Critical Severity

Security Bulletin: Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)

Share this post:

Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832). The fix addresses the vulnerability by removing Apache Log4j.

CVE(s): CVE-2021-4104, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832

Affected product(s) and affected version(s):

Principal Product and Version(s)

Affected Supporting Product and Version(s)

IBM Security Key Lifecycle Manager (SKLM) v2.7** [EOS] WebSphere Application Server v9.0.0.1
IBM Security Key Lifecycle Manager (SKLM) v3.0 WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v4.0 WebSphere Application Server v9.0.5.0
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 WebSphere Application Server v9.0.5.5
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 WebSphere Application Server Liberty 21.0.0.6

 

** IBM Security Key Lifecycle Manager (SKLM) v2.7 – Applicable only for customers with support extension.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6539408
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216189

More stories

Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysis

November 22, 2022 | Critical Severity

There are multiple vulnerabilities in various versions of Data-Binding functionality for Jackson that affect IBM Operations Analytics - Log Analysis. It has been fixed. The vulnerabilities are listed in the Vulnerability Details section below. ...read more


Security Bulletin: Vulnerabilities in Apache Hadoop affect IBM Operations Analytics – Log Analysis (CVE-2022-26612, CVE-2022-25168)

November 22, 2022 | Critical Severity

Multiple vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis. This has been fixed. The vulnerabilities are in Vulnerability Details section. ...read more


Security Bulletin: Apache Commons Text as used by IBM QRadar SIEM is vulnerable to code execution [CVE-2022-42889]

November 22, 2022 | Critical Severity

Apache Commons Text as used by IBM QRadar SIEM is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. [CVE-2022-42889] ...read more