Critical Severity

Security Bulletin: Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics – Log Analysis

Share this post:

The following security issues have been identified in the log4j-1.2.16.jar included as part of the IBM Operations Analytics – Log Analysis product.

CVE(s): CVE-2021-4104, CVE-2020-9493, CVE-2022-23305, CVE-2022-23302, CVE-2020-9488, CVE-2022-23307, CVE-2019-17571

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Log Analysis 1.3.x

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6606605
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203829
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217461
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217460
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/180824
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217462
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/173314

More stories

Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]

November 28, 2022 | Critical Severity

Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, part of data ingestion. The vulnerabilities have been addressed. ...read more


Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]

November 28, 2022 | Critical Severity

IBM Sterling Connect:Direct for UNIX components Install Agent and File Agent are vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]. Apache Commons Text has been upgraded to version 1.10.0 in IBM Sterling Connect:Direct for UNIX Install Agent and File Agent. ...read more


Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]

November 28, 2022 | Critical Severity

The zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. [CVE-2022-42889] ...read more