Critical Severity

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) may affect IBM Watson Assistant for IBM Cloud Pak for Data

Share this post:

A potential vulnerability (CVE-2021-44228) has been identified related to Apache Log4j that may affect IBM Watson Assistant for IBM Cloud Pak for Data.  Several components of IBM Watson Assistant for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. Refer to details for additional information.

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
 IBM Watson Assistant for IBM Cloud Pak for Data 1.5.0, 4.0.0, 4.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6528180
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

More stories

Security Bulletin: IBM Spectrum Discover is vulnerable to Docker CLI (CVE-2021-41092) and Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) weaknesses

August 18, 2022 | Critical Severity

Docker CLI (CVE-2021-41092) is vulnerable to attacks to obtain sensitive information. Docker CLI is used by IBM Spectrum Discover as part to the infrastructure to manage the images and containers in the system. Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) is vulnerable to attackers to execute arbitrary code to view, add, modify or delete information in the databases. Apache Log4j is used by IBM Spectrum Discover to authenticate inside to the modules of Apache kafka to log events. The fix include upgrade Apache Log4j to v2.17.1. ...read more


Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in ICU [CVE-2017-14952 and CVE-2020-10531]

August 18, 2022 | Critical Severity

These vulnerabilties affect only those customers who have configured a binary transform action using a tx-map. IBM has addressed the CVEs. [CVE-2017-14952 and CVE-2020-10531] ...read more


Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System

August 17, 2022 | Critical Severity

Multiple Vulnerabilities have been found in Node.js used by the Common UI Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. ...read more