Critical Severity

Security Bulletin: Vulnerability in Apache Log4j affects Collaboration and Deployment Services (CVE-2021-44228)

Share this post:

There is a vulnerability in the Apache Log4j open source library which is used by Collaboration and Deployment Services for logging of messages and traces. This issue has been addressed.

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
SPSS Collaboration and Deployment Services 8.3

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6527724
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

More stories

Security Bulletin: IBM Spectrum Discover is vulnerable to Docker CLI (CVE-2021-41092) and Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) weaknesses

August 18, 2022 | Critical Severity

Docker CLI (CVE-2021-41092) is vulnerable to attacks to obtain sensitive information. Docker CLI is used by IBM Spectrum Discover as part to the infrastructure to manage the images and containers in the system. Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) is vulnerable to attackers to execute arbitrary code to view, add, modify or delete information in the databases. Apache Log4j is used by IBM Spectrum Discover to authenticate inside to the modules of Apache kafka to log events. The fix include upgrade Apache Log4j to v2.17.1. ...read more


Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in ICU [CVE-2017-14952 and CVE-2020-10531]

August 18, 2022 | Critical Severity

These vulnerabilties affect only those customers who have configured a binary transform action using a tx-map. IBM has addressed the CVEs. [CVE-2017-14952 and CVE-2020-10531] ...read more


Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System

August 17, 2022 | Critical Severity

Multiple Vulnerabilities have been found in Node.js used by the Common UI Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. ...read more