Critical Severity

Security Bulletin: Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)

Share this post:

Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832). The fix addresses the vulnerability by removing Apache Log4j.

CVE(s): CVE-2021-4104, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832

Affected product(s) and affected version(s):

Principal Product and Version(s)

Affected Supporting Product and Version(s)

IBM Security Key Lifecycle Manager (SKLM) v2.7** [EOS] WebSphere Application Server v9.0.0.1
IBM Security Key Lifecycle Manager (SKLM) v3.0 WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v4.0 WebSphere Application Server v9.0.5.0
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 WebSphere Application Server v9.0.5.5
IBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 WebSphere Application Server Liberty 21.0.0.6

 

** IBM Security Key Lifecycle Manager (SKLM) v2.7 – Applicable only for customers with support extension.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6539408
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216189

More stories

Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Jan 21, 2022 7:01 pm EST | Critical Severity

There are multiple Apache Log4j (CVE-2021-45105, CVE-2021-45046) vulnerabilities impacting IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.0. ...read more


Security Bulletin: IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)

Jan 21, 2022 7:01 pm EST | Critical Severity

Apache Log4j is used by IBM Netcool Agile Service Manager as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1. ...read more


Security Bulletin: Log4j vulnerability CVE-2021-44228 affects IBM Cloud Pak for Data System 1.0

Jan 21, 2022 7:00 pm EST | Critical Severity

Log4j is used by IBM Cloud Pak for Data System 1.0 in openshift-logging. This bulletin provides a remediation and mitigation for the reported Apache Log4j vulnerability, CVE-2021-44228. ...read more