Medium Severity

Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Archive Enterprise Edition (CVE-2021-44832)

January 21, 2022

Categorized: Medium Severity

Share this post:

A vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Archive Enterprise Edition includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j files. The below fix package includes Apache Log4j 2.17.1.

CVE(s): CVE-2021-44832

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
Enterprise Edition	1.3.1.0 – 1.3.2.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6549768
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216189

Medium Severity

Security Bulletin: Log4j vulnerability CVE-2021-44228 affects IBM Cloud Pak for Data System 1.0

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Search Posts

Archives

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

Helpful Information

More stories

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP header injection

May 17, 2022 | Medium Severity

IBM has addressed the CVE ...read more

Security Bulletin: IBM DataPower Gateway vulnerable to temporary DoS

May 17, 2022 | Medium Severity

IBM has addressed the CVEs ...read more

Security Bulletin: Potential Denial of Service in IBM DataPower Gateway

May 16, 2022 | Medium Severity

IBM has addressed the CVE ...read more