Nov 25, 2021 7:01 pm EST
Categorized: Low Severity
Share this post:
IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender.
Affected product(s) and affected version(s):
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6519488
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/180824