Critical Severity

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects MaaS360 Enterprise Gateway

December 17, 2021

Share this post:

There is a vulnerability in the Apache Log4j open source library. This library is not used within the MaaS360 Enterprise Gateway code, but is contained within the package of the MaaS360 Enterprise Gateway module. The Enterprise Gateway module is contained within the MaaS360 Cloud Extender agent, when the Enterprise Gateway service is enabled by a customer. The MaaS360 Cloud Extender agent and all other modules do not contain Java and therefore are not affected by this vulnerability. A remeditation is provided to remove the unused Apache Log4j library.

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM MaaS360 Enterprise Gateway Module	2.105.200 and prior

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6527878
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

Critical Severity

Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to an issue in Apache Log4j (CVE-2021-44228)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: Multiple Vulnerabilities in jackson-databind shipped with IBM Cloud Pak System

August 12, 2022 | Critical Severity

Vulnerabilities identified in jackson-databind shipped with IBM Cloud Pak System. IBM Clous Pak System addresssed vulnerabilities. ...read more

Security Bulletin: Vulnerability in Apache Log4j affects IBM InfoSphere Master Data Management (CVE-2021-44228 )

August 12, 2022 | Critical Severity

There is a vulnerability in the Apache Log4j open source library used by IBM InfoSphere Master Data Management v11.6 and v12.0. ...read more

Security Bulletin: IBM Security Identity Manager Virtual Appliance is vulnerable to arbitrary code execution due to Apache Log4j and other issues (CVE-2021-4104, CVE-2021-45046, CVE-2021-38951)

August 12, 2022 | Critical Severity

IBM Security Identity Manager Virtual Appliance (ISIM VA) is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4101 and CVE-2021-45046. Apache Log4j is used by ISIM VA as part of its logging infrastructure. This fix upgrades to Apache Log4j v2.17.1. IBM Security Identity Manager Virtual Appliance (ISIM VA) has also upgraded the other vulnerable components listed below. ...read more

Critical Severity

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects MaaS360 Enterprise Gateway

Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to an issue in Apache Log4j (CVE-2021-44228)

Security Bulletin: IBM Kenexa LCMS Premier On Premise - Log4j - CVE-2021-4104 (Publicly disclosed vulnerability)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: Multiple Vulnerabilities in jackson-databind shipped with IBM Cloud Pak System

August 12, 2022 | Critical Severity

Security Bulletin: Vulnerability in Apache Log4j affects IBM InfoSphere Master Data Management (CVE-2021-44228 )

August 12, 2022 | Critical Severity

Security Bulletin: IBM Security Identity Manager Virtual Appliance is vulnerable to arbitrary code execution due to Apache Log4j and other issues (CVE-2021-4104, CVE-2021-45046, CVE-2021-38951)

August 12, 2022 | Critical Severity