Jan 5, 2022 7:02 pm EST
Categorized: Critical Severity
Share this post:
Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is not used by IBM Spectrum Protect Snapshot on Wiindows. The below fix package includes Apache Log4j 2.17.
CVE(s): CVE-2021-45105, CVE-2021-45046
Affected product(s) and affected version(s):
|IBM Spectrum Protect Snapshot for Windows (formerly IBM Tivoli Storage FlashCopy Manager for Windows)
|IBM Tivoli Storage FlashCopy Manager for Windows
Note: IBM Spectrum Protect Snapshot for Windows packages the IBM Spectrum Protect Backup-Archive client which installs the affected Log4j files but these files are not used.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6537642
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195