High Severity

Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM SPSS Analytic Server (CVE-2021-4104)

January 14, 2022

Categorized: High Severity

Share this post:

There is a vulnerability in the version of Apache Log4j that was included in IBM SPSS Analytic Server, which uses Apache Log4j for logging. This patch replaces the older Apache log4j with version 2.17.1.

CVE(s): CVE-2021-4104

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM SPSS Analytic Server 3.1.1.0
IBM SPSS Analytic Server 3.1.1.1
IBM SPSS Analytic Server 3.1.2.0
IBM SPSS Analytic Server 3.2.1.0
IBM SPSS Analytic Server 3.2.1.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6540892
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048


Previous Post

Security Bulletin: IBM Business Automation Workflow is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Next Post

Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-22096)
More stories

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778

May 20, 2022 | High Severity

An issue was identifed in OpenSSL when MQ is using it to parse certificates. ...read more

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation

May 17, 2022 | High Severity

IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL ...read more

Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

May 17, 2022 | High Severity

IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. ...read more