Critical Severity

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)

Share this post:

IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer.

CVE(s): CVE-2019-17571

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Curam SPM 8.0.0
Curam SPM 7.0.11

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6519984
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/173314

More stories

Security Bulletin: IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Jan 19, 2022 7:01 pm EST | Critical Severity

Log4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046. ...read more


Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Conductor is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)

Jan 19, 2022 7:01 pm EST | Critical Severity

Apache Log4j is used by IBM Spectrum Conductor for generating logs in some of its components such as ELK, ascd, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105) in IBM Spectrum Conductor. ...read more


Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Symphony is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)

Jan 19, 2022 7:01 pm EST | Critical Severity

Apache Log4j is used by IBM Spectrum Symphony for generating logs in some of its components such as ELK, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105) in IBM Spectrum Symphony. ...read more