Download
Downloadable File
| File link | File size | File description |
|---|---|---|
Abstract
Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-4104 CVSS 8.1, CVE-2021-45046 CVSS 9.0)
Download Description
PH42762 resolves the following problem:
ERROR DESCRIPTION:
Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-4104 CVSS 8.1, CVE-2021-45046 CVSS 9.0)
PROBLEM CONCLUSION:
This issue is addressed by removing Apache Log4j from WebSphere Application Server.
The fix for this APAR is targeted for inclusion in fix packs 8.5.5.21, 9.0.5.11 and Liberty 22.0.0.1.
For more information, see 'Recommended Updates for WebSphere Application Server':
ERROR DESCRIPTION:
Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-4104 CVSS 8.1, CVE-2021-45046 CVSS 9.0)
TEMPORARY FIXES:
See the Workarounds and Mitigations section of the Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046).
PROBLEM CONCLUSION:
This issue is addressed by removing Apache Log4j from WebSphere Application Server.
The fix for this APAR is targeted for inclusion in fix packs 8.5.5.21, 9.0.5.11 and Liberty 22.0.0.1.
For more information, see 'Recommended Updates for WebSphere Application Server':
This fix supersedes (includes) the fix for PH42728, PH37034, PI97162
Prerequisites
None
Installation Instructions
Review the readme.txt for detailed installation instructions.
| URL | SIZE(Bytes) |
|---|---|
| V80 readme file | 2324 |
| V70 readme file | 5079 |
| 21.0.0.12 readme file | 2303 |
| V90 readme file | 2589 |
| V85 readme file | 2553 |
Download Package
|
IMPORTANT NOTE:
|
WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download the fixes in this table.
|
| DOWNLOAD | RELEASE DATE | SIZE(Bytes) | Applicable Fix Packs |
DOWNLOAD Options |
Notes: |
|---|---|---|---|---|---|
| 9.0.5.3-WS-WASProd-IFPH42762 | 15 December 2021 | 7205405 | 9.0.5.3 through 9.0.5.10 | FC | |
| 8.5.5.11-WS-WASProd-IFPH42762 | 15 December 2021 | 7216447 | 8.5.5.11 through 8.5.5.20 | FC | |
| 8.0.0.15-WS-WASProd-IFPH42762 | 15 December 2021 | 6721147 | 8.0.0.15 | FC | |
| 7.0.0.45-WS-WAS-IFPH42762 | 15 December 2021 | 6395512 | 7.0.0.45 | FC | |
| 21.0.0.12-WS-WLP-OS390-IFPH42762 | 15 December 2021 | 1296040 | 21.0.0.12 | FC | z/OS Only |
| 21.0.0.9-WS-WLP-IFPH42762 | 15 December 2021 | 1284128 | 21.0.0.9 | FC | z/OS Only |
Problems Solved
PH42762, PH37034, PI97162
Change History
- CVSS score updated from 3.7 to 9.0 on 21 December 21, 2021
- Update conclusion on 10 March, 2022
On
Technical Support
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"},{"code":"PF017","label":"Mac OS"},{"code":"PF014","label":"iOS"}],"Version":"21.0.0.12;21.0.0.9;7.0.0.45;8.0.0.15;8.5.5.11;8.5.5.12;8.5.5.13;8.5.5.14;8.5.5.15;8.5.5.16;8.5.5.17;8.5.5.18;8.5.5.19;8.5.5.20;9.0.5.10;9.0.5.3;9.0.5.4;9.0.5.5;9.0.5.6;9.0.5.7;9.0.5.8;9.0.5.9","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
10 March 2022
UID
ibm16526686