Critical Severity

Security Bulletin: Vulnerability in Apache Log4j addressed in IBM Spectrum Conductor

Share this post:

Log4j is used by IBM Spectrum Conductor for generating logs in some of its components. This bulletin provides mitigations for the Log4Shell vulnaribility (CVE-2021-44228) by applying workaround steps to IBM Spectrum Conductor.

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Conductor 2.4.1
IBM Spectrum Conductor 2.5.0
IBM Spectrum Conductor 2.5.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6526754
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

More stories

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.

May 16, 2022 | Critical Severity

Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.5-x packages "expat", "gcc", "openssl", "libxml" and go-toolset v1.16.x that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. ...read more


Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift

May 12, 2022 | Critical Severity

IBM Security Guardium has fixed these vulnerabilities by updating the Apache Thrift component. ...read more


Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)

May 12, 2022 | Critical Severity

A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code on the system. ...read more