Critical Severity

Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring installed WebSphere Application Server (CVE-2021-44228)

Share this post:

The following security issue has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring (ITM) portal server. Note that log4j 2.x is not actually used by ITM but is present as part of the Tivoli Portal Server component installation as it prereqs and installs WebSphere Application Server. WebSphere Application server includes log4j in an installable ear file, uddi.ear, that is not automatically deployed. You can safely remove this uddi.ear file.

CVE(s): CVE-2021-44228

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Tivoli Monitoring 6.3.0 fix pack 7 service pack 5(or later service pack)

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6527962
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921

More stories

Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics – Log Analysis

November 22, 2022 | Critical Severity

There are multiple vulnerabilities in various versions of Data-Binding functionality for Jackson that affect IBM Operations Analytics - Log Analysis. It has been fixed. The vulnerabilities are listed in the Vulnerability Details section below. ...read more


Security Bulletin: Vulnerabilities in Apache Hadoop affect IBM Operations Analytics – Log Analysis (CVE-2022-26612, CVE-2022-25168)

November 22, 2022 | Critical Severity

Multiple vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis. This has been fixed. The vulnerabilities are in Vulnerability Details section. ...read more


Security Bulletin: Apache Commons Text as used by IBM QRadar SIEM is vulnerable to code execution [CVE-2022-42889]

November 22, 2022 | Critical Severity

Apache Commons Text as used by IBM QRadar SIEM is vulnerable to arbitrary code execution. IBM has addressed the relevant CVE. [CVE-2022-42889] ...read more