IBM Support

Security Bulletin: Apache Log4j vulnerabilities in IBM WebSphere Application Server impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology

Security Bulletin


Summary

There are multiple vulnerabilities from Apache Log4j (CVE-2021-4104, CVE-2021-45046) that affect IBM WebSphere Application Server that affect IBM Engineering Products based on IBM Jazz technology.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)Version(s)
Collaborative Lifecycle Management (CLM)6.0.6, 6.0.6.1
Rational Team Concert (RTC)6.0.6, 6.0.6.1
Rational DOORS Next Generation (RDNG)6.0.6, 6.0.6.1
Rational Quality Manager (RQM)6.0.6, 6.0.6.1
Engineering Lifecycle Management (ELM)7.0, 7.0.1, 7.0.2
IBM Engineering Workflow Management (EWM)7.0, 7.0.1, 7.0.2
IBM Engineering Requirements Management DOORS Next (DOORS Next)7.0, 7.0.1, 7.0.2
IBM Engineering Workflow Management (EWM)7.0, 7.0.1, 7.0.2
Global Configuration Management (GCM)6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by taking the steps below:

There are multiple vulnerabilities in Apache Log4j (CVE-2021-4104, CVE-2021-45046), which is used by different versions of IBM WebSphere Application Server (WAS). If you integrate any of the IBM Jazz Team Server-based products and versions (6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2) listed above, you will want to review and apply the following IBM WebSphere Application Server (WAS) remediation guidance.

Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)

 

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement

Change History

28 Dec 2022: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSJJ9R","label":"Rational DOORS Next Generation"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.6 - 7.0.2","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCP65","label":"Rational Team Concert"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.6 - 7.0.2","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRNEV","label":"Rational Rhapsody Design Manager"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.6 - 7.0.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSR27Q","label":"Rational Quality Manager"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.6 - 7.0.2","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYMRC","label":"Rational Collaborative Lifecycle Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.6 - 7.0.2","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}}]

Document Information

Modified date:
07 January 2022

UID

ibm16538722

Page Feedback