Troubleshooting
Problem
Multiple vulnerabilities were detected in Log4J 1.x that includes:
CVE-2019-17571 (Severity = CRITICAL)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data, which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data.
CVE-2021-4104 (Severity = HIGH)
A vulnerability of CVE-2021-4104 was identified within JMSAppender in Apache Log4j 1.x, which is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JMS Broker.
CVE-2020-9488 (Severity = LOW)
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This allows an SMTPS connection to be intercepted by a man-in-the-middle attack, which could leak any log messages sent through that appender.
CVE-2022-23305 (Severity = MEDIUM)
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.
CVE-2022-23302 (Severity = HIGH)
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSSink and to the attacker's JNDI LDAP endpoint.
CVE-2022-23307 (Severity = HIGH)
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.
Symptom
The Log4j 1.x in specific versions of IBM SPSS Collaboration and Deployment Services (C&DS), IBM SPSS Modeler Server Adapters and IBM Analytical Decision Management might be vulnerable under nondefault configurations.
Affected Products and Versions:
IBM SPSS Collaboration and Deployment Services from 7.0 to 8.2.2
IBM SPSS Modeler Server Adapters for IBM SPSS Collaboration and Deployment Services from 17.0 to 18.2.2
IBM Analytical Decision Management 18.0
This Technical Note Covered:
IBM SPSS Collaboration and Deployment Services 8.1 and 8.1.1, deployed on Oracle WebLogic.
IBM SPSS Modeler Server Adapters for IBM SPSS Collaboration and Deployment Services 18.1 and 18.1.1, deployed on Oracle WebLogic.
[{"Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS69YH","label":"IBM SPSS Collaboration and Deployment Services"},"ARM Category":[{"code":"a8m50000000CadgAAC","label":"Collaboration and Deployment Services"},{"code":"a8m50000000CaeKAAS","label":"Collaboration and Deployment Services-\u003EC\u0026DS Repository Server"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.1.0;8.1.1","Type":"MASTER"},{"Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS2H88","label":"IBM SPSS Modeler Server"},"ARM Category":[{"code":"a8m0z00000006jhAAA","label":"Modeler-\u003EScoring Adapter"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"18.1.x","Type":"MASTER"},{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS6A3P","label":"IBM Analytical Decision Management"},"ARM Category":[{"code":"a8m0z000000CbavAAC","label":"Collaboration and Deployment Services-\u003EAnalytical Decision Management"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"18.0.0"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
23 February 2022
UID
ibm16556402