Critical Severity

Security Bulletin: Vulnerability in Apache Log4j affects IBM Event Streams (CVE-2021-44228)

Share this post:

There is a vulnerability in the Apache Log4j open source library. The library is used by the IBM Event Streams.

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Event Streams 2019.4.1, 2019.4.2, 2019.4.3, 2019.4.4
IBM Event Streams 10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.4.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6527840
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

More stories

Security Bulletin: IBM Spectrum Discover is vulnerable to Docker CLI (CVE-2021-41092) and Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) weaknesses

August 18, 2022 | Critical Severity

Docker CLI (CVE-2021-41092) is vulnerable to attacks to obtain sensitive information. Docker CLI is used by IBM Spectrum Discover as part to the infrastructure to manage the images and containers in the system. Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) is vulnerable to attackers to execute arbitrary code to view, add, modify or delete information in the databases. Apache Log4j is used by IBM Spectrum Discover to authenticate inside to the modules of Apache kafka to log events. The fix include upgrade Apache Log4j to v2.17.1. ...read more


Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in ICU [CVE-2017-14952 and CVE-2020-10531]

August 18, 2022 | Critical Severity

These vulnerabilties affect only those customers who have configured a binary transform action using a tx-map. IBM has addressed the CVEs. [CVE-2017-14952 and CVE-2020-10531] ...read more


Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System

August 17, 2022 | Critical Severity

Multiple Vulnerabilities have been found in Node.js used by the Common UI Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. ...read more