Critical Severity

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Plus (CVE-2021-44228)

Share this post:

A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect the Help system in IBM Spectrum Protect Plus .

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Protect Plus 10.1.0.0-10.1.9.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6527828
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

More stories

Security Bulletin: IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

May 25, 2022 | Critical Severity

IBM Sterling Control Center is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Framework 5.3.18. ...read more


Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

May 24, 2022 | Critical Severity

IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring 2.6.6. ...read more


Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs

May 20, 2022 | Critical Severity

The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is potentially vulnerable to the following remote code execution CVE's: CVE-2021-46143 CVE-2022-25314 CVE-2022-23990 CVE-2022-22825 CVE-2022-23852 CVE-2022-22824 CVE-2022-22823 CVE-2022-22826 CVE-2022-22827 CVE-2022-22822 CVE-2022-25315 and the following denial of service CVE's: CVE-2021-45960 CVE-2022-25236 CVE-2022-25235 CVE-2022-25313. Most of the vulnerabilities would require the system to be locally compromised such that a bad actor could modify file locally. ...read more