IBM QRadar SIEM currently depends on the Apache log4j 1 library for application logging from QRadar services. The Apache log4j 1 library is also used for QRadar internal log sources, such as audit log events for self-monitoring and system health metrics.
- 20 May 2022 (10:00 AM EDT): Modified the technical note to reflect the current release schedule for QRadar Upgrade Packs.
- 9 September 2022 (10:00 AM EDT): Modified the technical note to reflect the release of QRadar 7.5.0 Update Package 3.
- There are currently five known CVEs which impact log4j 1. IBM QRadar SIEM does not use any of the affected modules as currently delivered.
- CVE-2019-17571 - QRadar does not use the affected socket server.
- CVE-2020-9488 - QRadar does not use the SMTP appender.
- CVE-2022-23302 - QRadar does not use JMS appender.
- CVE-2022-23305 - QRadar does not write to DB using JDBC appender.
- CVE-2022-23307 - QRadar does not use the Chainsaw GUI.
- In a future release, an Upgrade Pack (UP) is planned to update log4j to the latest supported version.
- 7.5.0 Update Pack 3 released on 6 September 2022.
- 7.4.3 Fix Pack 7 targeted release for September 2022.
- 7.3.3 Fix Pack 12, no updates planned. Administrators can apply an upgrade to a QRadar 7.4.x or 7.5.x version mentioned in this technical note. QRadar 7.3.x versions are officially end of life on 30 September 2022.
- IBM QRadar SIEM 7.5
- IBM QRadar SIEM 7.4.3
- IBM QRadar SIEM 7.3.3
For more information about IBM QRadar SIEM product security, see https://www.ibm.com/blogs/psirt/.
Was this topic helpful?
10 September 2022