Flashes (Alerts)
Abstract
IBM Spectrum Scale and ESS bundle Apache Log4j. Apache Log4j versions prior to 2.15.0 are susceptible to this vulnerability which could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Java logging library. By sending a specially-crafted string value, an attacker could exploit this vulnerability to execute arbitrary code on the system
Content
Users Affected:
This vulnerability may affect:
- Customers running the GUI at these levels of IBM Spectrum Scale:
- V5.0.5.0 through 5.0.5.11
- V5.1.0.0 through 5.1.2.1
- Customers running the GUI at these levels of IBM Elastic Storage System:
- ESS 5.3.6.0 through 5.3.7.3
- ESS 6.0.1.0 through 6.0.2.3
- ESS 6.1.0.0 through 6.1.2.0
- Customers running IBM Spectrum Scale on AWS Marketplace version "Spectrum Scale 5.0.5.3 BYOL v1.3.1".
- Customers running IBM Spectrum Scale CNSA V5.1.1.1 through V5.1.2.1.
Problem Determination:
Determine if you are using any of the versions of IBM Spectrum Scale or ESS impacted by this vulnerability.
Recommendations:
Please refer to the following security bulletins :
[{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"STXKQY","label":"IBM Spectrum Scale"},"ARM Category":[{"code":"a8m3p000000hAl9AAE","label":"GUI"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"5.0.5;5.1.0;5.1.1;5.1.2"},{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"STHMCM","label":"IBM Elastic Storage Server"},"ARM Category":[{"code":"a8m50000000KzelAAC","label":"GUI"}],"Platform":[{"code":"PF016","label":"Linux"}],"Version":"5.3.7;6.0.0;6.1.0;6.1.2"}]
Was this topic helpful?
Document Information
Modified date:
22 December 2021
UID
ibm16526202