High Severity

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus (CVE-2021-4104)

Share this post:

Vulnerabilities in Apache Log4j affect the logging infrastructure in the Kafka Nodes in IBM App Connect Enterprise v11, v12 and IBM Integration Bus version 10. IBM App Connect Enterprise V11, V12 and IBM Integration Bus v10 have addressed the applicable CVE. Given current information and analysis, IBM Integration Bus V9 is not affected.

CVE(s): CVE-2021-4104

Affected product(s) and affected version(s):

IBM App Connect Enterprise V12.0.1.0 to V12.0.3.0

IBM App Connect Enterprise V11.0.0.0 to V11.0.0.15. (Note the mitigation described in Workarounds and Mitigations should also be applied to IBM App Connect Enterprise V11.0.0.16)

IBM Integration Bus V10.0.0.6 to V10.0.0.25

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6529056
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048

More stories

Security Bulletin: IBM DataPower Gateway Operand affected by vulnerabilities in Go (CVE-2021-44716, CVE-2021-44717)

May 23, 2022 | High Severity

Ibm DataPower Gateway, when deployed by DataPower Operator on Kubernetes & OpenShift, is subject to a potential denial of service. IBM has addressed the relevant CVEs ...read more


Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale packaged in IBM ESS ( CVE-2021-39031)

May 23, 2022 | High Severity

There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM ESS, which could allow a remote attacker to cause a denial of service. ...read more


Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-4083)

May 23, 2022 | High Severity

There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available. ...read more