Flashes (Alerts)
Abstract
CVE-2021-44832 is a remote code execution vulnerability in Apache log4j.
Content
CVE-2021-44832 is distinct from earlier Apache log4j vulnerabilities where IBM Security Guardium is vulnerable.
- CVE-2021-45105 & CVE-2021-45046: Guardium is vulnerable. Details - https://www.ibm.com/support/pages/node/6537142
- CVE-2021-44228: Guardium is vulnerable. Details - https://www.ibm.com/support/pages/node/6525870
- CVE-2021-44832: Guardium is not vulnerable
For CVE-2021-44832 to be exploited, a system must have it's log4j configured to fetch its configuration from a remote server. Guardium does not fetch log4j configurations from remote servers, it is all done locally. Therefore, CVE-2021-44832 cannot be exploited on a Guardium appliance.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0JAAS","label":"APPLIANCE"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
12 January 2022
UID
ibm16540020