IBM Support

IBM Control Center CVE-2021-45046 - CVSS 3.7

Troubleshooting


Problem

CVEID: CVE-2021-45046
Description: Apache Log4j is vulnerable to a denial of service, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. A remote attacker with control over Thread Context Map (MDC) input data or a Thread Context Map pattern to exploit this vulnerability to craft malicious input data using a JNDI Lookup pattern and cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195 for more information
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

=======================================================  

https://logging.apache.org/log4j/2.x/security.html

Fixed in Log4j 2.12.2 and Log4j 2.16.0

CVE-2021-45046

CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack.

Severity: Moderate

Base CVSS Score: 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Versions Affected: all versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS9GLA","label":"IBM Control Center"},"ARM Category":[{"code":"a8m0z000000cwVyAAI","label":"ENGINE"}],"ARM Case Number":"TS007808656","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.2;6.1.3"},{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSJC3O","label":"IBM Sterling Control Center Monitor"},"ARM Category":[{"code":"a8m0z000000cwVyAAI","label":"ENGINE"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSNG8A","label":"IBM Sterling Control Center Director"},"ARM Category":[{"code":"a8m0z000000cwVyAAI","label":"ENGINE"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
17 December 2021

UID

ibm16527898

Page Feedback