Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus V10 (CVE-2021-44832)

Share this post:

Vulnerabilities in Apache Log4j affect the logging infrastructure in the Kafka Nodes in IBM App Connect Enterprise v11, v12 and IBM Integration Bus v10 and the logging infrastructure in the TADataCollector command line tool in IBM App Connect Enterprise v11, v12. IBM App Connect Enterprise V11, V12 and IBM Integration Bus v10 have addressed the applicable CVE. Given current information and analysis, IBM Integration Bus V9 is not affected

CVE(s): CVE-2021-44832

Affected product(s) and affected version(s):

IBM App Connect Enterprise V12.0.1.0 to V12.0.3.0

IBM App Connect Enterprise V11.0.0.0 to V11.0.0.15. (Note the mitigation described in Workarounds and Mitigations should also be applied to IBM App Connect Enterprise V11.0.0.16)

IBM Integration Bus V10.0.0.6 to V10.0.0.25

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6538914
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216189