Low Severity

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2020-9488)

Share this post:

IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender.

CVE(s): CVE-2020-9488

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Curam SPM 8.0.0
Curam SPM 7.0.11

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6519488
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/180824

More stories

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45046)

Jan 18, 2022 7:02 pm EST | Low Severity

There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability (CVE-2021-45046). ...read more


Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Java version used in it.(CVE-2021-2341)

Jan 17, 2022 7:03 pm EST | Low Severity

IBM Rational Build Forge version 8.0 to 8.0.0.20 is affected by the Java version used in it. CVE-2021-2341 ...read more


Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-39275)

Jan 17, 2022 7:02 pm EST | Low Severity

IBM Rational Build Forge version 8.0.x is affected by CVE-2021-39275 ...read more