IBM Support

IJ36855: HDFS TRANSPARENCY LOG4J CVE-2019-17571 & CVE-2021-4104

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • The Spectrum Scale HDFS Transparency connector version
3.1.0-9, 3.1.1.7 and 3.3.0-0 contain Apache Log4j libraries
that are affected by the security vulnerabilities
CVE-2019-17571 & CVE-2021-4104.

Local fix

  • Manually patch affected log4j libraries.

Problem summary

  • The Spectrum Scale HDFS Transparency connector version
3.1.0-9, 3.1.1.7 and 3.3.0-0 contain Apache Log4j libraries
that are affected by the security vulnerabilities
CVE-2019-17571 & CVE-2021-4104.

Problem conclusion

  • This problem is fixed in 5.0.5 PTF 12
To see all Spectrum Scale APARs and
their respective fix solutions refer to page
https://public.dhe.ibm.com/storage/spectrumscale/spectrum_scale_
apars.html

Benefits of the solution:
Fixed important security vulnerabilities.

Work Around:
Manually patch affected log4j libraries.

Problem trigger:
The Spectrum Scale HDFS Transparency
connector is not vulnerable in default configurations.

Symptom: N/A

Platforms affected:  ALL Operating System environments.

Functional Area affected: HDFS Connector.

Customer Impact: High Importance

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ36855
    • 

  • Reported component name
    SPEC SCALE STD
    • 

  • Reported component ID
    5737F33AP
    • 

  • Reported release
    505
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-12-29
    • 

  • Closed date
    2021-12-29
    • 

  • Last modified date
    2021-12-29
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SPEC SCALE STD
    • 

  • Fixed component ID
    5737F33AP
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"STXKQY"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"505","Line of Business":{"code":"LOB26","label":"Storage"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 December 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback