Low Severity

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45046)

Share this post:

There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability (CVE-2021-45046).

CVE(s): CVE-2021-45046

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Private 3.1.0
IBM Cloud Private 3.1.1
IBM Cloud Private 3.1.2
IBM Cloud Private 3.2.0
IBM Cloud Private 3.2.1 CD
IBM Cloud Private 3.2.2 CD

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6529452
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195

More stories

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393)

May 12, 2022 | Low Severity

IBM WebSphere Application Server Liberty is vulnerable to an information disclosure with the adminCenter-1.0 feature enabled. This has been addressed. ...read more

Security Bulletin: IBM i components are vulnerable to data access due to CVE-2022-22481

May 6, 2022 | Low Severity

IBM Navigator for i - heritage version GUI is vulnerable to data access as described in the vulnerability details section. IBM has addressed the vulnerability for IBM Navigator for i - heritage version with a fix as described in the remediation/fixes section. ...read more

Security Bulletin: Vulnerability CVE-2021-39023 in IBM Guardium Data Encryption (GDE)

May 5, 2022 | Low Severity

Vulnerability identified in IBM Guardium Data Encryption (GDE). Please apply the latest version for the fixes. ...read more