IBM Security Guardium is not vulnerable to Apache log4j vulnerability CVE-2021-44832

Flashes (Alerts)

Abstract

CVE-2021-44832 is a remote code execution vulnerability in Apache log4j.

Content

CVE-2021-44832 is distinct from earlier Apache log4j vulnerabilities where IBM Security Guardium is vulnerable.

CVE-2021-45105 & CVE-2021-45046: Guardium is vulnerable. Details - https://www.ibm.com/support/pages/node/6537142
CVE-2021-44228: Guardium is vulnerable. Details - https://www.ibm.com/support/pages/node/6525870
CVE-2021-44832: Guardium is not vulnerable

For CVE-2021-44832 to be exploited, a system must have it's log4j configured to fetch its configuration from a remote server. Guardium does not fetch log4j configurations from remote servers, it is all done locally. Therefore, CVE-2021-44832 cannot be exploited on a Guardium appliance.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0JAAS","label":"APPLIANCE"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

IBM Security Guardium is not vulnerable to Apache log4j vulnerability CVE-2021-44832

Flashes (Alerts)

Abstract

Content

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?