IBM Support

PH42762 Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-4104 CVSS 8.1, CVE-2021-45046 CVSS 9.0)

Download


Downloadable File

Abstract

Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-4104 CVSS 8.1, CVE-2021-45046 CVSS 9.0)

Download Description

PH42762 resolves the following problem:

ERROR DESCRIPTION:
Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-4104 CVSS 8.1, CVE-2021-45046 CVSS 9.0)
 
TEMPORARY FIXES:

PROBLEM CONCLUSION:
This issue is addressed by removing Apache Log4j from WebSphere Application Server.

The fix for this APAR is targeted for inclusion in fix packs 8.5.5.21, 9.0.5.11 and Liberty 22.0.0.1.

For more information, see 'Recommended Updates for WebSphere Application Server': 
This fix supersedes (includes) the fix for PH42728, PH37034, PI97162

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V80 readme file 2324
V70 readme file 5079
21.0.0.12 readme file 2303
V90 readme file 2589
V85 readme file 2553

Download Package

 
IMPORTANT NOTE:
WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download the fixes in this table. 
DOWNLOAD RELEASE DATE SIZE(Bytes) Applicable Fix Packs

DOWNLOAD Options

What is Fix Central(FC)?

Notes:
9.0.5.3-WS-WASProd-IFPH42762 15 December 2021 7205405 9.0.5.3 through 9.0.5.10 FC
8.5.5.11-WS-WASProd-IFPH42762 15 December 2021 7216447 8.5.5.11 through 8.5.5.20 FC
8.0.0.15-WS-WASProd-IFPH42762 15 December 2021 6721147 8.0.0.15 FC
7.0.0.45-WS-WAS-IFPH42762 15 December 2021 6395512 7.0.0.45 FC
21.0.0.12-WS-WLP-OS390-IFPH42762 15 December 2021 1296040 21.0.0.12 FC z/OS Only
21.0.0.9-WS-WLP-IFPH42762 15 December 2021 1284128 21.0.0.9 FC z/OS Only

Problems Solved

PH42762, PH37034, PI97162

Change History

  1. CVSS score updated from 3.7 to 9.0 on 21 December 21, 2021
  2. Update conclusion on 10 March, 2022

On

Technical Support

Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"},{"code":"PF017","label":"Mac OS"},{"code":"PF014","label":"iOS"}],"Version":"21.0.0.12;21.0.0.9;7.0.0.45;8.0.0.15;8.5.5.11;8.5.5.12;8.5.5.13;8.5.5.14;8.5.5.15;8.5.5.16;8.5.5.17;8.5.5.18;8.5.5.19;8.5.5.20;9.0.5.10;9.0.5.3;9.0.5.4;9.0.5.5;9.0.5.6;9.0.5.7;9.0.5.8;9.0.5.9","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
10 March 2022

UID

ibm16526686