There is a vulnerability in the Apache Log4j open source library used by IBM Informix Dynamic Server for IBM Informix HQ. The fix includes Apache Log4j 2.17.1. Customers are encouraged to take immediated action by applying the interim fix.
CVEID:CVE-2021-4104
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Informix Dynamic Server | 14.10 |
IBM Informix Dynamic Server | 12.10.x |
For 14.10 IBM Informix Server
**IBM strongly recommends addressing the vulnerability now by applying the Interim Fix. **
For 12.10 IBM Informix Server
* **12.10.xC15**: [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Informix&release=12.10.FC15&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Informix&release=12.10.FC15&platform=All&function=all>)
CPE | Name | Operator | Version |
---|---|---|---|
informix servers | eq | 12.10. | |
informix servers | eq | 14.10. |