Critical Severity
Security Bulletin: Vulnerability in Apache Log4j addressed in IBM Spectrum Conductor
December 15, 2021
Categorized: Critical Severity
Share this post:
Log4j is used by IBM Spectrum Conductor for generating logs in some of its components. This bulletin provides mitigations for the Log4Shell vulnaribility (CVE-2021-44228) by applying workaround steps to IBM Spectrum Conductor.
CVE(s): CVE-2021-44228
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Spectrum Conductor | 2.4.1 |
| IBM Spectrum Conductor | 2.5.0 |
| IBM Spectrum Conductor | 2.5.1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6526754
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.
May 16, 2022 | Critical Severity
Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.5-x packages "expat", "gcc", "openssl", "libxml" and go-toolset v1.16.x that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. ...read more
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift
May 12, 2022 | Critical Severity
IBM Security Guardium has fixed these vulnerabilities by updating the Apache Thrift component. ...read more
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)
May 12, 2022 | Critical Severity
A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code on the system. ...read more