December 18, 2021
Categorized: Critical Severity
Share this post:
A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is not used by IBM Spectrum Protect Snapshot on Wiindows.
Affected product(s) and affected version(s):
|IBM Spectrum Protect Snapshot for Windows (formerly IBM Tivoli Storage FlashCopy Manager for Windows)
|IBM Tivoli Storage FlashCopy Manager for Windows
Note: IBM Spectrum Protect Snapshot for Windows packages the IBM Spectrum Protect Backup-Archive client which installs the affected Log4j files but these files are not used.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6527836
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921