Jan 5, 2022 7:01 pm EST
Categorized: Critical Severity
Share this post:
Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. IBM Spectrum Protect for Space Management includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j files. The below fix packages include Apache Log4j 2.17.
CVE(s): CVE-2021-45105, CVE-2021-45046
Affected product(s) and affected version(s):
|IBM Spectrum Protect for Space Management
Note: IBM Spectrum Protect for Space Management packages the IBM Spectrum Protect Backup-Archive client which installs the affected Log4j files. However, based on current information and analysis these files are not used.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6537640
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195