High Severity

Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104)

Share this post:

Apache Log4j open source library used by IBM® Db2® is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This bulletin covers the vulnerability caused when using versions of log4j earlier than 2.0. This version of the library is used by the ECM (Text Search) feature and Install Manager. CVE-2021-44228 is addressing a critical vulnerability in 2.0 <= log4j <= 2.15.0. covered in a separate security bulletin. CVE(s): CVE-2021-4104

Affected product(s) and affected version(s):

Fix pack levels of IBM Db2 V10.1, V10.5, V11.1, and V11.5 for all editions on all platforms are affected.


ECM (Text Search Server): All fixpack levels of V11.5, V11.1, V10.5  (if enabled)

Install (Installation Manager):  All fixpack levels of V10.1, V10.5 and V11.1 on Linux 64-bit (x86-64), Linux 32-bit, Windows 64-bit and Windows 32-bit


IBM Db2 V9.7 is not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6528678
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048

More stories

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778

May 20, 2022 | High Severity

An issue was identifed in OpenSSL when MQ is using it to parse certificates. ...read more

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation

May 17, 2022 | High Severity

IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL ...read more

Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

May 17, 2022 | High Severity

IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. ...read more