands. The fix removes this vulnerability (CVE-2022-31767) from IBM CICS TX Advanced. ...read more