IBM Support

Release Notes: Apache log4j Security Vulnerability

White Papers


Abstract

This page provides information about the IBM Sterling B2B Integrator versions that are impacted by log4j security vulnerability and the remediation measures to be followed.

Content

Affected versions

The following versions of IBM Sterling B2B Integrator are affected by the log4j vulnerability.

  • 5.2.6.5_4
  • 6.0.x.x
  • 6.1.x.x

Unaffected versions

The following versions of IBM Sterling B2B Integrator are not affected by the log4j vulnerability.

  • 5020605_3 and all lower fix packs
  • 5020604 and all fix packs
  • 5020603 and all fix packs
  • 5020602 and all fix packs
  • 5020601 and all fix packs
  • 5020600 and all fix packs
  • 5020500 and all fix packs
  • 5020402 and all fix packs

log4j versions

Apache log4j2 versions 2.0-alpha1 through 2.16.0 are impacted. The security vulnerability issue is fixed in log4j v2.17.0.

Remediation

You must upgrade to Apache log4j v2.17.0 to get the fix for CVE-2021-44228 and CVE-2021-45046 fixes.

The following GA iFix releases contain the fix for the log4j vulnerability.

  • v6.0.0.7_1
  • v6.0.1.2_1
  • v6.0.2.3_1
  • v6.0.3.5_1
  • v6.1.0.4_1
  • v6.1.1.0_1

Note

  • You must download the above iFixes from IBM Fix Central and install the patch for IBM Sterling B2B Integrator and IBM Sterling Global Mailbox.
  • You must immediately apply current remediation steps published as part of CVE-2021-45046 Security Bulletin if you are not on the latest version.  For more information, see https://www.ibm.com/support/pages/node/6537664

Security bulletins

For more information, refer to the following Security Bulletins:

IBM Sterling B2B Integrator

IBM Sterling Global Mailbox

Preliminary steps before applying the iFix

Follow these steps before you download the iFix from Fix Central.

  • Stop the IBM Sterling B2B Integrator server.
  • Back up the IBM Sterling B2B Integrator install directory and database.

Steps to install or upgrade

You must follow the exact same steps either to install or upgrade to the log4j iFix as any other GA iFix.

Related information

For more information, refer to the following articles:

 

[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"ARM Category":[{"code":"a8m50000000Cjy9AAC","label":"Security->Security Vulnerability"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

More support for:
IBM Sterling B2B Integrator

Component:
Security->Security Vulnerability

Software version:
All Versions

Document number:
6540602

Modified date:
13 January 2022

UID

ibm16540602

Manage My Notification Subscriptions

Page Feedback