Critical Severity
Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Cloud Application Business Insights (CVE-2021-45105, CVE-2021-45046)
December 23, 2021
Categorized: Critical Severity
Share this post:
IBM Cloud Application Business Insights (ICABI) is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)
CVE(s): CVE-2021-45105, CVE-2021-45046
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Cloud Application Business Insights | 1.1.7 |
| IBM Cloud Application Business Insights | 1.1.6 |
| IBM Cloud Application Business Insights | 1.1.5 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6536872
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195
Security Bulletin: IBM Tivoli Netcool Impact is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
July 5, 2022 | Critical Severity
IBM Tivoli Netcool Impact is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965).Spring is shipped as part of ActiveMQ package but is not used by the product. The fix removes Spring from the product. ...read more
Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.
July 5, 2022 | Critical Severity
The product includes multiple vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. ...read more
Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Protect Plus
June 30, 2022 | Critical Severity
PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Spectrum Protect Plus. ...read more