JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
{"ibm": [{"lastseen": "2023-05-23T17:45:42", "description": "## Summary\n\nA vulnerability (Log4Shell) in Apache Log4j used by IBM InfoSphere Information Server was addressed. Various components in Information Server use Log4j to log messages for diagnostics. The fix upgrades log4j to version 2.16.0.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7, 11.5, 11.3 \n \n \nInformation Server 11.5 and 11.3 are affected. Both releases are past end of service.\n\n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 | [JR64358](<http://www.ibm.com/support/docview.wss?uid=swg1JR64358> \"JR64358\" ) | \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> \"11.7.1.3\" ) \n\\--Apply Information Server [11.7.1.3 Service pack 1](<https://www.ibm.com/support/pages/node/6527912>) \n \n \nNote: \n1\\. You should also apply the fix for other components (WebSphere Application Server, Db2, etc.) in your environment. See the Related information section for relevant bulletins; however, it is best to check the [IBM PSIRT blog](<https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/> \"IBM PSIRT blog\" ) for any updated information from these components. \n \n2\\. Information Server saves prior versions of jar files to facilitate patch rollbacks and uninstall of components: \n\na. In the Updates folder within your Information Server location, for each patch installed, a patch folder is created with the name of the patch. The patch folder contains copies of files that are replaced during the patch install. The patch folder name is based on the name of the patch which can be seen in the History section of your Version.xml. The files in this folder are used by the Update installer to roll back a patch installation; they are not needed while Information Server is used. \nb. Each time the Update Installer is updated, the jar files used by the Update Installer that are changed, are saved in a new lib.<timestamp> folder within the Updates folder. \nc. The _uninstall folder contains files that are only used while uninstalling Information Server components.\n\nFor Apache Log4j related patches, the prior vulnerable versions of Apache Log4j could be present within such folders. \nIf you want to remove such Apache Log4j files from the system, take a backup of such a folder and then purge the folder.\n\nAn appropriate backup of the patch folder must be restored before any subsequent patch rollback attempt. \nLikewise, an appropriate backup of the files in _uninstall must be restored before any subsequent uninstall action.\n\n \n3\\. (April 27, 2022) In some configurations (such as when the Services tier is separate), Service Pack 3 might not upgrade all files. For that situation, Service Pack 4 should be installed. You can check your Services tier to see whether any log4j jars with version older than 2.17.1 are present. \n \n4\\. (October 14, 2022) Some open source components usage of log4j version 1 was addressed in Information Server 11.7.1.4.\n\n## Workarounds and Mitigations\n\nNote: \n1\\. The following steps can be done to mitigate the vulnerability. However, we strongly recommend applying the fix on top of 11.7.1.3. \n2\\. It is imperative that the mitigation or fix be applied as soon as possible. \n3\\. Information Server saves prior versions of jar files to facilitate patch rollbacks and uninstall of components: \n\na. In the Updates folder within your Information Server location, for each patch installed, a patch folder is created with the name of the patch. The patch folder contains copies of files that are replaced during the patch install. The patch folder name is based on the name of the patch which can be seen in the History section of your Version.xml. The files in this folder are used by the Update installer to roll back a patch installation; they are not needed while Information Server is used. \nb. Each time the Update Installer is updated, the jar files used by the Update Installer that are changed, are saved in a new lib.<timestamp> folder within the Updates folder. \nc. The _uninstall folder contains files that are only used while uninstalling Information Server components.\n\nFor Apache Log4j related patches, the prior vulnerable versions of Apache Log4j could be present within such folders. \nIf you want to remove such Apache Log4j files from the system, take a backup of such a folder and then purge the folder.\n\nAn appropriate backup of the patch folder must be restored before any subsequent patch rollback attempt. \nLikewise, an appropriate backup of the files in _uninstall must be restored before any subsequent uninstall action.\n\n \n \n**Steps:** \n \n \n1\\. **Applicability of the mitigation steps**: \n\n * These steps can be applied to any 11.7 or 11.5 or 11.3 installation.\n * If you have a Microservices tier (available since 11.7), follow the instructions in step 8 to mitigate the Microservices tier.\n\n2\\. **Script information**: \nTo mitigate the vulnerability, the JndiLookup.class must be removed from all instances of log4j 2.x jars. \nA UNIX script, iis-log4j-mitigation.sh, is provided to make it convenient to remove the class. After using the script, check the system for any log4j instances that contain the class. \nFor Windows, a PowerShell script, iis-log4j-mitigation.ps1 is provided. \nThere are other vulnerable classes in log4j 1.x jars, JMSAppender and SocketServer, that were reported in CVE-2021-4104. Information Server releases are not vulnerable to this CVE. However, the script will also remove these classes. \nWe estimate that the script should take less than 20 minutes to execute. \n \nUsage: \niis-log4j-mitigation.sh -i|-install-dir <path> [-w|-work-dir <working-dir-path>] [-l|-log4j-version <1|2>] [-r|-remove] \n\niis-log4j-mitigation.sh -help \n \nwhere \n<path> is the absolute path to the InfoSphere Information Server or WebSphere installation location. \nYou should run the script against each location. \n<working-dir-path> is the location for a temporary work directory used by the script. \nWe estimate that a minimum of 1G disk space is needed in the work directory. \n-log4j-version specifies the Apache Log4j version, '1' or '2', to mitigate. \nBy default, both log4j versions are mitigated. Script version 1.1 or later is needed to use this option. \n-remove should be specified to remove the classes. \nIf not specified, the script will only list the locations where the classes are found. \n-help provides information on usage and requirements \n \n3\\. **Backup**: \nTake a backup of your Information Server and WebSphere Application Server directories. \n\n4\\. **Where to run the script and how to use it**: \nThe script should be run on the Information Server Services, Engine and Client tiers. \nThe script should also be run against the directory where WebSphere Application Server is located, assuming that it is not in the same directory tree as Information Server.\n\na. Stop Information Server. Ensure that no Information Server services or processes are running. \nb. For each tier/install location, first, run the script without the remove option to list all locations of the classes. \nNote the owner of the jars containing these classes. \nc. Next, as the jar owner, run the script with the \u2013remove option to remove the classes from these locations. \nd. Finally, run the script again without the remove option to check whether any locations are reported. \ne. Manually check the system for any log4j instances that contain the classes. \nf. Restart Information Server. \n \n5\\. **Pre-requisites**: \n\nFor UNIX:\n\nSome of the steps in the script need zip, unzip and bash to be run. \nYou may need to install zip, unzip and bash on UNIX systems.\n\n6\\. **Download script**:\n\nDownload the script for your platform to a directory that is not in the paths to be scanned.\n\nFor UNIX:\n\n \n_iis-log4j-mitigation.sh _\n\nFor Windows:\n\n \n_iis-log4j-mitigation.ps1_\n\n \nAfter the script is downloaded, examine the script properties (Alt+Enter or right-click -> Properties), and check whether there is a security notification at the bottom of the General tab that indicates: \n_This file came from another computer and might be blocked to help protect this computer._\n\nIf the security notification is present, do one of the following:\n\n * Check the Unblock check box. \nClick Apply.\n\n \n\n\n * or Set the execution policy in the PowerShell window to Unrestricted:\n \n \n Set-ExecutionPolicy -ExecutionPolicy Unrestricted\n\nYou may still be prompted to accept execution of the script each time you run the script.\n\n \n\n\n7\\. **Apply mitigation (Services, Engine, Client tiers):**\n\nPerform the following actions on the tier indicated.\n\n### **Services Tier**\n\nRun the script against your services tier location, as indicated in step 4 above. \n\n\n** Address WebSphere Application Server:** \nRun the script against your WebSphere installation location, as indicated in step 4 above. \n \nWebSphere fixes for the log4j vulnerability should be applied per WebSphere security bulletins. They may require upgrading your WebSphere version prior to applying the fix. A list of WebSphere bulletins is provided in the Related Information section. \nFor advice on various WebSphere security fixes for log4j vulnerabilities, see [https://www.ibm.com/support/pages/node/6525860](<https://www.ibm.com/support/pages/node/6525860>). \na. Apply the [latest WebSphere fix](<https://www.ibm.com/support/pages/node/6526750>) (PH42762) for log4j (even if you applied the original fix PH42728). \nb. Additionally, \nFor Liberty profile, apply [https://www.ibm.com/support/pages/node/6526824](<https://www.ibm.com/support/pages/node/6526824>) (PH42759) \nFor Network Deployment profile, apply [https://www.ibm.com/support/pages/node/6528220](<https://www.ibm.com/support/pages/node/6528220>) (PH42899)\n\n**Update Solr if you do not have a Microservices tier:**\n\n 1. Change directory to <INSTALL_LOCATION>/shared-open-source/solr/install/bin\n 2. Edit the solr scripts solr.in.sh or solr.in.cmd \nUNIX \nAppend _SOLR_OPTS=\"$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true\" \n_Windows \nAppend _set SOLR_OPTS=%SOLR_OPTS% -Dlog4j2.formatMsgNoLookups=true_\n 3. Restart the services \n \nLINUX \n/shared-open-source/bin/stop-linux-services.sh \n/shared-open-source/bin/start-linux-services.sh \nAIX \n/shared-open-source/bin/stop-aix-services.sh \n/shared-open-source/bin/start-aix-services.sh \nWindows \n/shared-open-source/bin/stop-windows-services.bat \n/shared-open-source/bin/start-windows-services.bat\n\n** Engine tier**\n\nRun the script as indicated in step 4 above.\n\n** Client tier**\n\nRun the script as indicated in step 4 above.\n\n8\\. **Apply mitigation (Microservices tier):**\n\nIf you have the Microservices tier installed, download the archive (ms-tier-log4shell-scripts-0.1.0.tar.gz) to mitigate the vulnerability on the Microservices tier. The archive contains several scripts and a readme file which explains how to use the scripts. You can apply this mitigation even if you applied the instructions in an earlier version of this bulletin.\n\nCopy the archive to a new directory on the system that is running the Microservices tier, uncompress it and extract the contents.\n\nRead the instructions in the README.md file.\n\nRun the scripts under the same user id that installed the Microservices tier (the user id that runs kubectl commands).\n\nNote: The Microservices tier only runs on Linux.\n\nms-tier-log4shell-scripts-0.1.0.tar.gz\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-14T22:12:23", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Log4j affects IBM InfoSphere Information Server (CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2022-10-14T22:12:23", "id": "A8769BC2B0DB66C792D9EFA7CBEF5668B22FB52A475E194FEB169B3B4BC31FD6", "href": "https://www.ibm.com/support/pages/node/6527372", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:11", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library used by IBM Informix Dynamic Server for IBM Informix HQ. The fix includes Apache Log4j 2.17.1. Customers are encouraged to take immediated action by applying the interim fix.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Informix Dynamic Server| 14.10 \nIBM Informix Dynamic Server| 12.10.x \n \n\n\n## Remediation/Fixes\n\n**For 14.10 IBM Informix Server** \n\n\n 1. Go to [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Informix&release=14.10.FC7&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Informix&release=14.10.FC7&platform=All&function=all>)\n 2. Download and install the 14.10.FC7W1 version for your platform which contains the fix in InformixHQ.\n\n## Workarounds and Mitigations\n\n**IBM strongly recommends addressing the vulnerability now by applying the Interim Fix. \n**\n\n**For 12.10 IBM Informix Server**\n\n 1. Go to **Fix Central** and search for your product version: \n\n * **12.10.xC15**: [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Informix&release=12.10.FC15&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/Informix&release=12.10.FC15&platform=All&function=all>)\n 2. Download _informixhq-server.jar_ **and** _informixhq-agent.jar_ from Fix Central\n 3. Stop InformixHQ server and InformixHQ agent\n 4. Replace the existing informixhq-agent.jar and informixhq-server.jar files in the ${INFORMIXDIR}/hq directory with the new Informixhq-1.6.3 jar files in every affected installation.\n 5. With these updates you can continue to use the InformixHQ startup scripts (InformixHQ.sh, InformixHQ.sh and InformixHQ.ksh) from $INFORMIXDIR/hq folder to start InformixHQ.\n**Note:** InformixHQ 1.6.3 also includes newer JDBC 4.50.JC7.1 (fix for IT38963, not related to log4j CVE) \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T18:00:03", "type": "ibm", "title": "Security Bulletin: IBM Informix Dynamic Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2022-02-03T18:00:03", "id": "7473C0056DBBEF7C541ECDFB31E947DC1520282F5E0172B7C965A9DECA661856", "href": "https://www.ibm.com/support/pages/node/6553622", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:18", "description": "## Summary\n\nApache Log4j open source library used by IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data are affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation and Db2 Graph feature. The fix for the vulnerability is to update the log4j library. Updating log4j to a version 2.15.0 or higher also addresses CVE-2021-4104.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFix pack levels of IBM Db2 On Openshift V11.5 on all platforms and IBM Db2 and Db2 Warehouse on Cloud Pak for Data 3.5 and 4.0 fix pack levels on all platforms are affected only if the following features are configured. By default these settings are not configured:\n\n * Db2 Graph\n\nFederation: \n\n * DVM JDBC wrapper driver,\n * NoSQL wrapper driver (for Hadoop),\n * Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected program: V11.5, Cloud Pak for Data 3.5, Cloud Pak for Data 4.0, can download the latest IBM Db2 On Openshift or the IBM Db2 and Db2 Warehouse on Cloud Pak for Data fixpack release containing the fix for this issue. These builds are available based on the most recent fixpack level of the V11.5.6 release and the Cloud Pak for Data 4.0.3 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\nPlease note: If the affected release is any fix pack level of Cloud Pak for Data 3.5, you must upgrade to Cloud Pak for Data 4.0, then apply the latest fixpack release \n \n\n\nRelease| Fixed in Fix Pack \n---|--- \nIBM\u00ae Db2\u00ae On Openshift| v11.5.7.0 \nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data| v4.0.4 \n \nFor more information on how to update to a fix pack, refer to the following documentation:\n\nIBM\u00ae Db2\u00ae On Openshift: <https://www.ibm.com/docs/en/db2/11.5?topic=1156-upgrading-updating>\n\nIBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=upgrading>\n\n## Workarounds and Mitigations\n\nFor the Db2 Federation feature, perform the following:\n\nEdit the Openshift db2uclusters resource of the affected Db2 instance(s).\n\nTo get the db2uclusters resources, perform the following command: oc get db2uclusters\n\ne.g: oc edit db2uclusters db2oltp-1639595262124131\n\nAdd the following line to the file in the registry section: DB2_JVM_STARTARGS: \"-Dlog4j2.formatMsgNoLookups=true\"\n\nSave and Exit\n\nExec into the Db2 Engine pod and run the following command in a bash shell as user db2inst1:\n\ne.g to exec into Db2 engine pod: oc exec -it c-db2oltp-1234567890-db2u-0 bash\n\nPerform the following commands:\n \n \n cat <<'EOF' > /db2u/tmp/apply-db2-settings.sh\n #!/bin/bash\n \n [[ -z \"${BLUMETAHOME}\" ]] && source /etc/profile\n [[ -z ${DB2U_TMP} ]] && DB2U_TMP=/db2u/tmp\n \n # Set OS env using the Configmap file\n [[ -f ${DB2U_TMP}/os_envar_configmap ]] || \\\n /db2u/scripts/update_env_from_configmap.sh --file ${DB2U_TMP}/os_envar_configmap\n . ${DB2U_TMP}/os_envar_configmap\n \n su_cmd=\"/bin/bash -lc\"\n ipclean_prefix=\"rah\"\n \n ### Functions ###\n # Returns a list of local database names\n get_db_list()\n {\n local db_list=($(db2 list db directory | grep -B4 -E \"[ \\t]+Directory.*type[ \\t]+=[ \\t]+Indirect$\" | awk -F'=' '/^[ \\t]+Database name[ \\t]+=.*/ {print $2}' | sed 's/[ \\t]\\+//g'))\n \n echo \"${db_list[@]}\"\n }\n \n activate_multiple_dbs()\n {\n local db_list=($(get_db_list))\n for db in \"${db_list[@]}\"; do\n db2 -v activate db ${db}\n done\n }\n \n \n # Update the cached copy of the Db2 CMs\n ${su_cmd} \"source /db2u/scripts/include/db2_functions.sh && install_update_configmap_db2cfg_files && update_db2_regvar_file && apply_cfg_setting_to_db2 -all\"\n \n \n # Disable Wolverine HA if not restricted\n [[ \"X${RESTRICTED}\" != \"Xtrue\" ]] && wvcli system disable -m \"Applying db2cfg settings from all configmaps\"\n \n # Recycle Db2 to apply Db2 registry settings\n ${su_cmd} \"db2stop force && ${ipclean_prefix} 'ipclean -a'\"\n ${su_cmd} \"db2start\"\n \n # Re-enable Wolverine HA if not restricted\n [[ \"X${RESTRICTED}\" != \"Xtrue\" ]] && wvcli system enable -m \"Enable HA after applying db2 cfg settings from all configmaps\"\n \n # Activate the database\n activate_multiple_dbs\n EOF \n \n \n \n chmod +x /db2u/tmp/apply-db2-settings.sh \n \n \n \n /db2u/tmp/apply-db2-settings.sh\n\nFor the Db2 Graph feature, perform the following:\n\nExec into the Db2 Graph pod.\n\ne.g oc exec -it c-db2oltp-1603819662989-graph-5d4b8b694c-nd4jw bash\n\nNavigate to the /db2graph/gremlin directory\n\nEdit the gremlin-server.conf file\n\nIn the line with JAVA_OPTIONS=\"-Xms512m -Xmx4096m -XX:+HeapDumpOnOutOfMemoryError -DgremlinServerSandbox=conf/sandbox.yaml\" Add: -Dlog4j2.formatMsgNoLookups=true with a leading space just before the final double quote:\n\ni.e. JAVA_OPTIONS=\"-Xms512m -Xmx4096m -XX:+HeapDumpOnOutOfMemoryError -DgremlinServerSandbox=conf/sandbox.yaml -Dlog4j2.formatMsgNoLookups=true\"\n\nRun manage restart\n\nVerify that the argument you provided in the gremlin-server.conf was picked up by running ps -ef | grep java and inspecting the arguments\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-21T15:35:56", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae On Openshift and IBM\u00ae Db2\u00ae and Db2 Warehouse\u00ae on Cloud Pak for Data (CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2021-12-21T15:35:56", "id": "E8302DECE1CECF16A05E7F8FBA08D33074F30279F18CDDBABA912B9C9DF9F32D", "href": "https://www.ibm.com/support/pages/node/6527226", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:08", "description": "## Summary\n\nThis Security Alert addresses CVE-2021-44228, a vulnerability in Apache Log4j. Versions Affected: All Apache Log4j2 <=2.14.1 on IBM Informix Dynamic Server in Cloud Pak for Data. Fix includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Informix Dynamic Server on Cloud Pak for Data| v4.0 \n \n\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nIBM strongly recommends addressing the vulnerability now by executing these manual steps. \n\n\n 1. Upgrade your Informix 4.0.0 deployments to 4.0.1\n 2. Install the Informix operator version 4.0.1 (included in the CASE ibm-informix-operator-bundle-4.0.3.tgz)\n 3. Navigate to the official documentation for the Informix CP4D service (<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=services-informix>) and follow the steps in the \u201cUpgrading Informix\u201d to update any deployed Informix custom resource from 4.0.0 to 4.0.1\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-03T18:12:46", "type": "ibm", "title": "Security Bulletin: Log4j Vulnerability ( CVE-2021-44228 ) in IBM Informix Dynamic Server in Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2022-02-03T18:12:46", "id": "C717E3C358B1EA0AC9E1701DBA722015744796BC3CBA66E7AD79D30CEB45BD60", "href": "https://www.ibm.com/support/pages/node/6553626", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:55:52", "description": "## Summary\n\nA vulnerability was identified within the Apache Log4j library that is used by IBM Cloud Pak for Network Automation to provide logging functionality. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Network Automation| TNC-O 1.1 \nIBM Cloud Pak for Network Automation| TNC-O 1.2 \nIBM Cloud Pak for Network Automation| TNC-O 1.3.0 \nCP4NA| 2.x \n \n\n\n## Remediation/Fixes\n\nProduct| V.R.M| Remediation \n---|---|--- \nIBM Cloud Pak for Network Automation| TNC-O 1.1| Upgrade to IBM Cloud Pak for Network Automation v 2.2.1 using the following instructions \n\n[https://www.ibm.com/docs/en/cloud-paks/cp-network-auto/2.2.x](<https://www.ibm.com/docs/en/cloud-paks/cp-network-auto/2.2>) \n \nIBM Cloud Pak for Network Automation| TNC-O 1.2| \n\nUpgrade to IBM Cloud Pak for Network Automation v 2.2.1 using the following instructions\n\n[https://www.ibm.com/docs/en/cloud-paks/cp-network-auto/2.2.x](<https://www.ibm.com/docs/en/cloud-paks/cp-network-auto/2.2>) \n \nIBM Cloud Pak for Network Automation| TNC-O 1.3.0| \n\nUpgrade to IBM Cloud Pak for Network Automation v 2.2.1 using the following instructions\n\n[https://www.ibm.com/docs/en/cloud-paks/cp-network-auto/2.2.x](<https://www.ibm.com/docs/en/cloud-paks/cp-network-auto/2.2>) \n \nCP4NA| 2.x| \n\nUpgrade to IBM Cloud Pak for Network Automation v 2.2.1 using the following instructions\n\n[https://www.ibm.com/docs/en/cloud-paks/cp-network-auto/2.2.x](<https://www.ibm.com/docs/en/cloud-paks/cp-network-auto/2.2>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-15T14:59:28", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Pak for Network Automation (CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2022-03-15T14:59:28", "id": "0FEF4738C59C97322DBD25A9806D1EE3E131F117AF9CA9C33F3A6098A981AE66", "href": "https://www.ibm.com/support/pages/node/6563537", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T01:45:48", "description": "## Summary\n\nA security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Automation Manager| 4.2.0.1 \n \n\n\n## Remediation/Fixes\n\nDownload IBM Cloud Automation Manager 4.2.0.1 iFix 6 from [https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0>)\n\nFollow the instructions in Readme link in [https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0>) to install the iFix 6 to your IBM Cloud Automation Manager 4.2.0.1.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-16T16:05:10", "type": "ibm", "title": "Security Bulletin: A security vulnerability in log4j v1.2 affects IBM Cloud Automation Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-16T16:05:10", "id": "9D535841DFB625485F828C1AD532A5F722DFDE1766DF97C23C9B7A1E20BF46B4", "href": "https://www.ibm.com/support/pages/node/6564027", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:40:06", "description": "## Summary\n\nIBM B2B Advanced Communications has addressed vulnerabilities in Apache Log4j shipped with product.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM B2B Advanced Communications| 1.0.0.x \nIBM Multi-Enterprise Integration Gateway| 1.0.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product \n** | \n\n**Version**\n\n| \n\n**Remediation** \n \n---|---|--- \n \nIBM B2B Advanced Communications\n\n| \n\n1.0.0.x\n\n| Apply fix pack [1.0.0.8](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.7&platform=All&function=fixId&fixids=IBM_B2B_Advanced_Communications_V1.0.0.8_FixPack_Media&includeSupersedes=0> \"1.0.0.8\" ) \nIBM Multi-Enterprise Integration Gateway| \n\n1.0.0.1\n\n| Apply fix pack [1.0.0.8 ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.7&platform=All&function=fixId&fixids=IBM_B2B_Advanced_Communications_V1.0.0.8_FixPack_Media&includeSupersedes=0> \"1.0.0.8\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-15T15:28:38", "type": "ibm", "title": "Security Bulletin: IBM B2B Advanced Communications is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2023-02-15T15:28:38", "id": "24788EE0E98DD110216E44ED965A5D9F543670037D32B049BA08AB2FCE99954B", "href": "https://www.ibm.com/support/pages/node/6955863", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:50:33", "description": "## Summary\n\nIBM Sterling Secure Proxy is vulnerable to arbitrary code execution due to Apache Log4j, which is used for logging (CVE-2021-4104). The fix includes Apache Log4j 2.17.2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Secure Proxy| 3.4.3.2 \nIBM Sterling Secure Proxy| 6.0.3 \n \n\n\n## Remediation/Fixes\n\n**Product**| **VRMF**| **iFix**| **Remediation** \n---|---|---|--- \nIBM Sterling Secure Proxy| 6.0.3| iFix 04| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \nIBM Sterling Secure Proxy| 3.4.3.2| iFix 16| [Fix Central - 3432](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.2&platform=All&function=all> \"Fix Central - 3432\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-29T17:27:52", "type": "ibm", "title": "Security Bulletin: IBM Secure Proxy is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-07-29T17:27:52", "id": "8387CADEEB9AD0E38758303B1E6B37B37C256D2B869802656DF93547861A6E7D", "href": "https://www.ibm.com/support/pages/node/6608552", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:51:13", "description": "## Summary\n\nApache Log4j is used by IBM Cloud Pak for Multicloud Management Monitoring as part of its logging infrastructure. Apache Log4j v1.2 has been removed and replaced by Log4j v2.17.1. Components that use Apache Log4j v1.2 are not exposed outside the cluster and are not configured to use the vulnerable Log4j v1 classes. Furthermore, it will take extraordinary measures by a malicious insider to attempt to reconfigure the components to be vulnerable. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| 2.0 - 2.3 Fix Pack 4 \n \n\n\n## Remediation/Fixes\n\nTo address the vulnerability, IBM strongly recommends you to upgrade IBM Cloud Pak for Multicloud Management to 2.3 Fix Pack 5. For upgrading instructions, see <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade.>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-13T12:07:09", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is potentially vulnerable to execution of arbitrary code due to its use of Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-07-13T12:07:09", "id": "79F27EA8D0C27492E095D11A78FA60F4F4AF9FD3E6253C90F069133418B26369", "href": "https://www.ibm.com/support/pages/node/6603367", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:06", "description": "## Summary\n\nApache Log4j open source library used by \"Internet Service Monitoring Agent\" (ISM Agent) is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. ISM Agent has addressed the applicable CVE. As a part of solution log4j has been upgraded to version 2.17.0.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Application Performance Monitoring Base Extension| All \n \n\n\n## Remediation/Fixes\n\nProduct| Agent Version| Remediation / First Fix \n---|---|--- \nIBM Cloud Application Performance Monitoring Base Extension| 08.22.01.00| [Readme](<https://www.ibm.com/support/pages/node/6537764> \"Readme\" )\n\n[Fix Central - 8.1.4.0-IBM-APM-ISM-AGENT-IF0001 ](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-ISM-AGENT-IF0001&source=SAR> \"Fix Central - 8.1.4.0-IBM-APM-ISM-AGENT-IF0001\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-14T12:39:15", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects some features of Internet Service Monitoring Agent for IBM Application Performance Management(CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-14T12:39:15", "id": "557FEAA9FD49A623B36AA794CBD78D1D6EA826F1C2AEA89A3A506E39C9747F0D", "href": "https://www.ibm.com/support/pages/node/6540924", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:01", "description": "## Summary\n\nA vulnerability was identified within the Apache Log4j library that is used by IBM Tivoli Netcool Impact to provide logging functionality. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n\n\n## Remediation/Fixes\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| _7.1.0.1 ~ 7.1.0.17 \n_| _IJ21951_| **For V7.1.0.1 through 7.1.0.17:** \nApply Fix Pack [7.1.0.18](<https://www.ibm.com/support/pages/ibm-tivoli-netcoolimpact-v710-fix-pack-18-710-tiv-nci-fp0018> \"7.1.0.18\" ) or later. \n \nAfter applying the Fix Pack, IBM strongly recommends also applying Interim Fix [7.1.0-TIV-NCI-IF0009.](<https://www.ibm.com/support/pages/node/6526090> \"7.1.0-TIV-NCI-IF0009\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-22T15:17:36", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-22T15:17:36", "id": "764D43B19DB882B179B2481514054E45C07FF586B99F1C4000C1226C3914117B", "href": "https://www.ibm.com/support/pages/node/6536708", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:45:24", "description": "## Summary\n\nThe fix removes Apache log4j v1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM| 6.0.2 \n \n\n\n## Remediation/Fixes\n\n** IBM strongly recommends addressing the vulnerability now.**\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Security Identity Manager| 6.0.2| [6.0.2-ISS-SIM-FP0005](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/Tivoli+Identity+Manager&release=6.0.2.4&platform=All&function=fixId&fixids=6.0.2-ISS-SIM-FP0005&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true> \"6.0.2-ISS-SIM-FP0005\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-21T16:34:43", "type": "ibm", "title": "Security Bulletin: IBM Security Identity Manager is affected by log4j vulnerability. (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-10-21T16:34:43", "id": "8D902B719598684128A34639AA16F1EDF6856E69A3A9FD47AE77E5043BF92C99", "href": "https://www.ibm.com/support/pages/node/6831267", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:58", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library which is used by IBM Analytical Decision Management for logging of messages and traces. This issue has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Analytical Decision Management| 18.0 \n \n\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nProduct | VRMF| Workarounds \n---|---|--- \nIBM Analytical Decision Management| 18.0.0.0| [18.0.0.0](<https://www.ibm.com/support/pages/node/6540548> \"18.0.0.0\" ) \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-11T02:43:59", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Analytical Decision Management (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-11T02:43:59", "id": "34C62F8C9BA8A3F48C2C371F5DC178D685A81D56716C94C7C68D95273F0299F6", "href": "https://www.ibm.com/support/pages/node/6562871", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:26", "description": "## Summary\n\nVulnerability in Apache Log4j (CVE-2021-4104) may affect IBM Security Access Manager for Enterprise Single Sign-On. Although no known vulnerability impact has been proven, it is strongly recommended to apply the fix that upgrades log4j from version 1.x to version 2.1.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Access Manager for Enterprise Single-Sign On| 8.2.0, 8.2.1, 8.2.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends customers update their systems promptly. \n\n(1) Security vulnerabilities related to log4j are addressed and fixed in IBM Security Access Manager for Enterprise Single-Sign On version 8.2.2 only. Customers running a version prior to version 8.2.2 should first upgrade to IBM Security Access Manager for Enterprise Single-Sign On version 8.2.2, and then apply Fix Pack 13.\n\n(2) Apply Fix Pack 13 on IBM Security Access Manager for Enterprise Single-Sign On version 8.2.2 as per the details available [here](<https://www.ibm.com/support/pages/node/6566059> \"here\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T03:04:02", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Enterprise Single Sign-On may be vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-31T03:04:02", "id": "1999DB7DA98AE073A34DD83F5547894F0F8C1DC9FB860A963E2002A469B5FC74", "href": "https://www.ibm.com/support/pages/node/6568203", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:50", "description": "## Summary\n\nApache Log4j is used by IBM Sterling Connect:Direct Web Services as part of its logging infrastructure. JMSAppender in Apache Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The fix includes Apache Log4j 2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Connect:Direct Web Services| 1.0 \nIBM Sterling Connect:Direct Web Services| 6.0 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading.\n\n**Product(s)**| **Version(s)**| **Remediation/Fix \n** \n---|---|--- \nIBM Sterling Connect:Direct Web Services| 1.0, 6.0| Apply 6.0.0.6, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T05:36:17", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to untrusted data deserialization due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-18T05:36:17", "id": "67888E8EA83126B823C64DF445FE590186D22B46F294306313C37B870873F831", "href": "https://www.ibm.com/support/pages/node/6557198", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:34", "description": "## Summary\n\nLog4j is used by IBM Watson Explorer to log system events for diagnostics. This bulletin provides a remediation for the vulnerability, CVE-2021-4104 by upgrading Watson Explorer and thus addressing the exposure to the log4j vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Explorer Deep Analytics Edition Foundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.7 \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.7 \n \nIBM Watson Explorer Deep Analytics Edition oneWEX| \n\n12.0.0.0, 12.0.0.1\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2,\n\n12.0.3.0 - 12.0.3.7 \n \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.11 \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.11 \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3 \nIBM Watson Explorer Content Analytics Studio| 11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2 \n \n\n\n## Remediation/Fixes\n\n**Affected Product**| **Affected Versions**| **How to acquire and apply the fix** \n---|---|--- \nIBM Watson Explorer DAE \nFoundational Components| \n\n12.0.0.0,\n\n12.0.1,\n\n12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7\n\n| Upgrade to Version 12.0.3.8. \n\nSee [Watson Explorer Version 12.0.3.8 Foundational Components](<https://www.ibm.com/support/pages/node/6525738>) for download information and instructions. \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7| \n\nUpgrade to Version 12.0.3.8. \n \nSee [Watson Explorer Version 12.0.3.8 Analytical Components](<https://www.ibm.com/support/pages/node/6525740>) for download information and instructions. \n \nIBM Watson Explorer Deep Analytics Edition oneWEX| 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.7| \n\nUpgrade to Version 12.0.3.8. \n \nSee [Watson Explorer Version 12.0.3.8 oneWEX](<https://www.ibm.com/support/pages/node/6525736>) for download information and instructions. \n \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.11| \n\nUpgrade to Version 11.0.2.12. \n\nSee [Watson Explorer Version 11.0.2.12 Foundational Components](<https://www.ibm.com/support/pages/node/6525750>) for download information and instructions. \n \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.11| \n\nUpgrade to Version 11.0.2.12. \n \nSee [Watson Explorer Version 11.0.2.12 Analytical Components](<https://www.ibm.com/support/pages/node/6525752>) for download information and instructions. \n \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3| \n\n 1. If you have not already installed, install Version 12.0.3. For information about Version 12.0.3, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/docview.wss?uid=ibm10880811>).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.0&platform=All&function=all>): **12.0.3.0-WS-WatsonExplorer-DAEAnalytical-CAStudio-IF001.**\n 3. To apply the fix, follow the steps below. \n\n 1. Delete `%CA_STUDIO_INSTALL_DIR%\\plugins\\com.hp.hpl.jena_2.11.0` folder\n 2. Extract the interim fix zip file to the `%CA_STUDIO_INSTALL_DIR%\\plugins` folder\n 3. Run command `%CA_STUDIO_INSTALL_DIR%\\studio.exe -clean` in Command Prompt \nIBM Watson Explorer Content Analytics Studio| 11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2| \n\n 1. If you have not already installed, install Version 11.0.2.2. \n\n * For information about Version 11.0.2, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/pages/node/724425>).\n * For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>).For information about Version 11.0.2.2, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044331>).\n 2. Download the interim fix from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.2&platform=All&function=all>): **11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-IF001**.\n 3. To apply the fix, follow the steps below. \n\n 1. Delete `%CA_STUDIO_INSTALL_DIR%\\plugins\\com.hp.hpl.jena_2.11.0` folder\n 2. Extract the interim fix zip file to the `%CA_STUDIO_INSTALL_DIR%\\plugins` folder\n 3. Run command `%CA_STUDIO_INSTALL_DIR%\\studio.exe -clean` in Command Prompt \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T16:35:05", "type": "ibm", "title": "Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-17T16:35:05", "id": "B1A68CACAA6679250CA76269F03D20A3A14E734FC434CC8F824869D436C7691E", "href": "https://www.ibm.com/support/pages/node/6527728", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:02", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library which is used by SPSS Collaboration and Deployment Services for logging of messages and traces. This issue has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSPSS Collaboration and Deployment Services| 8.2.2 \nSPSS Collaboration and Deployment Services| 8.2.1 \nSPSS Collaboration and Deployment Services| 8.2 \nSPSS Collaboration and Deployment Services| 8.1.1 \nSPSS Collaboration and Deployment Services| 8.1 \nSPSS Collaboration and Deployment Services| 8.0 \nSPSS Collaboration and Deployment Services| 7.0.0.1 \n \n\n\n## Remediation/Fixes\n\nThe fix includes Apache Log4j 2.17.1. \n\nProduct\n\n| VRMF| Remediation/First Fix \n---|---|--- \nSPSS Collaboration and Deployment Services| 8.2.2.0| [8.2.2.0](<https://www.ibm.com/support/pages/node/6538374> \"8.2.2.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.1.0| [8.2.1.0](<https://www.ibm.com/support/pages/node/6549774> \"8.2.1.0\" ) \nSPSS Collaboration and Deployment Services| 8.2.0.0| [8.2.0.0](<https://www.ibm.com/support/pages/node/6551324> \"8.2.0.0\" ) \nSPSS Collaboration and Deployment Services| 8.1.1.0| [8.1.1.0](<https://www.ibm.com/support/pages/node/6558090> \"8.1.1.0\" ) \nSPSS Collaboration and Deployment Services| 8.1.0.0| [8.1.0.0](<https://www.ibm.com/support/pages/node/6559616> \"8.1.0.0\" ) \n \n## Workarounds and Mitigations\n\nProduct | VRMF| Workarounds \n---|---|--- \nSPSS Collaboration and Deployment Services| 8.1.1.0| [8.1.1.0 deployed on WebLogic](<https://www.ibm.com/support/pages/node/6556402> \"8.1.1.0 deployed on WebLogic\" ) \nSPSS Collaboration and Deployment Services| 8.1.0.0| [8.1.0.0 deployed on Weblogic](<https://www.ibm.com/support/pages/node/6556402> \"8.1.0.0 deployed on Weblogic\" ) \nSPSS Collaboration and Deployment Services| 8.0.0.0| [8.0.0.0](<https://www.ibm.com/support/pages/node/6540548> \"8.0.0.0\" ) \nSPSS Collaboration and Deployment Services| 7.0.0.1| [7.0.0.1](<https://www.ibm.com/support/pages/node/6540548> \"7.0.0.1\" ) \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-11T02:29:04", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects SPSS Collaboration and Deployment Services (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-11T02:29:04", "id": "BCA4DDDC22FE85DAB9D2E5ADDAEAD6563E17D19717B4C182BB170A0C9FFE053A", "href": "https://www.ibm.com/support/pages/node/6562867", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:36", "description": "## Summary\n\nA vulnerability in Apache Log4j v1 could result in remote code execution. IBM Spectrum Archive Enterprise Edition includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j v1 files. The below fix package includes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nEnterprise Edition| 1.3.0.0 - 1.3.0.7 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing this vulnerability now by upgrading.**\n\n**Note: The fix includes Log4j v2.17.1**\n\nAffected Versions| Fixing Level| Platform \n---|---|--- \n1.3.0.0 - 1.3.0.7| 1.3.2.4 - [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tape%20drivers%20and%20software&product=ibm/Storage_Tape/LTFS+Enterprise+Edition+%28EE%29&release=All&platform=All&function=all> \"\" )| Linux \n \nBased on current analysis and information, IBM Spectrum Archive Library Edition (LE) and Single Drive Edition (SDE) are not affected. \n\n## Workarounds and Mitigations\n\n**For Log4j in Elasticsearch and Logstash, which were previously redistributed by IBM Spectrum Archive Enterprise Edition, between version 1.3.0.0 to 1.3.2.1, IBM strongly recommends addressing the vulnerability now by executing the Workarounds and Mitigations in <https://www.ibm.com/support/pages/node/6527808>**\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-26T04:59:26", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Archive Enterprise Edition (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-26T04:59:26", "id": "799E22A0B313A80AA913F26586384A61E5E0908C4DC4366D683B19D6B359930D", "href": "https://www.ibm.com/support/pages/node/6551074", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:38", "description": "## Summary\n\nApache Log4j open source library is used by IBM Data Studio Client. This bulletin describes the upgrades necessary to address the vulnerability. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Data Studio client| All \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRM**\n\n| \n\n**Remediation** \n \n---|---|--- \n \nIBM Data Studio Client\n\n| \n\n4.1.x\n\n| \n\nUpgrade to: IBM Data Studio Client [4.1.4 APAR1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FIBM+Data+Studio&fixids=DS414_APAR1Patch&source=SAR> \"4.1.4 APAR1\" ) \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-24T14:35:12", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Data Studio Client (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-24T14:35:12", "id": "AEF7A95EE3DB6896F5C04951844A71B4C94EDDD29868D0C8038CC869982B4892", "href": "https://www.ibm.com/support/pages/node/6550448", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:50:09", "description": "## Summary\n\nApache Log4j is used by IBM Content Manager Enterprise Edition, as part of is logging infrastructure. This fix includes Apache Log4j V2.17.1.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nContent Manager Enterprise Edition | 8.6 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\nGo to Passport Advantage. Download Content Manager Enterprise Edition 8.7:\n\n<https://www.ibm.com/software/howtobuy/passportadvantage/paocustomer>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-16T19:43:35", "type": "ibm", "title": "Security Bulletin: IBM Content Manager Enterprise Edition is is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-16T19:43:35", "id": "B4E820AD02AFA9A6FFF21A8A1E58FC3B4CCBE776135D3A61B5EEFABE2D5E6B0F", "href": "https://www.ibm.com/support/pages/node/6602251", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:43:40", "description": "## Summary\n\nApache log4j version 1 is vulnerable to CVE-2021-4104 (Publicly disclosed vulnerability) used by IBM Tivoli Application Dependency Discovery Manager\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.0 - 7.3.0.9 \n \n\n\n## Remediation/Fixes\n\nTADDM FixPack 7.3.0.10 has been released with Apache log4j v2.17.2. Please upgrade to 7.3.0.10 to resolve all known log4j vulnerabilities at the date of release.\n\nPlease refer to the table below to download TADDM FixPack 7.3.0.10.\n\n**Fix**| **How to acquire fix** \n---|--- \n7.3-TIV-ITADDM-FP00010| [Download FixPack](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Application+Dependency+Discovery+Manager&fixids=7.3-TIV-ITADDM-FP00010&source=SAR> \"Download FixPack\" ) \n \nPlease refer to the URL for TADDM FixPack 7.3.0.10 Release Notes containing more information about the update.\n\n<https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp10>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-06T11:22:32", "type": "ibm", "title": "Security Bulletin: TADDM log4j vulnerable to CVE-2021-4104 (Publicly disclosed vulnerability)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-12-06T11:22:32", "id": "C95EF271B0237B71243BDA3549504EB22E0DD9DED53FF9746E19657C0AFA1DB6", "href": "https://www.ibm.com/support/pages/node/6845492", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:03", "description": "## Summary\n\nIBM Security Directory Integrator (SDI) has upgraded to log4j 2.17.1. Although SDI was technically not vulnerable to the issue described below because it did not use JMSAppender, as a matter of good software hygiene the product has upgraded to the current version of log4j. SDI uses log4j as part of its logging infrastructure.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Directory Integrator | 7.2.0 \n \n\n\n## Remediation/Fixes\n\nIBM Security Directory Integrator 7.2 Fix Pack 8 upgrades to log4j 2.17.1. This fix pack can be downloaded from the link below. IBM strongly recommends upgrading. \n\n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FSecurity+Directory+Integrator&fixids=7.2.0-ISS-SDI-FP0008&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FSecurity+Directory+Integrator&fixids=7.2.0-ISS-SDI-FP0008&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-07T06:12:43", "type": "ibm", "title": "Security Bulletin: IBM Security Directory Integrator has upgraded log4j", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-07T06:12:43", "id": "7D4A2B8204853C2F9D7609FF18BDA1CA6FACC39361487DB8DDF6D40FB6E92420", "href": "https://www.ibm.com/support/pages/node/6561601", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:37:32", "description": "## Summary\n\nMultiple sub-components of IBM i ship log4j version v1.x files making them vulnerable to the issue described in the vulnerability details section. IBM Navigator for i - heritage version uses log4j v1.x and cannot be updated to log4j v2.x. Integrated Web Server (IWS) V2.6 contains unused references to log4j v1.x packages. IBM i 7.2 - Integrated Application Server (IAS) V7.1 & V8.1 and Integrated Web Server (IWS) V1.3 & V1.5 use log4j v1.x and cannot be updated to log4j v2.x. IBM i Access Client Solutions (ACS) version 1.1.8.6 and earlier included an unused log4j v1.x jar file. IBM i has addressed the applicable CVE as described in the Remediation/Fixes section. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Navigator for i (heritage version only)| IBM i 7.4, 7.3, and 7.2 (heritage version) \nIntegrated Web Server (IWS)| \n\nIBM i 7.4, 7.3, and 7.2 - V2.6\n\nIBM i 7.2 - V1.3 and V1.5 \n \nIntegrated Application Server (IAS)| IBM i 7.2 - V7.1 and V8.1 \nIBM i Access Client Solutions| 1.1.8.6 and earlier \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the fixes.\n\n**IBM i Access Client Solutions version 1.1.8.6 and earlier **included an unused log4j v1.x jar file. The issue can be fixed by upgrading to ACS version 1.1.8.7 or later. Details for how to get the latest version of IBM i Access Client Solutions are available at** <https://www.ibm.com/support/pages/ibm-i-access-client-solutions> **\n\n**Integrated Web Server (IWS) V2.6** included unused references to log4j v1.x packages. The issue can be fixed by applying PTFs to IBM i. Releases 7.4 and 7.3 of IBM i will be fixed.\n\n**IBM i 7.2 only - Integrated Application Server (IAS) V7.1 & V8.1 and Integrated Web Services Server (IWS) V1.3 & V1.5** use log4j v1.x and cannot be updated. Customers can fix the log4j issues by migrating to the liberty-based support already available for ten years (V2.6). These server runtimes have been removed from the 7.2 release. With this fix, the server runtimes are removed and these servers will no longer run. If still using this level of IWS, migrate the web service to the V2.6 level before applying these PTFs. Details for migrating can be found at: <https://www.ibm.com/support/pages/how-migrate-your-ibm-integrated-web-services-iws-server-v13v15-v26>. The issue can be fixed by applying PTFs to IBM i. Release 7.2 of IBM i will be fixed.\n\nThe IBM i PTF numbers containing the fixes follow. Future Group PTFs for HTTP Server will also contain the fixes for this CVE. \n\nIBM i Release| 5770-DG1 \nIBM HTTP Server for i Group PTF - Level| PTF Download Link \n---|---|--- \n7.4| SF99662 - 19| [SF99662 740 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99662>) \n7.3| SF99722 - 38| [SF99722 730 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99722>) \n7.2| SF99713 - 49| [SF99713 720 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99713>) \n \n**<https://www.ibm.com/support/fixcentral>**\n\n**IBM Navigator for i - heritage version **uses log4j v1.x and cannot be updated to log4j v2.x or be removed from use. The issue can be resolved by permanently removing the heritage version of IBM Navigator for i from the partition. \n\n\nThe IBM i PTF numbers for removing the heritage version follow. Future Group PTFs for HTTP Server will NOT contain the fixes that remove the jar files for this CVE.\n\nIBM i Release| 5770-DG1 HTTP Server for i PTFs| PTF Download Links \n---|---|--- \n7.4| \n\nSI82995, SI82996\n\n| <https://www.ibm.com/support/pages/ptf/SI82995> <https://www.ibm.com/support/pages/ptf/SI82996> \n7.3| SI82997, SI82998| <https://www.ibm.com/support/pages/ptf/SI82997> <https://www.ibm.com/support/pages/ptf/SI82998> \n7.2| SI83098, SI83099| <https://www.ibm.com/support/pages/ptf/SI83098> <https://www.ibm.com/support/pages/ptf/SI83099> \n \n**<https://www.ibm.com/support/fixcentral>**\n\n## Workarounds and Mitigations\n\n**IBM Navigator for i - heritage version** uses log4j v1.x and cannot be updated to log4j v2.x or be removed from use. \n\nThe issue can be mitigated by discontinuing the use of the heritage version of IBM Navigator for i. The mitigation will remove the heritage version from the configuration of Admin2 and Admin2 will now start by default. Prior mitigation disabled the ADMIN2 server (where the heritage Navigator runs) from starting and running without user interaction. Additionally, the userdata runtime cache files (where the reference to log4j can be found) were deleted by this fix. The issue can be mitigated by applying PTFs to IBM i. Releases 7.4, 7.3, and 7.2 of IBM i will be mitigated. \n\nIt is strongly recommended that heritage Navigator be permanently removed by following the instructions in the remediation/fixes section, however if there are key features required, heritage Navigator can be enabled and started temporarily at your own risk. To do so, refer to these instructions: <https://www.ibm.com/support/pages/heritage-navigator-enable-and-disable-instructions>\n\nNote: If heritage Navigator is started, the userdata cache files are re-created and will have to be manually removed. Details are in the above link. \n\nThe IBM i PTF numbers containing the mitigation follow. Future Group PTFs for HTTP Server will also contain the mitigation for this CVE. \n\nIBM i Release| 5770-DG1 \nIBM HTTP Server for i Group PTF - Level| PTF Download Link \n---|---|--- \n7.4| SF99662 - 26| [SF99662 740 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99662>) \n7.3| SF99722 - 43| [SF99722 730 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99722>) \n7.2| SF99713 - 52| [SF99713 720 IBM HTTP Server for i](<https://www.ibm.com/support/pages/uid/nas4SF99713>) \n \n**<https://www.ibm.com/support/fixcentral>**\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-04-07T18:39:58", "type": "ibm", "title": "Security Bulletin: IBM i components are affected by CVE-2021-4104 (log4j version 1.x)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2023-04-07T18:39:58", "id": "C3CC9C6067F468B5E8ED9105BE61107CCE29495A0D130C16712741E71E88E9E5", "href": "https://www.ibm.com/support/pages/node/6539162", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:50", "description": "## Summary\n\nA vulnerability was identified within the Apache Log4j library that is used by IBM Storage Support for Microsoft Volume Shadow Copy Service (VSS) and Virtual Disk Service (VDS) for IBM Spectrum Virtualize family and IBM DS8000 family storage systems. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/215048> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service | lower than 4.18.0 \n \n## Remediation/Fixes\n\nUpgrade to IBM Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service 4.18.0.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-24T15:01:59", "type": "ibm", "title": "Security Bulletin: IBM Storage Support for Microsoft Volume Shadow Copy Service (VSS) and Virtual Disk Service (VDS) is affected by a vulnerability in Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-24T15:01:59", "id": "83AD6F5CAFB9C45D9169EC79DAD316AF1A872ADE2380EB094BA1BF97BED4BFDE", "href": "https://www.ibm.com/support/pages/node/6536886", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:49:28", "description": "## Summary\n\nApache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM Engineering Lifecycle Engineering products version 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 are vulnerable to this attack, it has been addressed in this bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nVersions\n\n| \n\nAffected Products \n \n---|--- \n \n6.0.6,\n\n6.0.6.1,\n\n7.0,\n\n7.0.1,\n\n7.0.2\n\n| \n\nIBM Jazz Reporting Service \n \nIBM Global Configuration Management \n \nIBM Engineering Workflow Management (EWM) \n \nJazz Foundation \n \nIBM Engineering Lifecycle Optimization - Engineering Insights \n \nIBM Engineering Lifecycle Optimization - Method Composer \n \nBM Engineering Lifecycle Optimization - Publishing \n \nIBM Engineering Requirements Management DOORS Next \n \nIBM Engineering Test Management \n \nIBM Engineering Requirements Management \n \nIBM Engineering Lifecycle Optimization - Integration Adapters Tasktop Edition \n \n** **\n\n \n\n\n## Remediation/Fixes\n\nFor The IBM\u00ae Engineering Lifecycle Engineering products versions 7.0.2, IBM strongly recommends addressing the vulnerability by applying a currently available ELM 7.0.2 SR1 iFix 15\n\nFor The IBM\u00ae Engineering Lifecycle Engineering products versions 7.0.1, IBM strongly recommends addressing the vulnerability by applying a currently available ELM 7.0.1 SR1 iFix 18\n\n### The IBM\u00ae Engineering Lifecycle Engineering products of versions 6.0, 6.0.1 and 7.0 are end of support. Hence users on those versions should follow the instructions given in the following document:\n\n### [Remediation for log4j version 1 vulnerabilities in IBM Engineering Lifecycle Management](<https://www.ibm.com/support/pages/node/6607980> \"Remediation for log4j version 1 vulnerabilities in IBM Engineering Lifecycle Management\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-30T11:41:41", "type": "ibm", "title": "Security Bulletin: The IBM\u00ae Engineering Lifecycle Engineering products on IBM Jazz Technology contains additional security fixes for Log4j vulnerabilities CVE-2021-4104", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-30T11:41:41", "id": "8D1076175653373CF0972E3AB3E49C700B9C36E8D89205B4EAF9845AB1E9DC6F", "href": "https://www.ibm.com/support/pages/node/6616245", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:22", "description": "## Summary\n\nA vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Control due to its use of Log4j for logging, tracing, alerting, and the local help documentation.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Control| 5.4.0 - 5.4.5 \n \n## Remediation/Fixes\n\n**Release**| **First Fixing** \n**VRM Level**| ** Link to Fix** \n---|---|--- \n5.4.5| 5.4.5.1| **<https://www.ibm.com/support/pages/latest-downloads-ibm-spectrum-control>** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-07T19:48:02", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Control (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-07T19:48:02", "id": "D0C2BBF5E828BE52CE92F28682B6950B3B526488699E5EB08A2EE2EB5B1D4C35", "href": "https://www.ibm.com/support/pages/node/6537016", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:23", "description": "## Summary\n\nVulnerabilities in Apache Log4j affect the logging infrastructure in the ATNAAudit node and the XDSConsumer pattern in IBM App Connect for Healthcare. IBM App Connect for Healthcare have addressed these vulnerabilities, the fix includes Apache Log4j 2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM App Connect for Healthcare 5.0.0.0 \nIBM App Connect for Healthcare 5.0.0.1 \nIBM App Connect for Healthcare 6.0.1.0\n\n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the patches listed in this table. \n\nProduct| VRMF| APAR| Remediation/Fixes \n---|---|---|--- \nIBM App Connect for Healthcare| 5.0.0.1| IT39653| \n\nInterim fix for APAR (IT39653 ) is available from\n\n[5.0.0.1 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=5.0.0.1&platform=All&function=aparId&apars=IT39653> \"5.0.0.1 IBM Fix Central\" ) \n \nIBM App Connect for Healthcare| 6.0.1.0| IT39653| \n\nInterim fix for APAR (IT39653 ) is available from\n\n[6.0.1.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Healthcare&release=6.0.1.0&platform=All&function=aparId&apars=IT39653> \"6.0.1.0 IBM Fix Central\" ) \n \n## Workarounds and Mitigations\n\nAs detailed above in the **Remediation / Fixes Section.**\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-31T09:38:06", "type": "ibm", "title": "Security Bulletin: IBM App Connect for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-31T09:38:06", "id": "E5029DD7DA3FDCEAB13FDB9D0B634A06F7F47565C556ABBCC97B9CB137EEA1A2", "href": "https://www.ibm.com/support/pages/node/6552272", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:55", "description": "## Summary\n\nApache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. CSM version 6.3.2 ships the latest library available 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Copy Services Manager| All \n \n\n\n## Remediation/Fixes\n\nVersion 6.3.2 includes the Log4j 2.17.1 library\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T19:30:01", "type": "ibm", "title": "Security Bulletin: Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-14T19:30:01", "id": "A37E5717689B00C6C5250CBA163458C6583896012F223709BE3E09BF9944B0DE", "href": "https://www.ibm.com/support/pages/node/6563291", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:39", "description": "## Summary\n\nIBM Transformation Extender Advanced, previously known as IBM Standards Processing Engine, uses Apache Log4j as part of its logging infrastructure. An arbitrary remote code execution vulnerability has been addressed. The fix incudes Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Transformation Extender Advanced| 9.0 \nIBM Transformation Extender Advanced| 10.0 \n \n\n\n## Remediation/Fixes\n\n**Product**| **Version**| **Remediation/Fix** \n---|---|--- \nIBM Transformation Extender Advanced| 9.0| [9.0.2.6](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Standards+Processing+Engine&release=9.0.2.6&platform=All&function=all> \"9.0.2.6\" ) \nIBM Transformation Extender Advanced| 10.0| [10.0.1.7](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Standards+Processing+Engine&release=10.0.1.7&platform=All&function=all> \"10.0.1.7\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-22T06:59:18", "type": "ibm", "title": "Security Bulletin: IBM Transformation Extender Advanced is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-22T06:59:18", "id": "D86D8C366E2D62A174FC13CC280E324FC50FDC33BE3CAC167AB7E803409C8C2E", "href": "https://www.ibm.com/support/pages/node/6565309", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:44", "description": "## Summary\n\nIBM C\u00faram Social Program Management uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCuram SPM| 7.0.11 \n \n## Remediation/Fixes\n\n_Product_| _VRMF_| _Remediation_ \n---|---|--- \nC\u00faram SPM| \n\n7.0.11\n\n| \n\nVisit IBM Fix Central and upgrade to [7.0.11_iFix7](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Smarter%20Cities&product=ibm/Other+software/Curam+Social+Program+Management&release=7.0.11.0_RP&platform=All&function=all> \"7.0.11_iFix7\" ) \n \n## Workarounds and Mitigations\n\nFor information about all other versions, contact IBM C\u00faram Social Program Management customer support.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T17:00:38", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect C\u00faram Social Program Management (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-22T17:00:38", "id": "5D7B9C32ADDEC5820C2B88A1E661434F8E24A1888CE3125477B6824FF3D8DA5B", "href": "https://www.ibm.com/support/pages/node/6554174", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:59", "description": "## Summary\n\nApache Log4j is used by IBM Cloud Pak for Data System 1.0. This bulletin provides a remediation for the Apache Log4j vulnerability (CVE-2021-4104).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCPDS| 1.0.0.0- 1.0.7.7 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying below security patch.**\n\nProduct| VRMF| Remediation / First Fix \n---|---|--- \nIBM Cloud Pak for Data System 1.0| 7.9.21.12.SP8| [Link to fix central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&fixids=7.9.21.12.SP8-WS-ICPDS-fp138&source=SAR&function=fixId&parent=ibm/WebSphere> \"Link to fix central\" ) \n \n * Please follow the steps given in [release notes](<https://www.ibm.com/docs/en/cloud-paks/cloudpak-data-system/1.0?topic=new-security-patch-release-notes> \"release notes\" ) to upgrade the system with security patches \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-15T09:51:25", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-15T09:51:25", "id": "DE0FD4B46D08CEF1DEAA575A9047B1B4606E41D3DD7B29408B8769EA341B71D5", "href": "https://www.ibm.com/support/pages/node/6556758", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:48:57", "description": "## Summary\n\nA vulnerability in Apache Log4j 1.2 (CVE-2021-4104) may affect IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite, which utilize log4j for its logging functionality. Although no known vulnerability impact has been proven, it is strongly recommended to apply the fix that upgrades log4j from version 1.2 to version 2.17.1. IBM Maximo Asset Management version 7.6.1.2 IFX019 and IBM Maximo Manage Patch 8.3.1 ship the latest library available 2.17.1.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions of the IBM Maximo Asset Management core product and the IBM Maximo Manage application in IBM Maximo Application Suite. Older versions of Maximo Asset Management may be impacted. The recommended action is to update to the latest version.\n\n**Product versions affected:**\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Maximo Asset Management | 7.6.1.2 \nMaximo Manage Application in IBM Maximo Application Suite | MAS 8.7-Manage 8.3 \n \n* To determine the core product version, log in and view System Information. The core product version is the \"Tivoli's process automation engine\" version. Please consult the [Platform Matrix](<https://www.ibm.com/support/pages/node/1288432> \"Platform Matrix\" ) for a list of supported product combinations.\n\n## Remediation/Fixes\n\nThe recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central and apply it for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the \u2018readme\u2019 documentation provided with each fix pack or interim fix.\n\n**For Maximo Asset Management 7.6:**\n\nVRM | Fix Pack, Feature Pack, or Interim Fix | Download \n---|---|--- \n7.6.1.2 | Maximo Asset Management 7.6.1.2 iFix: \n[7.6.1.2-TIV-MBS-IFIX019](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.2&platform=All&function=fixId&fixids=7.6.1.2-TIV-MBS-IF019&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp> \"7.6.1.2-TIV-MBS-IFIX019\" ) or latest Interim Fix available | [FixCentral](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.2&platform=All&function=all> \"FixCentral\" ) \n \n**For IBM Maximo Manage application in IBM Maximo Application Suite:**\n\nFirst upgrade to [Maximo Application Suite version 8.7.2](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fTivoli%3bibm%2fTivoli%2fIBM+Maximo+Application+Suite> \"Maximo Application Suite version 8.7.2\" ) and then from the Catalog select Update Available for Manage 8.3.1\n\n## Workarounds and Mitigations\n\nAdditional manual steps are required to remove all instances of Apache Log4j 1.2 for Maximo Asset Management 7.6.\n\n 1. Delete the following files from the Maximo install directory: \n 1. <maximo_home>\\reports\\cognos\\c11\\sdk\\log4j-1.2.17.jar\n 2. <maximo_home>\\reports\\cognos\\c11\\src\\lib\\log4j-1.2.17.jar\n 2. When using Cognos metadata publishing in an Oracle WebLogic environment, the Cognos BI Server Integration Installation Guide includes an instruction to copy log4j to <weblogic>\\user_projects\\domains\\base_domain\\lib. Remove this file if applicable.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-09T15:12:11", "type": "ibm", "title": "Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite may be vulnerable to arbitrary code execution due to Apache Log4j 1.2 (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-09-09T15:12:11", "id": "964EE2C764F7458340F9E5F9A309885284E9AF6B8CDA79E5C6C2B4DC7B69EFA7", "href": "https://www.ibm.com/support/pages/node/6569189", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:49:30", "description": "## Summary\n\nThe IBM Security Directory Integrator component of IBM Security Directory Server is affected by, but not vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104. Apache Log4j is used as part of the logging infrastructure. IBM Security Directory Server has shipped an appliance refresh which addresses this issue. The fix updates Log4j to version 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSDS VA| 8.0.1 \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nAffected Product(s)\n\n| \n\nVersion(s)\n\n| \n\nFix Availability \n \n---|---|--- \n \nIBM Security Directory Server\n\n| \n\n8.0.1.18\n\n| \n\n[refresh pack: 8.0.1.18-ISS-ISDS_20220727-1111.pkg](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Directory+Suite&release=8.0.1.10&platform=Linux+64-bit,x86_64&function=fixId&fixids=8.0.1.18-ISS-ISDS_20220727-1111.pkg&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"10.0.0.0-ISS-ISVG-IMVA-FP0004\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T20:50:19", "type": "ibm", "title": "Security Bulletin: IBM Security Directory Integrator as shipped with IBM Security Directory Suite is affected by Apache Log4j vulnerability (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-25T20:50:19", "id": "A0DA60B6875AE87AD557CCAE1AAF020757185304D5D1246DA18673A711319E91", "href": "https://www.ibm.com/support/pages/node/6615337", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:46:19", "description": "## Summary\n\nApache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM\u00ae Engineering Requirements Management DOORS/DWA product versions 9.6.1.x, 9.7.0.x, 9.7.1.x and 9.7.2.x are vulnerable to this attack, it has been addressed in this bulletin.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \n**CVSS Base score**: 8.1 \n**CVSS Temporal Score**: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nDOORS Web Access | All \nIBM\u00ae Engineering Requirements Management DOORS Family | All \n \n## Remediation/Fixes\n\n**IBM\u00ae strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.**\n\n * For The IBM\u00ae Engineering Requirements Management DOORS/DWA product versions 9.7.x, install the fix pack 9.7.2.6.\n * For The IBM\u00ae Engineering Requirements Management DOORS/DWA product versions 9.6.x, install the fix pack 9.6.1.13.\n\nYou can download the fix pack for [9.7.2.6](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Engineering+Requirements+Management+DOORS&fixids=9.7.2.6-DOORS-fixpack&source=SAR> \"9.7.2.6\" ) and [9.6.1.13](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.6.1.13-RATIONAL-DOORS-fixpack&source=SAR> \"9.6.1.13\" ) from Fix Central.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-30T11:14:37", "type": "ibm", "title": "Security Bulletin: The IBM\u00ae Engineering Requirements Management DOORS/DWA fixes for Log4j vulnerabilities CVE-2021-4104", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-09-30T11:14:37", "id": "8DF9A8E408DDD53ACE9BBB12309922440D3663888328A730ADDC42264249FC7B", "href": "https://www.ibm.com/support/pages/node/6825095", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:50:25", "description": "## Summary\n\nThere is a vulnerability in Apache log4j used by Spark and Zookeeper that is affecting QRadar User Behavior Analytics(UBA). This has been addressed in both dependencies and UBA has been updated to the patched versions. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nQRadar User Behavior Analytics| All \n \n\n\n## Remediation/Fixes\n\nAddressed in version 4.1.8 of [QRadar User Behavior Analytics](<https://exchange.xforce.ibmcloud.com/hub/extension/6f5cc6de1e5e2dad38bfa755c3f2b80b> \"QRadar User Behavior Analytics\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-05T22:39:00", "type": "ibm", "title": "Security Bulletin: Apache log4j vulnerabilities in Spark and Zookeeper affect QRadar User Behavior Analytics(CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-05T22:39:00", "id": "7518149B47C708BC85C48E7DCC6C884A795B049BDA62763731929AE94A2D74B5", "href": "https://www.ibm.com/support/pages/node/6610729", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:51:30", "description": "## Summary\n\nA vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Elastic Storage System due to its use of Log4j for logging and this fix upgrades to Apache Log4j V2.17.1.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Elastic Storage System | 6.0.0 - 6.0.2.4 \nIBM Elastic Storage System | 5.3.0 - 5.3.7.4 \n \n## Remediation/Fixes\n\nContact IBM Support for your affected versions of ESS 3000, ESS 3200 and ESS 5000 to obtain and apply an efix for your level of code: Products | Remediation \n---|--- \nIBM Elastic Storage System \n\nV6.0.0.0 - V6.0.2.4\n\n| For IBM Support, reference** APAR IJ38352** \n \nIBM Elastic Storage System\n\nV5.3.0 - V5.3.7.4\n\n| \n\nFor IBM Support, reference** APAR IJ38352** \n \n**Note**: Selected efixes are on Fix Central, see : [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all>)\n\nIf you cannot apply the latest level of service, contact IBM Service.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-06T16:04:48", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Elastic Storage System (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-07-06T16:04:48", "id": "F20FBF9D136DA66B16B24CC6A66369A721A4C8C12FA296FC3E2278352AA17707", "href": "https://www.ibm.com/support/pages/node/6565395", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:12", "description": "## Summary\n\nApache Log4j was used by 2 of the third party components used in Datacap as part of its logging infrastructure. The fix includes Apache Log4j v.2.17.1 for one of these third party component used in Datacap. The fix removes Apache Log4j for second third party component used in Datacap.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDatacap Taskmaster Capture| 9.1.8 \nDatacap Taskmaster Capture| 9.1.9 \n \n\n\n## Remediation/Fixes\n\n_**Product**_ | \n\n_** VRMF**_\n\n| \n\n_** Remediation/First Fix**_ \n \n---|---|--- \n \nDatacap Taskmaster Capture\n\n| \n\n9.1.8\n\n| \n\nUpgrade to **9.1.8 iFix 003**, available from [9.1.8 iFixes](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Datacap+Taskmaster+Capture&release=9.1.8.0&platform=All&function=all> \"9.1.8 iFixes\" ) \n \nDatacap Taskmaster Capture\n\n| \n\n9.1.9\n\n| \n\nUpgrade to **9.1.9 iFix 001**, available from [9.1.9 iFixes](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Datacap+Taskmaster+Capture&release=9.1.9.0&platform=All&function=all> \"9.1.9 iFixes\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-28T05:03:57", "type": "ibm", "title": "Security Bulletin: Due to use of Apache Log4j, IBM Datacap is vulnerable to arbitrary code execution (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-28T05:03:57", "id": "F1319E2508F5C112B37A4A6D292A000AB7AB824FB75E0C9F8948F655DFA754E6", "href": "https://www.ibm.com/support/pages/node/6559980", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:45:50", "description": "## Summary\n\nIBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability in the JMSAppender in Log4j 1.2 allowing deserialization of untrusted data when the attacker has write access to the Log4j configuration. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| 1.3.3 \nIBM Operations Analytics Predictive Insights| 1.3.5 \nIBM Operations Analytics Predictive Insights| 1.3.6 \n \n\n\n## Remediation/Fixes\n\nPlease use the instructions and full details from the README that\u2019s in the IBM Operations Analytics Predictive Insights iFix6 tarball, and follow with the upgrade to iFix6. downloaded tarball.\n\nThe IBM Operations Analytics Predictive Insights iFix6 tarball is available [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Operations%20Analytics&product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=All&platform=Linux+64-bit,x86_64&function=all> \"here\" ). \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-12T08:38:26", "type": "ibm", "title": "Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-10-12T08:38:26", "id": "88BEF8D462F9F45D43371BBC22C02A72C821C23EF01CD835DCD90CD91B6DEFC1", "href": "https://www.ibm.com/support/pages/node/6828741", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:52:05", "description": "## Summary\n\nApache Log4j is used by IBM Sterling Global Mailbox as part of its logging infrastructure. This fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Global High Availability Mailbox| 6.0.3 \nIBM Sterling Global Mailbox| 6.1.0 \nIBM Sterling Global Mailbox| 6.1.1 \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by Apache log4j library which is/are shipped with Global Mailbox.\n\n**Product(s)**\n\n| \n\n**Version(s)**\n\n| \n\n**Remediation/Fix** \n \n---|---|--- \n \nIBM Global High Availability Mailbox \n\n\n| \n\n6.0.3\n\n| See 6.0.3.6 section below \nIBM Sterling Global Mailbox \n\n\n| 6.1.0| \n\nSee 6.1.0.5 section below \n \n \nIBM Sterling Global Mailbox| 6.1.1| \n\nSee 6.1.1.1 section below \n \n \n**1) 6.0.3.6 is now available on Fix Central -**\n\n**IIM**\n\n**Sterling B2B Integrator**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-B2Bi-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-B2Bi-All&includeSupersedes=0>)\n\n**Sterling File Gateway**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-SFG-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-SFG-All&includeSupersedes=0>)\n\n**Docker**\n\n**Sterling B2B Integrator**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-B2Bi-Docker-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-B2Bi-Docker-All&includeSupersedes=0>)\n\n**Sterling File Gateway**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-SFG-Docker-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.0.3.5&platform=All&function=fixId&fixids=6.0.3.6-OtherSoftware-SFG-Docker-All&includeSupersedes=0>)\n\n**2) 6.1.0.5 is now available on Fix Central - **\n\n**IIM**\n\n**Sterling B2B Integrator**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.5-OtherSoftware-B2Bi-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.5-OtherSoftware-B2Bi-All&includeSupersedes=0>)\n\n**Sterling File Gateway**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.5-OtherSoftware-SFG-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.1.0.4&platform=All&function=fixId&fixids=6.1.0.5-OtherSoftware-SFG-All&includeSupersedes=0>)\n\n**IBM Sterling B2B Integrator V6.1.0.5**\n\n * Certified Container Image\n\n_cp.icr.io/cp/ibm-b2bi/b2bi:6.1.0.5_\n\n * Helm Chart\n\n<https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-b2bi-prod-2.0.6.tgz>\n\n**IBM Sterling File Gateway V6.1.0.5**\n\n * Certified Container Image\n\n_cp.icr.io/cp/ibm-sfg/sfg:6.1.0.5_\n\n * Helm Chart\n\n_<https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-sfg-prod-2.0.6.tgz>_\n\n**3) 6.1.1.1 is now available on Fix Central - **\n\n**Sterling B2B Integrator**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.1.1.0&platform=All&function=fixId&fixids=6.1.1.1-OtherSoftware-B2Bi-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=6.1.1.0&platform=All&function=fixId&fixids=6.1.1.1-OtherSoftware-B2Bi-All&includeSupersedes=0>)\n\n**Sterling File Gateway**\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.1.1.0&platform=All&function=fixId&fixids=6.1.1.1-OtherSoftware-SFG-All&includeSupersedes=0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+File+Gateway&release=6.1.1.0&platform=All&function=fixId&fixids=6.1.1.1-OtherSoftware-SFG-All&includeSupersedes=0>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T07:14:39", "type": "ibm", "title": "Security Bulletin: IBM Sterling Global Mailbox is vulnerable to remote code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-06-22T07:14:39", "id": "2F6D6F1C528741F14485F042B34A95DE694B60A3181908A18D87FD341EB6EA6C", "href": "https://www.ibm.com/support/pages/node/6597519", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:15", "description": "## Summary\n\nIBM Netezza Analytics is a component in IBM Netezza for Cloud Pak. Apache Log4j is used by IBM Netezza Analytics as part of its logging infrastructure. Apache Log4J is affected by vulnerability (CVE-2021-4104). This Fix removes Apache Log4J from IBM Netezza Analytics component to remediate vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Netezza for Cloud Pak for Data | 11.1.0.0 - 11.2.1.3 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now for affected versions listed by applying the fix. \n**\n\n**Product**| **Version**| **_Remediation/Fix_** \n---|---|--- \nIBM Netezza for Cloud Pak for Data| 11.2.1.4| [Link To Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&release=NPS_11.2&platform=All&function=fixId&fixids=11.2.1.4-WS-ICPDS-NPS-fp11291> \"Link To Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-25T13:25:06", "type": "ibm", "title": "Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-25T13:25:06", "id": "643467CC62A4AA0827E72D95EDF8439DE29D565BBC4287107E15278272180D23", "href": "https://www.ibm.com/support/pages/node/6559630", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:35", "description": "## Summary\n\nWe have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been tested in LMS 6.1.0 version.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Kenexa LMS on premise| LMS 6.1 and Below \n \n## Remediation/Fixes\n\nLMS uses Log4j 1.x version and the fix for this issue has been tested on IBM LMS 6.1.\n\n**Steps to Download from Fix Central**\n\n * Log in to Fix Central (<https://www-945.ibm.com/support/fixcentral/>)\n * Select \" IBM Kenexa LMS\u201d from the Product Selector dropdown\n * Select \"6.1\" from the Installed version dropdown\n * Select \"Windows\" from the Platform dropdown\n * Click \"Continue\"\n * Select \"Browse for Fixes\u201d and click \"Continue\"\n\n**Download log4jLMSfix.zip and Extract the following 2 files:**\n\n * libreplace.exe\n * log4j-core-2.15.0.jar\n\n**Steps to Follow in version 6.1:**\n\nSteps for deploying log4j fix:\n\n1\\. Copy libreplace.exe and log4j-core-2.15.0.jar into a new directory, e.g. c:\\log4jfix\n\n2\\. Start a command-prompt as administrator\n\n3\\. Change to new directory, e.g. cd /d c:\\log4jfix\n\n4\\. Stop all LMS\\Participate services\n\n5\\. Execute command-line:\n\nlibreplace.exe \"d:\\lmspe\\lms\" log4j*.jar log4j-core-2.15.0.jar . CONFIRM\n\n(\"d:\\lmspe\\lms\" represents your LMS directory, not your Participate directory)\n\n6\\. Notice log messages that look like \"log4j(etc).jar is now identical to log4j-core-2.15.0.jar\"; this confirms that changes have been made properly\n\n7\\. (*see note below) Execute command-line:\n\nlibreplace.exe \"d:\\lmspe\\pe101\" log4j*.jar log4j-core-2.15.0.jar . CONFIRM\n\n(\"d:\\lmspe\\pe101\" represents your Participate directory, not your LMS directory)\n\n8\\. Notice log messages that look like \"log4j(etc).jar is now identical to log4j-core-2.15.0.jar\"; this confirms that changes have been made properly\n\n9\\. Start LMS/Participate services\n\n***Note:** following step #7 will most likely break search function within Participate. Courses will still launch but searching for enrollments or any other listing of courses will not work. You can omit step #7 if this is loss of search function is unacceptable.\n\n**OPTIONAL - to rollback changes (if needed):**\n\n1\\. Stop all LMS services\n\n2\\. Find the .log file in e.g. c:\\log4jfix\n\n3\\. Find every line that starts with \"UNDO:\"\n\n4\\. Execute the OS command from command-line, which follows \"UNDO:\"\n\n5\\. Start LMS services\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T14:01:40", "type": "ibm", "title": "Security Bulletin: IBM Kenexa LMS On Premise -Log4j - CVE-2021-4104 (Publicly disclosed vulnerability)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-17T14:01:40", "id": "E7B26BFFEBAF5940128604225876F93CFFC27DB258C37295462DEA72EAA99A13", "href": "https://www.ibm.com/support/pages/node/6527844", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:36", "description": "## Summary\n\nWe have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been tested in LCMS Premier 13.x & 14.0 versions.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Kenexa LCMS Premier on premise| LCMS 14.0 and below \n \n\n\n## Remediation/Fixes\n\nLCMS uses Log4j 1.x version and fix for this issue has been tested on IBM LCMS 13.x & 14.0 versions\n\n**Steps to Download from Fix Central**\n\n * Log in to Fix Central (<https://www-945.ibm.com/support/fixcentral/>)\n * Select \"IBM Kenexa LCMS Premier\u201d from the Product Selector dropdown\n * Select \"14.0\" from the Installed version dropdown\n * Select \"Windows\" from the Platform dropdown\n * Click \"Continue\"\n * Select \"Browse for Fixes\u201d and click \"Continue\"\n\n**Download log4jLcmsfix.zip and Extract the following 2 files:**\n\n * libreplace.exe\n * log4j-core-2.15.0.jar\n\n**Steps to Follow:**\n\n**Steps for deploying log4j fix:**\n\n1\\. Copy libreplace.exe and log4j-core-2.15.0.jar into a new directory, e.g. c:\\log4jfix\n\n2\\. Start a command-prompt as administrator\n\n3\\. Change to new directory, e.g. cd /d c:\\log4jfix\n\n4\\. Stop all LCMS services\n\n5\\. Execute command-line:\n\nlibreplace.exe \"d:\\lcms\" log4j*.jar log4j-core-2.15.0.jar . CONFIRM\n\n(\"d:\\lcms\" represents your LCMS directory)\n\n6\\. Notice log messages that look like \"log4j(etc).jar is now identical to log4j-core-2.15.0.jar\"; this confirms that changes have been made properly\n\n7\\. Start LCMS services\n\n** **\n\n**OPTIONAL - to rollback changes(if needed):**\n\n1\\. Stop all LCMS services\n\n2\\. Find the .log file in e.g. c:\\log4jfix\n\n3\\. Find every line that starts with \"UNDO:\"\n\n4\\. Execute the OS command from command-line, which follows \"UNDO:\"\n\n5\\. Start LCMS services\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T13:59:19", "type": "ibm", "title": "Security Bulletin: IBM Kenexa LCMS Premier On Premise - Log4j - CVE-2021-4104 (Publicly disclosed vulnerability)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-17T13:59:19", "id": "A3752C1A8387F15196CA7D38FEBCF0DB0EFEE9BA80E9F901A057B44A5C47F353", "href": "https://www.ibm.com/support/pages/node/6527876", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:48:04", "description": "## Summary\n\nIBM Security Identity Governance and Intelligence (ISIGI) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104). Apache Log4j is used as part of ISIGI's logging infrastructure. The fix includes Apache Log4j version 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Identity Governance and Intelligence| 5.2.6 \nIBM Security Identity Governance and Intelligence| 5.2.5 \nIBM Security Identity Governance and Intelligence| 5.2.4 \n \n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly.\n\n**Affected Product(s)**| **Version(s)**| **First Fix** \n---|---|--- \nIBM Security Identity Governance and Intelligence| 5.2.6| [5.2.6.0-ISS-SIGI-FP0004 ](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.6.0&platform=All&function=fixId&fixids=5.2.6.0-ISS-SIGI-FP0004&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"5.2.6.0-ISS-SIGI-FP0004\" ) \nIBM Security Identity Governance and Intelligence| 5.2.5| [5.2.5.0-ISS-SIGI-FP0003](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=All&function=fixId&fixids=5.2.5.0-ISS-SIGI-FP0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"5.2.5.0-ISS-SIGI-FP0003\" ) \nIBM Security Identity Governance and Intelligence| 5.2.4| [5.2.4.0-ISS-SIGI-FP0003](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.4.0&platform=All&function=fixId&fixids=5.2.4.0-ISS-SIGI-FP0003&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"5.2.4.0-ISS-SIGI-FP0003\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T11:42:56", "type": "ibm", "title": "Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-09-15T11:42:56", "id": "5D920E9D5E204CFD2E98E2C7018611E5EB64DCF6A6E438058868CC33565AFED5", "href": "https://www.ibm.com/support/pages/node/6586512", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:52:03", "description": "## Summary\n\nA vulnerability was identified within the Apache Log4j library that is used by IBM Extended Command-Line Interface (XCLI) Utility for IBM FlashSystem A9000/A9000R, IBM XIV Storage System models 114/214/314, and IBM Spectrum Accelerate. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/215048> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Extended Command-Line Interface (XCLI) Utility | lower than 5.5.4 \n \n## Remediation/Fixes\n\nUpgrade to IBM Extended Command-Line Interface (XCLI) Utility 5.5.4.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T19:09:38", "type": "ibm", "title": "Security Bulletin: IBM Extended Command-Line Interface (XCLI) Utility is affected by a vulnerability in Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-06-22T19:09:38", "id": "417B78DA055B353E1C4296014B7B196E84BCD416F841687102400D42FF10C754", "href": "https://www.ibm.com/support/pages/node/6586520", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:55", "description": "## Summary\n\nA vulnerability in the Apache Log4j open source library has been reported in CVE-2021-4104. The version of log4j bundled within MFP 8.0 is 1.x and hence impacted by vulnerability CVE-2021-4104.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MobileFirst Foundation| 8.0.0.0 \n \n\n\n## Remediation/Fixes\n\nThere is a vulnerability in the Apache Log4j open source library that has been reported in [CVE-2021-4104](<https://access.redhat.com/security/cve/CVE-2021-4104>). The version of log4j bundled within MFP 8.0 is 1.x and hence impacted by vulnerability [CVE-2021-4104](<https://access.redhat.com/security/cve/CVE-2021-4104>). \n\nImpact of this vulnerability on the different components are as follows:\n\n1\\. The version of log4j bundled within MobileFirst Platform Foundation (MFP) 8.0 is 1.x. Any log4j usage in MFP is internal only. \n\n2\\. For Java adapters usage, follow the set of instructions as mitigation strategy detailed in the workaround/mitigation section.\n\nTo fix this vulnerability, MobileFirst is remediating the usage of log4j version which is impacted by this vulnerability as per CISO recommendation.\n\nRemediation of log4j vulnerability is completed and ifix build 8.0.0.0-MFPF-IF202203081427 build is published here [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FI[\u2026]atform+Foundation&fixids=8.0.0.0-MFPF-IF202203081427&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+MobileFirst+Platform+Foundation&fixids=8.0.0.0-MFPF-IF202203081427&source=SAR>)\n\n## Workarounds and Mitigations\n\nWorkarounds and Mitigations \n\nNote on Java adapters usage :\n\nIf Java adapters include log4j 1.x libraries or 3rd party frameworks that include log4j1.x libraries, upgrade the latest log4j2 versions which is not impacted by this vulnerability immediately and redeploy the Java adapters. If you are using a vulnerable version of log4j1.x , use the mitigation strategy described in the <https://access.redhat.com/security/cve/CVE-2021-4104.>\n\n \n \n\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T16:04:34", "type": "ibm", "title": "Security Bulletin: Mobilefirst is affected by a log4j vulnerability (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-14T16:04:34", "id": "702EA7A7270B22201B759E4304BBA64A08CC2B2DB9B31A65BFE5F7B8EE68A000", "href": "https://www.ibm.com/support/pages/node/6563275", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:51:38", "description": "## Summary\n\nA security vulnerability in log4j v1.2 affects IBM Cloud Pak for Multicloud Management Infrastructure Management Appliance. The fix removes Apache Log4j.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Infrastructure Management| All \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Cloud Pak for Multicloud Management 2.3.x Fix Pack 5 by following the instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=upgrades-upgrade-infrastructure-management-appliance>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-04T17:05:38", "type": "ibm", "title": "Security Bulletin: A security vulnerability in log4j v1.2 affects IBM Cloud Pak for Multicloud Management Infrastructure Management Appliance", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-07-04T17:05:38", "id": "1657BF6406E7BEEC2F294F65B40F7FF5A51DF9737173E7634E109E2031E0AE1E", "href": "https://www.ibm.com/support/pages/node/6601145", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:47", "description": "## Summary\n\nA vulnerability was identified within the Apache Log4j library that is used by IBM Spectrum Virtualize Family Storage Replication Adapter (SRA) for IBM Spectrum Virtualize family storage systems. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/215048> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Spectrum Virtualize Family Storage Replication Adapter | lower than 3.7.0 \n \n## Remediation/Fixes\n\nUpgrade to IBM Spectrum Virtualize Family Storage Replication Adapter 3.7.0.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-24T15:03:25", "type": "ibm", "title": "Security Bulletin: IBM Spectrum Virtualize Family Storage Replication Adapter (SRA) is affected by a vulnerability in Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-24T15:03:25", "id": "88B2960ACDA41F47CBFD8BC7C1E9CCA61BDAE7F4F0D0022EF5DD572B5CE173B5", "href": "https://www.ibm.com/support/pages/node/6536888", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:27", "description": "## Summary\n\nApache Log4j open source library is used by InfoSphere Data Architect. This bulletin describes the upgrades necessary to address the vulnerability. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Data Architect| All \n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRM**\n\n| \n\n**Remediation** \n \n---|---|--- \n \nInfoSphere Data Architect \n\n\n| \n\n9.1.x\n\n| \n\nUpgrade to: InfoSphere Data Architect [9.1.4 APAR10](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FInfosphere+Data+Architect&fixids=IDA_914_APAR10_v20220127_1220Patch> \"9.1.4 APAR10\" ) \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-28T10:49:27", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects InfoSphere Data Architect (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-28T10:49:27", "id": "8B3A7050651CC6061B73CF1E86EE2419DD50F4F27FC07E4130D25ADDF14EFCF8", "href": "https://www.ibm.com/support/pages/node/6551882", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:54", "description": "## Summary\n\nLog4j is used by IBM Cloud Pak for Data System 2.0 in openshift-logging. This bulletin provides a remediation for the reported Apache Log4j vulnerabilities CVE-2021-4104.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Data System 2.0 - Openshift Container Platform 4 | 2.0.0.0 - 2.0.1.1 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by applying following remediation patch on all affected releases listed above: \n**\n\n**Product**| VRMF| Remediation / Fix \n---|---|--- \n \nIBM Cloud Pak for Data System 2.0 - Openshift Container Platform 4\n\n| 1.0.0.0-openshift-4.6.log4j-WS-ICPDS-fp132 | [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&fixids=1.0.0.0-openshift-4.6.log4j-WS-ICPDS-fp132&source=SAR&function=fixId&parent=ibm/WebSphere>) \n \n * Please follow the steps given in **[release notes](<https://www.ibm.com/docs/en/cloud-paks/cloudpak-data-system/2.0?topic=20-log4j-vulnerability-patch> \"release notes\" )** to apply above remediation.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-16T11:06:51", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-16T11:06:51", "id": "F0A55A55FE75D7879ACE84F93E653F8A50B8249B2C7592738EB4BD78485CC785", "href": "https://www.ibm.com/support/pages/node/6556996", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:39", "description": "## Summary\n\nThe IBM Security Access Manager version 9.0 ships with a version of log4j that is vulnerable to CVE-2021-4104. The log4j library is no longer used by the IBM Security Access Manager product and a Fixpack has been provided to remove the unused library. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Access Manager Appliance| 9.0.0.0 - 9.0.7.2 \nIBM Security Access Manager Docker| 9.0.5.0 - 9.0.7.2 \n \n## Remediation/Fixes\n\n**IBM Security Access Manager Appliance**\n\nIBM Security Access Manager customers with installed versions of 9.0.4.0 through 9.0.7.2 can apply the 9.0.7.2-UTILITY-ISAM-REMOVE-LOG4J fixpack to remove the log4j v1 library from their systems. It is still recommended that customers move to the latest supported version of IBM Security Access Manager 9.0.7.2 to receive any further security fixes.\n\nAffected Products and Versions| Fixpack availability \n---|--- \nIBM Security Access Manager 9.0.0.0 through 9.0.7.1| [9.0.7-ISS-ISAM-FP0002](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.7.1&platform=Linux&function=fixId&fixids=9.0.7-ISS-ISAM-FP0002&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"9.0.7-ISS-ISAM-FP0002\" ) \nIBM Security Access Manager 9.0.7.2| [9.0.7.2-UTILITY-ISAM-REMOVE-LOG4J](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.7.2&platform=All&function=fixId&fixids=9.0.7.2-UTILITY-ISAM-REMOVE-LOG4J&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc> \"9.0.7.2-UTILITY-ISAM-REMOVE-LOG4J\" ) \n \n**IBM Security Access Manager (Container)**\n\nFor v9.0.5.0 through 9.0.7.1\n\n * Obtain the latest version of the container by running the following command \u201cdocker pull ibmcom/isam:[tag]\u201d\n\nWhere [tag] is the latest published version and can be confirmed [here](<https://hub.docker.com/r/ibmcom/isam/tags> \"here\" )\n\n * DownloadAppliance Fix Pack [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=All&platform=All&function=fixId&fixids=9.0.7.2-UTILITY-ISAM-REMOVE-LOG4J&includeSupersedes=0&source=fc> \"here\" )\n * Apply Appliance Fix Pack as outlined [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=All&platform=All&function=fixId&fixids=9.0.7.2-UTILITY-ISAM-REMOVE-LOG4J&includeSupersedes=0&source=fc> \"here\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-04T17:37:39", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager has fixed a vulnerability in the log4j library shipped with the product. (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-04T17:37:39", "id": "FACE47A144B851A6BB630C0FD63FA2BFBE0A19AFE0A7E1A993E530FC0BA6BE90", "href": "https://www.ibm.com/support/pages/node/6526432", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:38", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages logging framework. This vulnerability has been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM OpenPages with Watson versions 8.1 through 8.2.0.3 (8.2.0.4 is not affected)\n\n## Remediation/Fixes\n\nA fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: \n \n\n\n**Product**| **Remediation** \n---|--- \n \nFor IBM OpenPages with Watson **8.1 **or** 8.1.0.1 **\n\n\\- Upgrade to 8.1.0.2 Fix Pack\n\n\\- Apply 8.1.0.2 Interim Fix 2 (**8.1.0.2.2**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-81-fix-pack-2>\n\n<https://www.ibm.com/support/pages/openpages-watson-8102-interim-fix-2> \n \nFor IBM OpenPages with Watson** 8.1.0.2 **\n\n\\- Apply 8.1.0.2 Interim Fix 2 (**8.1.0.2.2**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-8102-interim-fix-2> \n \nFor IBM OpenPages with Watson** 8.2**, **8.2.0.1, 8.2.0.2 **or** 8.2.0.3**\n\n\\- Upgrade to 8.2.0.4 Fix Pack\n\n\\- Apply 8.2.0.4 Interim Fix 2 (**8.2.0.4.2**) or later\n\n| \n\n<https://www.ibm.com/support/pages/openpages-watson-82-fix-pack-4>\n\n<https://www.ibm.com/support/pages/openpages-watson-8204-interim-fix-2> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-24T20:01:37", "type": "ibm", "title": "Security Bulletin: IBM OpenPages with Watson has addressed Apache Log4j vulnerability (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-24T20:01:37", "id": "8B5BD9969FEA68AF3C45FDA3DB03870CCDA9156F542B0046F1CE349090DB826D", "href": "https://www.ibm.com/support/pages/node/6540688", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:51:02", "description": "## Summary\n\nMultiple vulnerabilities identified within the Apache Log4j (CVE-2021-4104) library earlier 2.0 version that is used by IBM Tivoli Netcool Configuration Manager to provide logging functionality. The fix includes Apache Log4j v2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\nThis issue has been fixed in ITNCM 6.4.2 Fix Pack 16 (6.4.2.16) available from fix central.\n\n[6.4.2-TIV-ITNCM-FP016](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Netcool+Configuration+Manager&fixids=6.4.2-TIV-ITNCM-FP016&source=SAR> \"6.4.2-TIV-ITNCM-FP016\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-18T08:32:59", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Netcool Configuration Manager is affected by vulnerability that could allow a remote attacker to execute arbitrary code on the system due to Apache Log4j earlier than 2.0 version (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-07-18T08:32:59", "id": "7CC29EC0FEC5AE2795B41685E99747E5F4622427116C32A61EDA1A96E00FB35D", "href": "https://www.ibm.com/support/pages/node/6604669", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:03", "description": "## Summary\n\nVulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0. An attacker who can control log messages or log message parameters can execute arbitrary code leading to Remote Code Execution (RCE) attacks. IBM App Connect for Manufacturing 2.0 has addressed the vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp Connect for Manufacturing| 2.0.0.5 to 2.0.0.7 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the patches listed in this table. This superceeds apar IT3937. \n\nProduct| VRMF| APAR| Remediation/Fixes \n---|---|---|--- \nIBM App Connect for Manufacturing| 2.0.0.5 to 2.0.0.7| IT39451| \n\nInterim fix for APAR (IT39451) is available from\n\n \n[2.0.0.5 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Manufacturing&release=2.0.0.5&platform=All&function=aparId&apars=IT39451> \"2.0.0.5 IBM Fix Central\" )\n\n[2.0.0.6 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Manufacturing&release=2.0.0.6&platform=All&function=aparId&apars=IT39451> \"2.0.0.6 IBM Fix Central\" )\n\n[2.0.0.7 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Manufacturing&release=2.0.0.7&platform=All&function=aparId&apars=IT39451> \"2.0.0.7 IBM Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-22T08:43:56", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0 (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-22T08:43:56", "id": "A13D8E66D7296C6851E5FD3A79983B0714CFCBDD4D8CE2D2BA543E342E028FB7", "href": "https://www.ibm.com/support/pages/node/6536646", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:49:35", "description": "## Summary\n\nIBM Security Verify Governance (ISVG) is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104. Apache Log4j is used as part of ISVG's logging infrastructure. The fix includes Apache Log4j version 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Verify Governance| 10.0 \n \n## Remediation/Fixes\n\nIBM encourages customers to promptly update their systems.\n\n**Affected Product(s)**\n\n| \n\n**Version(s)**\n\n| \n\n**First Fix** \n \n---|---|--- \n \nIBM Security Verify Governance\n\n| \n\n10.0.1\n\n| \n\n[10.0.1.0-ISS-ISVG-IGVA-FP0000 ](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.0.0&platform=Linux&function=fixId&fixids=10.0.1.0-ISS-ISVG-IGVA-FP0000&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \nIBM Security Verify Governance\n\n| \n\n10.0.0\n\n| \n\n[10.0.0.0-ISS-ISVG-IGVA-FP0004 ](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.0.0&platform=Linux&function=fixId&fixids=10.0.0.0-ISS-ISVG-IGVA-FP0004&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-22T19:08:30", "type": "ibm", "title": "Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-22T19:08:30", "id": "27D05CF3EFA4803263C8E1208A1231E86FFB57D4B4143C21D96897480161D556", "href": "https://www.ibm.com/support/pages/node/6586510", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:09", "description": "## Summary\n\nIBM Urbancode Deploy server, agent, and relay releases before release 7.1.2.1 are impacted by CVE-2021-4104. The product uses Log4j 1.2 logging library which may be exploited with administrative access. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nUCD - IBM UrbanCode Deploy | 6.2.7.3 \nUCD - IBM UrbanCode Deploy | 6.2.7.4 \nUCD - IBM UrbanCode Deploy | 6.2.7.5 \nUCD - IBM UrbanCode Deploy | 6.2.7.6 \nUCD - IBM UrbanCode Deploy | 6.2.7.7 \nUCD - IBM UrbanCode Deploy | 6.2.7.8 \nUCD - IBM UrbanCode Deploy | 6.2.7.9 \nUCD - IBM UrbanCode Deploy | 6.2.7.10 \nUCD - IBM UrbanCode Deploy | 6.2.7.11 \nUCD - IBM UrbanCode Deploy | 6.2.7.12 \nUCD - IBM UrbanCode Deploy | 7.0.3.0 \nUCD - IBM UrbanCode Deploy | 7.0.3.1 \nUCD - IBM UrbanCode Deploy | 7.0.3.2 \nUCD - IBM UrbanCode Deploy | 7.0.3.3 \nUCD - IBM UrbanCode Deploy | 7.0.4.0 \nUCD - IBM UrbanCode Deploy | 7.0.4.1 \nUCD - IBM UrbanCode Deploy | 7.0.4.2 \nUCD - IBM UrbanCode Deploy | 7.0.5.0 \nUCD - IBM UrbanCode Deploy | 7.0.5.1 \nUCD - IBM UrbanCode Deploy | 7.0.5.2 \nUCD - IBM UrbanCode Deploy | 7.0.5.3 \nUCD - IBM UrbanCode Deploy | 7.0.5.4 \nUCD - IBM UrbanCode Deploy | 7.0.5.5 \nUCD - IBM UrbanCode Deploy | 7.0.5.6 \nUCD - IBM UrbanCode Deploy | 7.1.0.0 \nUCD - IBM UrbanCode Deploy | 7.1.0.1 \nUCD - IBM UrbanCode Deploy | 7.1.0.2 \nUCD - IBM UrbanCode Deploy | 7.1.1.0 \nUCD - IBM UrbanCode Deploy | 7.1.1.1 \nUCD - IBM UrbanCode Deploy | 7.1.1.2 \nUCD - IBM UrbanCode Deploy | 7.1.2.0 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\nThese releases contain the full updates for server, agents, relays, and plugins. \nFollow the standard upgrade documentation found here: <https://www.ibm.com/docs/en/urbancode-deploy/7.1.2?topic=upgrading-migrating>\n\nVersion 6.2.7.3 up to and including 6.2.7.12, upgrade to 6.2.7.13 or later.\n\nVersion 7.0.3.0 up to and including 7.0.5.7, upgrade to 7.0.5.8 or later. \nVersion 7.1.0.0 up to and including 7.1.2.0, upgrade to 7.1.2.1 or later.\n\nBased on current information and analysis, we do not believe that Releases 7.1.2.1 or greater are vulnerable to CVE-2021-4104.\n\n## Workarounds and Mitigations\n\nAs a mitigation for affected releases until the above \"Remediation/Fixes\" have been applied: \n\nA replacement file log4j.jar has been created to apply this same change to all past versions of IBM Urbancode Deploy and is available on Fix Central as [Log4jFixPack-IBM-UrbanCode-Deploy](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&produ\\[\u2026\\]Log4jFixPack-IBM-UrbanCode-Deploy&includeSupersedes=0&source=fc>) \n \nIndividual updated plugins are available on the following site [https://www.urbancode.com/plugins/](<https://www.ibm.com/links?url=https%3A%2F%2Fwww.urbancode.com%2Fplugins%2F> \"\" )\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T15:51:31", "type": "ibm", "title": "Security Bulletin: IBM Urbancode Deploy server/agent/relay releases before 7.1.2.1 impacted by Apache Log4j vulnerabilities. (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-03T15:51:31", "id": "68C9A924DE162BF93100DE379E651BE25F0603409D7A4401BB7E28C5F636BDB3", "href": "https://www.ibm.com/support/pages/node/6538590", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:41", "description": "## Summary\n\nApache Log4j could allow a remote attacker to execute arbitrary code on the system. DB2 Recovery Expert for Linux, UNIX and Windows addressed this vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDB2 Recovery Expert for LUW| 5.5.0.1 \nDB2 Recovery Expert for LUW| 5.5.0.1 IF1 \nDB2 Recovery Expert for LUW| 5.5.0.1 IF2 \nDB2 Recovery Expert for LUW| 5.5.0.1 IF3 \n \n\n\n## Remediation/Fixes\n\nThe product needs to be installed or upgraded to the latest available level using the latest [5.5.0.1 IF4](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/DB2+Recovery+Expert+for+Linux+UNIX+and+Windows&release=5.5.0.1&platform=All&function=all> \"5.5.0.1 IF4\" ) version available from Fix Central.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-21T11:08:12", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects DB2 Recovery Expert for Linux, Unix and Windows", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-03-21T11:08:12", "id": "BA4185EFC85E26A08AB57ADBAA3A45DD6AD2DB5D4C5B073C7F980FF5D77C4DE0", "href": "https://www.ibm.com/support/pages/node/6565031", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:54:01", "description": "## Summary\n\nThis fix removes the Apache Log4j.jar file from IBM Integration Designer.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected products| Versions \n---|--- \nIntegration Designer| 21.0.3 \nIntegration Designer| 21.0.2 \nIntegration Designer| 20.0.0.2 \nIntegration Designer| 19.0.0.2 \nIntegration Designer| 8.5.7 \n \n## Remediation/Fixes\n\n[IBM Integration Designer 21.0.3](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=21.0.3-WS-IID-IFJR64578&source=SAR> \"IBM Integration Designer 21.0.3\" )\n\n[IBM Integration Designer 21.0.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=21.0.2-WS-IID-IFJR64578&source=SAR> \"IBM Integration Designer 21.0.2\" )\n\n[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=19.0.0.2-WS-IID-JR63001&source=SAR&function=fixId&parent=ibm/WebSphere>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=20.0.0.2-WS-IID-JR63001&source=SAR&function=fixId&parent=ibm/WebSphere>)[IBM Integration Designer 20.0.0.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=20.0.0.2-WS-IID-IFJR64578&source=SAR> \"IBM Integration Designer 20.0.0.2\" )\n\n[IBM Integration Designer 19.0.0.2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=19.0.0.2-WS-IID-IFJR64578&source=SAR> \"IBM Integration Designer 19.0.0.2\" )\n\n[IBM Integration Designer 8.5.7](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.7.0-WS-IID-IFhttp://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.7.0-WS-IID-IFJR64578&source=SAR&source=SAR> \"IBM Integration Designer 8.5.7\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-29T20:56:04", "type": "ibm", "title": "Security Bulletin: IBM Integration Designer is vulnerable to arbitrary code execution because of Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-04-29T20:56:04", "id": "4E6A04B12CD0B1B6DEFA7C6ABF7649A38727A95A07B1BD211B03B0BDF4022C04", "href": "https://www.ibm.com/support/pages/node/6562361", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:40", "description": "## Summary\n\nThere is a vulnerability in the version of Log4j that was included in InfoSphere Data Replication.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Data Replication| 11.4.0 \nInfoSphere Data Replication| 11.4 \n \n\n\n## Remediation/Fixes\n\nUpdate to the latest product fix pack found here: \n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FInformation%20Management&product=ibm/Information+Management/IBM+InfoSphere+Data+Replication&release=11.4&platform=All&function=all&source=fc](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FInformation%20Management&product=ibm/Information+Management/IBM+InfoSphere+Data+Replication&release=11.4&platform=All&function=all&source=fc>)\n \n \n [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/IBM+InfoSphere+Data+Replication&release=11.3.3.3&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/IBM+InfoSphere+Data+Replication&release=11.3.3.3&platform=All&function=all>)\n\nNote to Apacha Kafka target users; the remediation removes use of Log4j from the product. Due to the way Apache Kafka environments integrate with various clients, it is strongly recommended to perform extensive testing of the updated product to ensure that the expected logging functions are not impacted.\n\n## Workarounds and Mitigations\n\nAs a data movement product, InfoSphere Data Replication supports many different sources and targets. A full listing of this can be found in Knowledge Center here: \n \n<https://www.ibm.com/docs/en/idr/11.4.0?topic=requirements-supported-source-targets> \n \nA mitigating factor is that while Log4j is bundled with all installations of supported Linux/UNIX/Windows (LUW) sources and targets, it is only used in the case of the Apache Kafka target. \n \nThere are no end user workarounds. It is recommended to update to the latest fix pack.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T13:12:16", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-4104) affects InfoSphere Data Replication", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-17T13:12:16", "id": "C5300EA28DA92FE5400667667270AEE539B4648C41D04FA7B270FB33DE4673B6", "href": "https://www.ibm.com/support/pages/node/6527834", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:54:41", "description": "## Summary\n\nThe Apache Log4j vulnerability (CVE-2021-4104) affects the TPF Operations Server, which runs with the z/Transaction Processing Facility (z/TPF). The TPF Operations Server uses Apache Log4j as part of its logging infrastructure. All components in the TPF Operations Server that use Apache Log4j have been updated to use Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nTPF Operations Server| 1.2.06 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nTPF Operations Server| 1.2.06| IT40013| Apply the APAR, which is available for download from the [TPF Product Family: Maintenance for TPF Operations Server](<https://www.ibm.com/support/pages/node/598325> \"TPF Product Family: Maintenance for TPF Operations Server\" ) web page. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-21T15:51:54", "type": "ibm", "title": "Security Bulletin: The Apache Log4j (CVE-2021-4104) vulnerability affects TPF Operations Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-04-21T15:51:54", "id": "3CBFD550ACC21F55BA277385D55E9A5728E39670190F73721EF53E5BD91FBBBF", "href": "https://www.ibm.com/support/pages/node/6574035", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:52:41", "description": "## Summary\n\nIBM Netezza Analytics for NPS uses Log4j version 1.x. IBM Netezza Analytics for NPS has addressed the aplicable CVE\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza Analytics for NPS| All versions <= 11.2.23 \n \n## Remediation/Fixes\n\nProduct| VRMF| Remediation/First Fix \n---|---|--- \n \nIBM Netezza Analytics for NPS\n\n| 11.2.24| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&release=INZA_11.2&platform=All&function=fixId&fixids=11.2.24-WS-ICPDS-INZA-fp10905> \"Link to Fix Central\" ) \n \nNote: IBM Netezza Analytics for NPS addresses above CVE by removing log4j from IBM Netezza Analytics for NPS.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-03T14:32:29", "type": "ibm", "title": "Security Bulletin: Log4j vulnerability affects IBM Netezza Analytics for NPS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-06-03T14:32:29", "id": "26DFDDEA8EB90F9881D2DF1DF2281A85874E3DEDC9CAEBB69B263FC6408C7D49", "href": "https://www.ibm.com/support/pages/node/6527820", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:47", "description": "## Summary\n\nThere is a vulnerability in Apache Log4j used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSterling Connect Direct File Agent| 1.4 \n \n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| APAR| Remediation / First Fix \n---|---|---|--- \nSterling Connect Direct File Agent| 1.4| n/a| Apply [1.4.0.2_iFix013](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+File+Agent&release=1.4.0.2&platform=All&function=aparId&apars=IT39371,IT39415> \"1.4.0.2_iFix013\" ), available on IBM Fix Central \n \nFor unsupported versions IBM recommends upgrading to a fixed, supported version of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-16T11:54:01", "type": "ibm", "title": "Security Bulletin: Apache Log4j Affects IBM Sterling Connect:Direct File Agent (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-16T11:54:01", "id": "AFD7DBF6EEC4522D8263C37017B0864C1F7BAB4FBD23EC03D38B2484DE07311A", "href": "https://www.ibm.com/support/pages/node/6526688", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:52:13", "description": "## Summary\n\nStoredIQ 7.6.0 is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104). Apache Log4j is used by StoredIQ 7.6.0 as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nStoredIQ| 7.6.0 - 7.6.0.22 \n \n\n\n## Remediation/Fixes\n\nUpgrade to fix pack 7.6.0.22 and apply interim fix siq_7_6_0_22_log4j_2_17_1_if that is available from Fix Central [https://www.ibm.com/support/fixcentral/. ](<https://www.ibm.com/support/fixcentral/>)Instructions are included in the ReadMe in the interim fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-17T21:34:55", "type": "ibm", "title": "Security Bulletin: StoredIQ Is Vulnerable To Arbitrary Code Execution Due To Apache Log4j (CVE-2021-4104).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-06-17T21:34:55", "id": "57F982DDC8E03D61C084B264B2F96B821210E01A5741363B87BC4BC12601EF3E", "href": "https://www.ibm.com/support/pages/node/6596147", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:42:22", "description": "## Summary\n\nA vulnerability in Apache Log4j (CVE-2021-4104) has been identified that may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Several components of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. The fix below includes Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.4 \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 1.2.0 -1.2.1 (Cloud Pak 3.5) \n \n\n\n## Remediation/Fixes\n\nAffected Products| Versions| Fixes \n---|---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.4| v4.0.5 For Text to Speech: \n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=services-watson-text-speech>\n\nv4.0.5 For Speech to Text:\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=services-watson-speech-text> \n \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 1.2.0 -1.2.1 (Cloud Pak 3.5) | None available. Please install v4.0.5 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2023-01-12T21:59:00", "id": "A0B4098936C66E228AC654C663118F5F0E7E0914D4F2BB96A80428BB72E88742", "href": "https://www.ibm.com/support/pages/node/6551170", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:33", "description": "## Summary\n\nThe following vulnerability in Log4j has been addressed by IBM MegaRAID Storage Manager. This fix includes the removal of Log4j.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nMegaRAID Storage Manager| 17 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now. \nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nProduct(s)| Version(s) \n---|--- \n \nMegaRAID Storage Manager\n\n(ibm_utl_msm_17.05.06.00_windows_32-64) \n\n| 17.05.06.00 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-26T19:52:11", "type": "ibm", "title": "Security Bulletin: IBM MegaRAID Storage Manager is affected by a vulnerability in Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-26T19:52:11", "id": "7D41EC7322B1884F1456683D61F0429C832EB63621E340A85374D62A5B50036A", "href": "https://www.ibm.com/support/pages/node/6551146", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:45:41", "description": "## Summary\n\nApache Log4j 1.x vulnerabilities may impact IBM InfoSphere Information Server which uses Apache Log4j for logging.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud | 11.7 \n \n## Remediation/Fixes\n\n**Product** | **VRMF** | **APAR** | **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud | 11.7 | [JR64781](<http://www.ibm.com/support/docview.wss?uid=swg1JR64781> \"JR64781\" ) | \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> \"11.7.1.3\" ) \n\\--Apply Information Server [11.7.1.3 Service pack 4](<https://www.ibm.com/support/pages/node/6568469> \"11.7.1.3 Service pack 4\" ) \n \n(October 14, 2022) Other open source components usage of log4j version 1 was addressed in Information Server 11.7.1.4. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-14T22:12:50", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server may be affected by vulnerabilities in Apache log4j 1.x version", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-10-14T22:12:50", "id": "5F63ABEFB797143F56BA76FEE84E3501E931CCBDCCE79A4A8D534956DD75AF3B", "href": "https://www.ibm.com/support/pages/node/6575541", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:04", "description": "## Summary\n\nThere is a vulnerability in the version of Apache Log4j that was included in IBM SPSS Analytic Server, which uses Apache Log4j for logging. This patch replaces the older Apache log4j with version 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM SPSS Analytic Server| 3.1.1.0 \nIBM SPSS Analytic Server| 3.1.1.1 \nIBM SPSS Analytic Server| 3.1.2.0 \nIBM SPSS Analytic Server| 3.2.1.0 \nIBM SPSS Analytic Server| 3.2.1.1 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying the following fixes.**\n\n**This patch include Apache Log4j 2.17.1**\n\n**_Product_**| **_VRMF_**| **_Fixes _**** \n** \n---|---|--- \nIBM SPSS Analytic Server| 3.1.1.0| [3.1.1.0 - IFIX](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Analytic+Server&fixids=AS_3.1.1.0-3.2.1.1_log4j2.17.1-Upgrade&source=SAR> \"3.1.1.0 - IFIX\" ) \nIBM SPSS Analytic Server| 3.1.1.0| [3.1.1.1 - IFIX](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Analytic+Server&fixids=AS_3.1.1.0-3.2.1.1_log4j2.17.1-Upgrade&source=SAR> \"3.1.1.1 - IFIX\" ) \nIBM SPSS Analytic Server| 3.1.2.0| [3.1.2.0 - IFIX](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Analytic+Server&fixids=AS_3.1.1.0-3.2.1.1_log4j2.17.1-Upgrade&source=SAR> \"3.1.2.0 - IFIX\" ) \nIBM SPSS Analytic Server| 3.2.1.0| [3.2.1.0 - IFIX](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Analytic+Server&fixids=AS_3.1.1.0-3.2.1.1_log4j2.17.1-Upgrade&source=SAR> \"3.2.1.0 - IFIX\" ) \nIBM SPSS Analytic Server| 3.2.1.1| [3.2.1.1 - IFIX](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Analytic+Server&fixids=AS_3.1.1.0-3.2.1.1_log4j2.17.1-Upgrade&source=SAR> \"3.2.1.1 - IFIX\" ) \n \nInstallation Instructions\n\n\\-----------------------------------------------\n\n1\\. Stop the Analytic Server service.\n\n\\- For Hortonworks, stop Analytic Server from the Ambari console. \n\n\\- For Cloudera, stop Analytic Server from the Cloudera Manager console. \n\n\\- For MapR, run the following command to stop Analytic Server:\n\ncd <as_installation_path>/ae_wlpserver/bin\n\n./server stop aeserver\n\nNote: The default location of the \"as_installation_path\" folder is:\n\n\\- HDP: /opt/ibm/spss/analyticserver/3.x\n\n\\- CDH: /opt/cloudera/parcels/AnalyticServer\n\n2\\. Backup and delete the old files in AS installation folder.\n\n<as_installation_path>/lib\n\n\\- com.springsource.org.apache.log4j-1.2.16.jar\n\n\\- slf4j-api-1.6.1.jar (AS 3.2.1.x)\n\n\\- slf4j-simple-1.6.1.jar (AS 3.2.1.x)\n\n<as_installation_path>/ae_wlpserver/usr/servers/aeserver/apps/AE_BOOT.war/WEB-INF/lib\n\n\\- com.springsource.org.apache.log4j-1.2.16.jar\n\n\\- slf4j-api-1.6.1.jar (AS 3.2.1.x)\n\n\\- slf4j-simple-1.6.1.jar (AS 3.2.1.x)\n\n3\\. Copy the new files within zip package to AS installation folder on the Analytic Server Metastore and each Analytic Server node. \n\nThe files updated by Interim Fix are listed below.\n\n<as_installation_path>/lib\n\n\\- log4j-1.2-api-2.17.1.jar\n\n\\- log4j-api-2.17.1.jar\n\n\\- log4j-core-2.17.1.jar\n\n<as_installation_path>/ae_wlpserver/usr/servers/aeserver/apps/AE_BOOT.war/WEB-INF/lib\n\n\\- log4j-1.2-api-2.17.1.jar\n\n\\- log4j-api-2.17.1.jar\n\n\\- log4j-core-2.17.1.jar\n\n4\\. Run the hdfsUpdate script.\n\n\\- HDP: Refresh the Analytic Server service from the Ambari console.\n\n\\- CDH: Refresh Analytic Server binaries from the Cloudera Manager console.\n\n\\- MapR: Run the following commands:\n\ncd <as_installation_path>/bin \n\n./hdfsUpdate.sh\n\n5\\. Start the Analytic Server service.\n\nNote: \n\n1\\. For /user/as_user/analytic-root/defaultASsubpath/classpath directory in HDFS, several log4j jar files are there and copied from hadoop cluster.\n\nIf they are updated, please repeat step 1 to 5.\n\n2\\. If the below files are found in logs subfolder, they can be safely deleted. \n\n<as_installation_path>/ae_wlpserver/usr/servers/aeserver/logs \n\n\\- ${logger.id}as.log\n\n\\- ${logger.id}as_trace.log\n\n\\- ${logger.id}sql.log\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-14T07:15:01", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM SPSS Analytic Server (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-14T07:15:01", "id": "7018EA10DE2465F2CED3EBD20C60B0C8CF98504CD285795F73CA24A2863F5465", "href": "https://www.ibm.com/support/pages/node/6540892", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:09", "description": "## Summary\n\nA vulnerability in Apache Log4j (CVE-2021-4104) affects WebSphere Application Server (WAS) Liberty which is used by RAA. The vulnerability was addressed by removing Apache Log4j from WAS Liberty.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nRational Asset Analyzer (RAA)| 6.1.0.0 - 6.1.0.23 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying the fix from Fix Central.**\n\nFor the affected product and versions listed above, please download and install the patch for the applicable operating system.\n\n**Release date**: 2022/01/04\n\n**Operating System**| **Remediation/Fix** \n---|--- \nWindows Version| [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=Windows&function=all&source=fc> \"Fix Central\" ) \nz/OS Version| [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=z/OS&function=all> \"Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-12T23:27:20", "type": "ibm", "title": "Security Bulletin: Rational Asset Analyzer (RAA) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-12T23:27:20", "id": "F80F79BA6DF67B9B276F50883A8B337A4582F3460556D772819BB4B8E40450AB", "href": "https://www.ibm.com/support/pages/node/6540480", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:19", "description": "## Summary\n\nThere are multiple vulnerabilities identified within the Apache Log4j library used by a component of IBM Tivoli System Automation Application Manager. The fix includes Apache Log4j 2.17.0.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nIBM Tivoli System Automation Application Manager is impacted due to being dependent on IBM WebSphere Application Server which includes the vulnerable Apache Log4j version.\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n \n\n\n## Remediation/Fixes\n\nRemediate the vulnerability for IBM Tivoli System Automation Application Manager and address the Apache Log4j vulnerability in IBM WebSphere Application Server by following the details in the referenced security bulletin below. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| \n\n4.1.0.1\n\n| [IBM WebSphere Application Server is vulnerable Apache Log4j vulnerabilities(CVE-2021-4104)](<https://www.ibm.com/support/pages/node/6526750> \"IBM WebSphere Application Server is vulnerable Apache Log4j vulnerabilities\\(CVE-2021-4104\\)\" ) \n \n4.1.0.2 \n \n4.1.0.3 \n \n4.1.0.4 \n \n4.1.0.5 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-10T10:55:54", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerabilities impact IBM Tivoli System Automation Application Manager (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-10T10:55:54", "id": "ED962C022CE6B7157A6A1DC3A2A82F64E0886D5E173F3FA15D86D6E90286EBBF", "href": "https://www.ibm.com/support/pages/node/6539450", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:08", "description": "## Summary\n\nA vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Scale due to its use of Log4j for logging.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Spectrum Scale | 5.0.0 - 5.0.5.11 (Kafka, All HDFS Transparency versions) \nIBM Spectrum Scale | 5.1.0 - 5.1.1 (Kafka, All HDFS Transparency versions) \n \n## Remediation/Fixes\n\n**For Spectrum Scale HDFS Transparency**:\n\n * For IBM Spectrum Scale V5.0.0.0 through 5.0.5.11 using HDFS Transparency 2.7.3.X apply Spectrum Scale HDFS Transparency CVE-2021-4104-noarch-Linux available from Fix Central at: \n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all#CVE-2021-4104%20efixes](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all#CVE-2021-4104%20efixes>)\n * For IBM Spectrum Scale V5.0.0.0 through 5.0.5.11 using HDFS Transparency 3.0.0.0 apply Spectrum Scale HDFS Transparency CVE-2021-4104-noarch-Linux available from Fix Central at: \n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all#CVE-2021-4104%20efixes](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all#CVE-2021-4104%20efixes>)\n * For IBM Spectrum Scale V5.0.3.0 through 5.1.2.1 using HDFS Transparency 3.1.0.0 through 3.1.0.9 apply Spectrum Scale HDFS Transparency-3.1.0.10.<architecture>-Linux or later available from Fix Central at: [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all#BDA](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all#BDA>)\n * For IBM Spectrum Scale V5.0.4.2 through 5.0.5.11 using HDFS Transparency 3.1.1.0 through 3.1.1.7 upgrade to HDFS Transparency 3.1.1.8 by applying Spectrum Scale_<edition>-5.0.5.12-<architecture>-Linux or later available from Fix Central at: [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all>)\n * For IBM Spectrum Scale V5.1.0.0 through 5.1.2.1 using HDFS Transparency 3.1.1.2 through 3.1.1.7 upgrade to HDFS Transparency 3.1.1.8 by applying Spectrum Scale_<edition>-5.1.2.2-<architecture>-Linux or later available from Fix Central at: [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.2&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.2&platform=All&function=all>)\n * For IBM Spectrum Scale V5.1.1.2 through 5.1.2.1 using HDFS Transparency 3.3.0.0 upgrade to HDFS Transparency 3.3.0.1 by applying Spectrum Scale_<edition>-5.1.2.2-<architecture>-Linux available from Fix Central at: [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.2&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.2&platform=All&function=all>)\n\n**For Spectrum Scale Clustered Watch Folder / File Audit Logging**:\n\n * For IBM Spectrum Scale V5.0.0 through 5.0.5.11, apply V5.0.5.12 or later available from FixCentral at:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all>)\n\n * For IBM Spectrum Scale V5.1.0 through 5.1.1.X run\n\nmmmsgqueue config --remove-msgqueue\n\nIf you cannot apply the latest level of service, contact IBM Service.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T15:52:46", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Scale (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-03T15:52:46", "id": "CB2FE0501D66CCAFD24272A9B3057D9AF493BB73E63B4F14928A1DCC9D22A51B", "href": "https://www.ibm.com/support/pages/node/6551880", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:31", "description": "## Summary\n\nThere is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSPSS Statistics| 27.0.1 \nSPSS Statistics| 26.0 \nSPSS Statistics| 25.0 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Fixes \n---|---|--- \nSPSS Statistics| 27.0.1| [Statistics 27.0.1-IF019](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Statistics&fixids=27.0.1-IM-S27STATC-ALL-IF019&source=SAR> \"Statistics 27.0.1-IF019\" ) \nSPSS Statistics| 26.0| [Statistics 26.0.0.1-IF013](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Statistics&fixids=26.0-IM-S26STAT-ALL-FP001-IF013&source=SAR> \"Statistics 26.0.0.1-IF013\" ) \nSPSS Statistics| 25.0| [Statistics 25.0.0.2-IF013](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Statistics&fixids=25.0-IM-S25STAT-ALL-FP002-IF013&source=SAR> \"Statistics 25.0.0.2-IF013\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T17:50:04", "type": "ibm", "title": "Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-17T17:50:04", "id": "CDF06F9CE941D8BA4EB50A4537C60963F9E723DC6C21E570A655A0FCA0A6764A", "href": "https://www.ibm.com/support/pages/node/6527952", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:53:53", "description": "## Summary\n\nThere is a vulnerability in Apache Log4j (CVE-2021-4104) as described in the vulnerability details section. Apache Log4j v1 is used by OmniFind Text Search Server for DB2 for i for generating logs and diagnostic traces in some of its components. IBM has addressed the vulnerability in OmniFind Text Search Server for DB2 for i by removing Apache Log4j. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nOmniFind Text Search Server for DB2 for i| \n\nV1R6M0 \nV1R5M0 \nV1R4M0 \nV1R3M0 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\nThe issue can be fixed by applying PTFs to IBM i. Releases V1R6M0(7.5), V1R5M0(7.4), V1R4M0(7.3), and V1R3M0(7.2) of OmniFind Text Search Server for DB2 for i will be fixed.\n\nThe IBM i PTF numbers containing the fix for the CVE:\n\nOmniFind Text Search Server for DB2 for i Release| IBM i Release| PTF Number \n---|---|--- \nV1R6M0| 7.5| SI78636 \nSI78665 \nSI78673 \nV1R5M0| 7.4| SI78753 \nSI78754 \nSI78755 \nV1R4M0| 7.3| SI78756 \nSI78757 \nSI78758 \nV1R3M0| 7.2| SI78751 \nSI78759 \nSI78760 \nSI78761 \n \n \n<https://www.ibm.com/support/fixcentral>\n\n_Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-06T17:09:03", "type": "ibm", "title": "Security Bulletin: Due to use of Apache Log4j, OmniFind Text Search Server for DB2 for i is vulnerable to arbitrary code execution (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-05-06T17:09:03", "id": "F50A6F6BA5B32FE7E7B5465ACFA2151CE81FE9DEB6C0E87419E72E0A87BE39EA", "href": "https://www.ibm.com/support/pages/node/6562237", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:42:32", "description": "## Summary\n\nApache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM Engineering Lifecycle Engineering products version 901 is vulnerable to this attack, it has been addressed in this bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Engineering Systems Design Rhapsody| 9.0.1 \nIBM Engineering Systems Design Rhapsody| 9.0 \nRational Rhapsody| 8.4 \n \n## Remediation/Fixes\n\n \nFor the IBM\u00ae Engineering Design Rhapsody product versions 9.0.1, IBM strongly recommends addressing the vulnerability by applying a currently available [Rhapsody 901 SR1 iFix004](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=9.0.1&platform=All&function=fixId&fixids=Rhapsody901Windows.9.0.1_iFix004&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Rhapsody 901 SR1 iFix003\" ) full install.\n\nFor the IBM\u00ae Engineering Design Rhapsody product versions 9.0, IBM strongly recommends addressing the vulnerability by applying a currently available [Rhapsody 901 SR1 iFix004](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=9.0.1&platform=All&function=fixId&fixids=Rhapsody901Windows.9.0.1_iFix004&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Rhapsody 901 SR1 iFix003\" ) full install.\n\nFor the Rational Rhapsody product versions 8.4, IBM strongly recommends addressing the vulnerability by applying a currently available [Rhapsody 901 SR1 iFix004](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=9.0.1&platform=All&function=fixId&fixids=Rhapsody901Windows.9.0.1_iFix004&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Rhapsody 901 SR1 iFix003\" ) full install.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-11T08:56:34", "type": "ibm", "title": "Security Bulletin: The IBM\u00ae Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for Log4j vulnerabilities CVE-2021-4104", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2023-01-11T08:56:34", "id": "6B543690A90E292F8431281EAF7C8B61CA43BDF8462824FA9587CA14A4287518", "href": "https://www.ibm.com/support/pages/node/6825215", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:27", "description": "## Summary\n\nVulnerabilities in Apache Log4j affect the logging infrastructure in the Kafka Nodes in IBM App Connect Enterprise v11, v12 and IBM Integration Bus version 10. IBM App Connect Enterprise V11, V12 and IBM Integration Bus v10 have addressed the applicable CVE. Given current information and analysis, IBM Integration Bus V9 is not affected. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM App Connect Enterprise V12.0.1.0 to V12.0.3.0\n\nIBM App Connect Enterprise V11.0.0.0 to V11.0.0.15.** (Note the mitigation described in Workarounds and Mitigations should also be applied to IBM App Connect Enterprise V11.0.0.16)**\n\n \nIBM Integration Bus V10.0.0.6 to V10.0.0.25\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability in the Kafka Nodes now by applying the patches listed in this table. This superceeds apar IT39377.\n\n**Product**| **VRMF**| **APAR**| **Remediation / Fix** \n---|---|---|--- \nIBM App Connect Enterprise V12| V12.0.1.0 to V12.0.3.0| IT39458| \n\nInterim fix for APAR (IT39458) is available from\n\n[IBM Fix Central(distributed platforms)](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.1.0&platform=All&function=aparId&apars=IT39458+> \"IBM Fix Central\\(distributed platforms\\)\" )\n\nInterim fix for Windows is available from\n\n[12.0.3.0 - IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.3.0&platform=Windows+64-bit,+x86&function=aparId&apars=IT39458+> \"12.0.3.0 - IBM Fix Central\" )\n\n[12.0.2.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.2.0&platform=Windows+64-bit,+x86&function=aparId&apars=IT39458+> \"12.0.2.0 IBM Fix Central\" )\n\n[12.0.1.0 IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.1.0&platform=Windows+64-bit,+x86&function=aparId&apars=IT39458+> \"12.0.1.0 IBM Fix Central\" ) \n \nIBM App Connect Enterprise V11| V11.0.0.0 to V11.0.0.15| IT39458| \n\nInterim fix for APAR (IT39458) is available for v11.0.0.10-11.0.0.15 from \n\n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=11.0.0.15&platform=All&function=aparId&apars=IT39458+> \"11.0.0.15 IBM Fix Central\" ) \n \nIBM Integration Bus V10| V10.0.0.6 - V10.0.0.25| IT39458| \n\nInterim fix for APAR (IT39458) is available for 10.0.0.25 from\n\n[10.0.0.25 iFix - IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.25&platform=All&function=aparId&apars=IT39458> \"10.0.0.25 iFix - IBM Fix Central\" ) \n \n## Workarounds and Mitigations\n\nIn addition to the fix listed in the table above IBM also strongly recommends applying the remediation described below to the Integration Toolkit. **Note this remediation should be applied to IBM App Connect Enterprise V11.0.0.0 to V11.0.0.16** \n \nDelete the following file: \n$MQSI_FILEPATH/tools/plugins/org.apache.log4j_<version>.v<datestamp>.jar \n \nWhere version is a 3 digit log4j version number and <datestamp> is the build date of the plugin. For example: \norg.apache.log4j_1.2.15.v201012070815.jar \n \nNote that after applying this remediation it is not possible to install new patterns in the pattern explorer or install new features / software using the eclipse \"Install Software or Update\" dialog boxes.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-28T10:30:08", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-01-28T10:30:08", "id": "391497C0561245DDD642355186334454720532967F235718B715C33BDAC8C78A", "href": "https://www.ibm.com/support/pages/node/6529056", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:42", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Log4j 1.2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.0.3 \nWatson Discovery| 2.0.0-2.2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.0.4 \n\nUpgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-6\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T04:22:28", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j 1.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2021-12-17T04:22:28", "id": "292F5BAC93F853B8BBA2A930CAE27FA661DE46B781E89708C9F85D54E38DEFC3", "href": "https://www.ibm.com/support/pages/node/6526478", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:56:55", "description": "## Summary\n\nLog4j is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE (CVE-2021-4104)\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Integrated Analytics System| 1.0.0-1.0.27.0 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying below security patch.**\n\nProduct| VRMF| Remediation / First Fix \n---|---|--- \nIBM Integrated Analytics System | 7.9.21.12.SP6| [Link to fix central](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FIBM+Integrated+Analytics+System&fixids=7.9.21.12.SP6-IM-IIAS-fp145&source=SAR> \"Link to fix central\" ) \n \n * Please follow the steps given in **[release notes](<https://www.ibm.com/docs/en/ias?topic=notes-security-patch-release> \"\" )** to upgrade the system with security patches \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-16T07:13:49", "type": "ibm", "title": "Security Bulletin: Log4j vulnerability affects IBM Integrated Analytics System.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-02-16T07:13:49", "id": "3488E915423ECEBD3018203FEB042F8318BC4BC8817DD4B6762443657F27D739", "href": "https://www.ibm.com/support/pages/node/6526166", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:53:42", "description": "## Summary\n\nIBM Security Guardium has resolved CVE-2021-4104 with an appliance patch. Apache log4j is used as part of its logging infrastructure. The patch removes log4j 1.x from the Guardium system and replaces it with log4j2 V2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Guardium| 10.5 \nIBM Security Guardium| 10.6 \nIBM Security Guardium| 11.0 \nIBM Security Guardium| 11.1 \nIBM Security Guardium| 11.2 \nIBM Security Guardium| 11.3 \nIBM Security Guardium| 11.4 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the applicable patch.\n\n** Product**| **Versions**| ** Fix** \n---|---|--- \nIBM Security Guardium| 10.5| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p550_Bundle_Mar-27-2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p550_Bundle_Mar-27-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 10.6| \n\n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p690_Bundle_Mar-09-2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p690_Bundle_Mar-09-2022&includeSupersedes=0&source=fc>) \n \nIBM Security Guardium| 11.0| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p45_Bundle_May-03-2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p45_Bundle_May-03-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.1| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p160_Bundle_Mar-23-2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p160_Bundle_Mar-23-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.2| \n\n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p270_Bundle_Feb-24-2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p270_Bundle_Feb-24-2022&includeSupersedes=0&source=fc>) \n \nIBM Security Guardium| 11.3| \n\n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p360_Bundle_Mar-24-2022&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p360_Bundle_Mar-24-2022&includeSupersedes=0&source=fc>) \n \nIBM Security Guardium| 11.4| \n\n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p422_CVE-2021-4104-Log4j-2.17.1&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p422_CVE-2021-4104-Log4j-2.17.1&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T16:22:15", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is vulnerable to arbitrary code execution due to Apache log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-05-11T16:22:15", "id": "4D64B63A4F0E352D01AE83B8439314D9AB2CE9D2A7C6840F1B20FFB4E0BD61A3", "href": "https://www.ibm.com/support/pages/node/6563561", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:50:30", "description": "## Summary\n\nIBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104. Apache Log4j is used by IBM Security Identity Manager virtual appliance as part of its logging infrastructure. This fix upgrades to Apache Log4j v2.17.1, as well as upgrading the other vulnerable components listed below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** IBM X-Force ID: **177835 \n** DESCRIPTION: **Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker could exploit this vulnerability using a method call to obtain sensitive information. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177835>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** IBM X-Force ID: **217225 \n** DESCRIPTION: **Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace() method, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/217225 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217225>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Identity Manager Virtual Appliance| 7.0.2 \nIBM Security Identity Manager Virtual Appliance| 7.0.1 \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\n**Affected Product(s)**| **Version(s)**| **Fix Availability** \n---|---|--- \nIBM Security Identity Manager Virtual Appliance| 7.0.2| \n\n[7.0.2-ISS-SIM-FP0005](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.2-ISS-SIM-FP0005&source=SAR&function=fixId&parent=IBM%20Security> \"7.0.2-ISS-SIM-FP0005\" ) \n \nIBM Security Identity Manager Virtual Appliance| 7.0.1| \n\n[7.0.1-ISS-SIM-FP0017](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Identity+Manager&fixids=7.0.1-ISS-SIM-FP0017&source=SAR&function=fixId&parent=IBM%20Security> \"7.0.1-ISS-SIM-FP0017\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-03T16:10:05", "type": "ibm", "title": "Security Bulletin: IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j and issues in other open source components (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-08-03T16:10:05", "id": "C3C5FE937F9B39A4332DECDB77B6C1455F6CC418EFB6C64C1E780755E7FD1E3B", "href": "https://www.ibm.com/support/pages/node/6610078", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:52:02", "description": "## Summary\n\nA vulnerability was identified within the Apache Log4j library that is used by IBM Hyper-Scale Manager (HSM) for IBM FlashSystem A9000/A9000R, IBM XIV Storage System models 114/214/314, and IBM Spectrum Accelerate. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/215048> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Hyper-Scale Manager | lower than 5.5.4 \n \n## Remediation/Fixes\n\nUpgrade to IBM Hyper-Scale Manager 5.5.4.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T19:09:38", "type": "ibm", "title": "Security Bulletin: IBM Hyper-Scale Manager (HSM) is affected by a vulnerability in Apache Log4j (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104"], "modified": "2022-06-22T19:09:38", "id": "902F7607CB7B0F5850701264764BF02D898EFF65A72CDC73B37E92F64BCCBCDB", "href": "https://www.ibm.com/support/pages/node/6536706", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:44", "description": "## Summary\n\nIBM Operations Analytics Predictive Insights is affected by the Apache Log4j vulnerability through the WebSphere Application Server (WAS) component. There is a separate security bulletin (linked below) that describes vulnerabilities (CVE-2021-4104, CVE-2021-45046) in the Apache Log4j library as used by WebSphere Application Server. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version(s}** \n---|--- \nIBM Operations Analytics Predictive Insights - All| Websphere Application Server 8.5 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities in IBM Operations Analytics Predictive Insights by upgrading IBM WebSphere Application Server now.**\n\nPlease use the instructions and full details disclosed in this security bulletin: [Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-30T10:45:22", "type": "ibm", "title": "Security Bulletin: IBM Operations Analytics Predictive Insights impacted by Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-30T10:45:22", "id": "053134070CB8D6609B7F157DC74146FFBCB3EBE941406A677E889C3CAF773364", "href": "https://www.ibm.com/support/pages/node/6537584", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:59:08", "description": "## Summary\n\nThere are vulnerabilities in Apache log4j2 used by IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA. IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA have addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Spectrum LSF Suite| 10.2 \nIBM Spectrum Suite for HPA| 10.2 \n \n## Remediation/Fixes\n\nPatch will be released once available.\n\n## Workarounds and Mitigations\n\nIBM strongly recommends addressing the vulnerability now by executing these manual steps:\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation \n \n---|---|---|--- \n \nSpectrum LSF Suite\n\nSpectrum LSF Suite for HPA\n\n| \n\n10.2\n\n| \n\nNone\n\n| \n\nDo following steps on all GUI hosts.\n\nremove the JndiLookup.class from log4j-core-*.jar\n\n1). find /opt/ibm -name \"log4j-core-*.jar\" -exec zip -q -d {} org/apache/logging/log4j/core/lookup/JndiLookup.class \\;\n\n2). reboot services\n\nsystemctl restart lsfd\n\nsystemctl restart elasticsearch-for-lsf\n\nsystemctl restart filebeat-for-lsf\n\nsystemctl restart logstash-for-lsf\n\nsystemctl restart metricbeat-for-lsf\n\nperfadmin stop all\n\nperfadmin start all\n\npmcadmin stop\n\npmcadmin start \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-22T00:03:19", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache log4j2 (CVE-2021-4104, CVE-2021-44228, CVE-2021-45046) affect IBM Spectrum LSF Suite and IBM Spectrum LSF Suite for HPA", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-22T00:03:19", "id": "261D21204C9E2060DE70CAB5932236C5EFB2EE37E8BD5A2C64CC6F1DFE9C5D11", "href": "https://www.ibm.com/support/pages/node/6527748", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:59:44", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. A remote attacker with control over Thread Context Map (MDC) input data or a Thread Context Map pattern to exploit this vulnerability to craft malicious input data using a JNDI Lookup pattern and cause a denial of service. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nPrincipal product and version| Affected product and version \n---|--- \nBusiness Monitor V8.5.7| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.6| WebSphere Application Server V8.5.5 \nBusiness Monitor V8.5.5| WebSphere Application Server V8.5.5 \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin [Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-17T10:36:59", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-17T10:36:59", "id": "6FBF074F8D8E8E6000FCF6488B84CA43AEFB7DEF10B2CEFF0E7D0AE1140ADA41", "href": "https://www.ibm.com/support/pages/node/6527804", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:59:18", "description": "## Summary\n\nThere is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application and used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. This has been addressed in IBM WebSphere Application Server by removing log4j from the Admin Console and UDDI Registry application. This has been addressed in IBM WebSphere Application Server Liberty for z/OS by removing log4j from the zosConnect-1.0 and zosConnect-1.2 features.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. A remote attacker with control over Thread Context Map (MDC) input data or a Thread Context Map pattern to exploit this vulnerability to craft malicious input data using a JNDI Lookup pattern and cause a denial of service. \nCVSS Base score: 9.0 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nWebSphere Application Server Liberty | Continuous delivery \nWebSphere Application Server | 9.0 \nWebSphere Application Server | 8.5 \nWebSphere Application Server | 8.0 \nWebSphere Application Server | 7.0 \n \n## Remediation/Fixes\n\nThe recommended solution is to apply the interim fix, Fix Pack or PTF containing the APAR PH42762 for each named product as soon as possible. \n\n**For WebSphere Application Server Liberty 17.0.0.3 - 21.0.0.12 using the zosConnect-1.0 or zosConnect-1.2 feature: **\n\n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686>) \n\\--OR-- \n\u00b7 Apply Fix Pack 22.0.0.1 or later (when available).\n\n**For WebSphere Application Server traditional:**\n\n**For V9.0.0.0 through 9.0.5.10:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686> \"PH42762\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.11 or later (when available). \n\n**For V8.5.0.0 through 8.5.5.20:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686> \"PH42762\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.21 or later (when available).\n\n**For V8.0.0.0 through 8.0.0.15:** \n\u00b7 Upgrade to 8.0.0.15 and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686> \"PH42762\" ) \n\n\n**For V7.0.0.0 through 7.0.0.45:** \n\u00b7 Upgrade to 7.0.0.45 and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686> \"PH42762\" ) \n\n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n**Required next steps:**\n\n1) If the **UDDI Registry Application** is running on the WebSphere Application Server, then after applying the Interim Fix PH42762, **redeploy the UDDI Registry Application**.\n\n2) The \"kc.war\" application is removed from the installableApps/ directory by this fix. If this application has been installed (deployed) to any application server (separately from isclite.ear), it must be **manually** **uninstalled** via the the Admin Console or wsadmin. For instructions on how to determine if kc.war is installed see question Q9 in our Log4Shell (CVE-2021-44228) [FAQ](<https://www.ibm.com/support/pages/node/6525860>).\n\n_Note: WebSphere Application Server V7.0 and V8.0 are no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nIf the interim fixes in PH42762 cannot be applied immediately, then follow **ALL **of the temporary mitigation steps below. Due to the severity, complexity, and evolving nature of the situation, no mitigation is recommended as a substitute for patching. \n\nPH42762 only applies to a minimum fix pack level of 7.0.0.45, 8.0.0.15, 8.5.5.11, and 9.0.5.3. For any customer not on those minimum fix pack levels, IBM recommends upgrading to at least the minimum fix pack and applying the interim fix. If a customer cannot apply the interim fix, they may choose to apply the following temporary workaround to manually remove copies of log4j that this interim fix removes:\n\n 1. WebSphere Application Server traditional release 9.0 only: \n * Remove <WAS_HOME>/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j*.jar from any system running the WebSphere admin console and restart the application server. \n**Note:** If any future service (prior to 8.5.5.21 or or 9.0.5.11) is applied to the install the log4j files will be restored without warning.\n * If the kc.war application has been installed then uninstall it. For instructions on how to determine if kc.war is installed see question Q9 in our Log4Shell (CVE-2021-44228) [FAQ](<https://www.ibm.com/support/pages/node/6525860>).\n * Remove <WAS_HOME>/installableApps/kc.war \n 2. All WebSphere Application Server traditional releases: \n * Users of the UDDI Registry Application: Remove log4j*.jar from within the <WAS_HOME>/installableApps/uddi.ear archive and update (redeploy) any installed (deployed) copies of the UDDI Registry application.\n * Users who do not use the UDDI Registry Application should remove <WAS_HOME>/installableApps/uddi.ear \n 3. WebSphere Liberty for z/OS users running zosConnect-1.0 or zosConnect-1.2: \n * Remove the _fileSystemloggerInterceptor_ configuration element if present in the server configuration.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-21T14:58:17", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-21T14:58:17", "id": "AAB14D78054A85A0638FC4EFD7F09686429CB02C6B45FF1ECAFA55C27A050635", "href": "https://www.ibm.com/support/pages/node/6526750", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:55:30", "description": "## Summary\n\nA new vulnerability with log4j has been detected. MAS Monitor uses log4j in all releases and interim fixes are now available for our 8.4, 8.5 and 8.6 releases. More details of the vulnerability are available here: https://nvd.nist.gov/vuln/detail/CVE-2021-44228\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nMonitor Component| All \n \n\n\n## Remediation/Fixes\n\nTo receive the interim fix update your Red Hat OpenShift deployments for each of the Monitor API pods to point to the newly published fix image in IBM Cloud Registry.\n\nSteps:\n\nFirst, disable the Monitor operator by decrementing the number of pods instantiated by the operator deployment from 1 to 0. \n\nNow go each of these 5 deployments: rest-meta, rest-kpi, rest-master, rest-datalake and rest-dscmanager. \n\n \n\n\nChange the image tag from the released version to this image version\n\n \n\n\nFor 8.6:\n\n8.6.2-pre.8.6.hotfix\n\n \n\n\nFor 8.5:\n\n8.5.7-pre.8.5.hotfix\n\n \n\n\nFor 8.4:\n\n8.4.12-pre.8.4.hotfix\n\nAfter the pods restart the interim fix has been applied\n\n \n\n\nMove to this directory on each pod. \n \n \n cd /opt/was/liberty/wlp/usr/servers/default/dropins\n\nList the files in the war. \n \n \n unzip -l *.war\n\nVerify your log4j.jar is version 2.15.0.\n\n \n\n\n**Reenable your operator to automatically install/receive future fixpacks as they are released on OLM.**\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-28T17:37:28", "type": "ibm", "title": "Security Bulletin: MAS Monitor 8.4, 8.5, and 8.6 log4j", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2022-03-28T17:37:28", "id": "822A5D5DDFBAB14222D402C61CEAC1259D980506DB6102BD80EB619551AE1961", "href": "https://www.ibm.com/support/pages/node/6566913", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:54:16", "description": "## Summary\n\nThere is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application and used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. This has been addressed in IBM WebSphere Application Server by removing log4j from the Admin Console and UDDI Registry application. This has been addressed in IBM WebSphere Application Server Liberty for z/OS by removing log4j from the zosConnect-1.0 and zosConnect-1.2 features.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Master Data Management| 12.0 \n \nInfoSphere Master Data Management\n\n| 11.6 \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nInfoSphere Master Data Management v11.6, v12.0| IBM WebSphere Application Server version 9.0.| [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-apache-log4j-affect-ibm-websphere-application-server-and-ibm-websphere-application-server-liberty-cve-2021-4104-cve-2021-45046> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-27T10:23:01", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2022-04-27T10:23:01", "id": "209DDCAB6F475A868DA84DD19D31132027FF62B259B6541CA0C9859AD7CF6ED3", "href": "https://www.ibm.com/support/pages/node/6539552", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-22T13:36:16", "description": "## Summary\n\nApache Log4j is used for logging in multiple components of the IBM Cloud Pak System (CPS) appliance: Logstash, VMware vCenter, IBM Hardware Management Console and product pattern type (pType). Arbitrary code execution vulnerabilities have been identified in Apache Log4j.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak System Software Suite| 2.3.3.0 \nIBM Cloud Pak System| 2.3 \nIBM Cloud Pak System| 2.3.1.1, 2.3.2.0 \n \n## Remediation/Fixes\n\nFor unsupported version/release/platform IBM recommends upgrading to a fixed, supported version of the product.\n\nIn response to vulnerability, IBM Cloud Pak System fixed releases as the following with supporting products, \n\n\\- for Logstash IBM Cloud Pak System release IBM Cloud Pak System v2.3.3.4 update plugin to Logstash v7.16.3.\n\n\\- for Spectrum Scale pattern Type (pType) IBM Cloud Pak System v2.3.3.4 update pType to include Spectrum Scale 5.0.5.12. \n\n\\- for vCenter IBM Cloud Pak System release IBM Cloud Pak System v2.3.3.5 update vCenter image to vCenter 6.7 U3q.\n\n\\- for Hardware Management Console (HMC) IBM Cloud Pak System release IBM Cloud Pak System v.3.3.3.7 update HMC Power Image 8.7.0 Service Pack 3 to include Log4j 2.17.1.\n\n\\- for Cloud Pak System instances found log4jv1 (CVE-2021-4104) occurrences Cloud Pak System update instances to Log4j 2.17.1 . \n\n**IBM strongly recommends addressing the vulnerability now.**\n\nFor IBM Cloud Pak System V2.3.0 through to V2.3.3.4 upgrade to IBM Cloud Pak System V2.3.3.5 for Intel at [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/IBM+Cloud+Pak+System&release=2.3.3.5&platform=All&function=all>)\n\nFor IBM Cloud Pak System V2.3.1.1, V2.3.2.0 upgrade to IBM Cloud Pak System V2.3.3.7 for Power which ship with [target availability June 23, 2023] at [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/IBM+Cloud+Pak+System&release=2.3.3.7&platform=All&function=all>)\n\nInformation on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-06-22T11:45:26", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2023-06-22T11:45:26", "id": "CFDD5A9C7B8C9F6AFEAF6B1C68FF8C11BEADF52EE2E731CBCD194CACB1898BD6", "href": "https://www.ibm.com/support/pages/node/6537856", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:59:47", "description": "## Summary\n\nThere is a vulnerability in the Apache Log4j open source library used by WebSphere Application Server. This affects the WebSphere Application Server Admin Console and the UDDI Registry Application. This vulnerability has been addressed.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nWebSphere Application Server | 9.0 \nWebSphere Application Server | 8.5 \n \n## Remediation/Fixes\n\nThe fix in this bulletin has been superseded by bulletin [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750>) The recommended solution is to install interim fix [PH42762](<https://www.ibm.com/support/pages/node/6526686>).\n\n**For WebSphere Application Server traditional:**\n\n**For V9.0.0.0 through 9.0.5.10:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH42728](<https://www.ibm.com/support/pages/node/6525672> \"PH42728\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 9.0.5.11 or later (when available). \n\n**For V8.5.0.0 through 8.5.5.20:** \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH42728](<https://www.ibm.com/support/pages/node/6525672> \"PH42728\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.21 or later (when available). \n\nAdditional interim fixes may be available and linked off the interim fix download page.\n\n**Required next steps:**\n\n1) If the **UDDI Registry Application** is running on the WebSphere Application Server, then after applying the Interim Fix PH42728, **redeploy the UDDI Registry Application**.\n\n2) The \"kc.war\" application is removed from the installableApps/ directory by this fix. If this application has been installed (deployed) to any application server (separately from isclite.ear), it must be **manually** **uninstalled** via the the Admin Console or wsadmin.\n\n**Additional recommendations:**\n\nFollow these additional steps while you are assessing your enterprise applications for log4j2 usage:\n\n1\\. _Recommended_: Update the IBM\u00ae SDK, Java\u2122 Technology Edition maintenance to the latest recommended fix pack, or a minimum of 7.0.10.35, 7.1.4.35, or 8.0.5.25 You can get the latest IBM Java fix pack for WebSphere here: <https://www.ibm.com/support/pages/node/587245> (9.0) & <https://www.ibm.com/support/pages/node/6209712> (8.5)\n\n2\\. Set the JVM custom property **log4j2.formatMsgNoLookups **to the value **true**\n\n * For information on setting custom JVM custom properties in WebSphere Application Server, see <https://www.ibm.com/docs/en/was-nd/9.0.5?topic=jvm-java-virtual-machine-custom-properties>\n * After setting the JVM custom property, restart the application server.\n\n**Note: **WebSphere Application Server 7.0 and 8.0 reached End of Support on April 30, 2018 and the embedded IBM Java SDK is no longer receiving security updates. Current information is that the version of log4j included in WebSphere Application Server 7.0 and 8.0 is not impacted by CVE-2021-44228. IBM recommends all users running 7.0 and 8.0 upgrade to 8.5.5, 9.0 or WebSphere Liberty.\n\n## Workarounds and Mitigations\n\n**For WebSphere Application Server v9.0 and V8.5:**\n\nIf the interim fixes in PH42728 cannot be applied immediately, then follow **ALL **of the temporary mitigation steps below:\n\n1\\. _Recommended_: Update the IBM\u00ae SDK, Java\u2122 Technology Edition maintenance to the latest recommended fix pack, or a minimum of 7.0.10.35, 7.1.4.35, or 8.0.5.25. You can get the latest IBM Java fix pack for WebSphere here: <https://www.ibm.com/support/pages/node/587245> (9.0) & <https://www.ibm.com/support/pages/node/6209712> (8.5)\n\n2\\. For WebSphere Application Server v9.0 only: Remove **<WAS_HOME>/systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j*.jar** from any system running the WebSphere admin console\n\n * The files will need to be removed again if fixpacks are applied prior to PH42728 being installed.\n * After removing the files, restart the application server running the Admin Console.\n\n3\\. Set the JVM custom property **log4j2.formatMsgNoLookups **to the value **true**\n\n * For information on setting custom JVM custom properties in WebSphere Application Server, see <https://www.ibm.com/docs/en/was-nd/9.0.5?topic=jvm-java-virtual-machine-custom-properties>\n * After setting the JVM custom property, restart the application server.\n\n4\\. If the \"kc.war\" application has been installed (deployed) to any application server (separately from isclite.ear), it must be **manually** **uninstalled** via the the Admin Console or wsadmin. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-16T15:24:06", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-16T15:24:06", "id": "5EB805FBA32A419246DDD86FFCA6C34246C092FCBCD8608B3ABC4B0A77FFDAA2", "href": "https://www.ibm.com/support/pages/node/6525706", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:55", "description": "## Summary\n\nTivoli Netcool/OMNIbus WebGUI may be impacted by the vulnerability Apache Log4j (CVE-2021-44228) through the use of Log4j-api. Also, Tivoli Netcool/OMNIbus WebGUI uses IBM Jazz for Service Management and Websphere Application Server (WAS) component/product which are affected. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Products| Versions \n---|--- \nTivoli Netcool/OMNIbus Web GUI| 8.1 GA - 8.1.0.25 \nIBM Jazz for Service Manager| 1.1.3.0 - 1.1.3.13 \nWebsphere Application Server (WAS)| 8.5 - 9.0 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now. \n\nBased upon current knowledge and analysis Tivoli Netcool/OMNIbus WebGUI does not use Apache log4j-core library which is vulnerable to CVE-2021-44228. It may still be impacted because log4j-api may be used in the application as this library is also part of same Apache Log4j package. \n\nPlease note in the steps below that $JazzSMHOME denotes the home directory where JazzSM is installed.\n\n 1. As per recommendation by Websphere Application Server (WAS), security bulletin [Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server \\(CVE-2021-4104, CVE-2021-45046\\)\" ) supersedes [Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228).](<https://www.ibm.com/support/pages/node/6525706> \"Vulnerability in Apache Log4j affects WebSphere Application Server \\(CVE-2021-44228\\)\" )\n 2. As per recommendation by IBM Jazz for Service Manager (JazzSM), security bulletin [IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability(CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6527246> \"IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability\\(CVE-2021-44228\\)\" ). \n 3. Upgrade Tivoli Netcool/OMNIbus WebGUI to the appropriate version, that would support the corresponding Websphere Application Server (WAS) fix pack and IBM Jazz for Service Manager (JazzSM) fix pack installed. See table 3, in <https://www.ibm.com/docs/en/netcoolomnibus/8.1?topic=upgrade-web-gui-installation-prerequisites> \n\n * If you are running Websphere Application Server 8.5.5.20 and IBM Jazz Service Manager 1.1.3.13, then you must also upgrade to Tivoli Netcool/OMNIbus WebGUI 8.1.0.25.\n 4. If you are running Tivoli Netcool/OMNIbus WebGUI 8.1.0.11 (or higher), which contains the log4j-api-2*.jar file: \n\n 1. Stop the JazzSM server, eg. $JazzSMHOME/profile/bin/stopServer.sh server1\n 2. Move log4j-api-2*.jar file in the deployed OMNIbusWebGUI.war directoy, to an archive directory outside of $JazzSMHOME \n\n * For instance, $JazzSMHOME/profile/installedApps/installedApps/JazzSMNode01Cell/isc.ear/OMNIbusWebGUI.war/WEB-INF/lib/log4j-api-2*.jar\n 3. Start the JazzSM server, eg. $JazzSMHOME/profile/bin/startServer.sh server1\n 5. If you are running Tivoli Netcool/OMNIbus WebGUI prior to 8.1.0.11, no further action is required.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-23T06:01:22", "type": "ibm", "title": "Security Bulletin: Tivoli Netcool/OMNIbus WebGUI is vulnerable to Apache log4j vulnerability (CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-23T06:01:22", "id": "05A1D58708802BF8C1674EE32BEC4344254929330218CAD68AA838AA7F549BF7", "href": "https://www.ibm.com/support/pages/node/6528410", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:52:26", "description": "## Summary\n\nMultiple vulnerabilities have been identified within the Apache Log4j library that is used within IBM Tivoli Netcool/OMNIbus Common Integration Libraries. These vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool/OMNIbus Integration - Transport Module Common Integration Library| common-transportmodule-12_0 up to and including common-transportmodule-33_0 \nIBM Tivoli Netcool/OMNIbus Integration - Java Netcool Utility Library| common-jnetcool-7_0 up to and including common-jnetcool-8_0 \n \n## Remediation/Fixes\n\nUpdated Product(s)| Version(s)| Remediation/Fix/Instructions \n---|---|--- \nIBM Tivoli Netcool/OMNIbus Integration - Transport Module Common Integration Library| common-transportmodule-33_2 or later| Refer to the [release notice](<https://www.ibm.com/support/pages/node/256461> \"release notice\" ) for the part number of the new package and instructions for the upgrade \nIBM Tivoli Netcool/OMNIbus Integration - Java Netcool Utility Library| common-jnetcool-8_2 or later| Refer to the [release notice](<https://www.ibm.com/support/pages/node/255019> \"release notice\" ) for the part number of the new package and instructions for the upgrade \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-06-13T10:34:53", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities have been identified in Apache Log4j shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2022-06-13T10:34:53", "id": "B431011ABF67E8DD4F4E3E4C9F9FD0B1E6E07733191BA7206314070644F2CAF0", "href": "https://www.ibm.com/support/pages/node/6536868", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:59:05", "description": "## Summary\n\nThere is a vulnerability in Apache Log4j2 used by IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center. IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center have addressed the applicable CVE. Customers are encouraged to take action by executing the mitigation steps.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Spectrum LSF Application Center| 10.2 \nIBM Spectrum LSF Explorer| 10.2 \n \n## Remediation/Fixes\n\nPatch will be released once available.\n\n## Workarounds and Mitigations\n\n**IBM strongly recommends addressing the vulnerability now by executing these steps:**\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/First Fix \n \n---|---|---|--- \n \nSpectrum LSF Application Center\n\n| \n\n10.2\n\n| \n\nNone\n\n| \n\nRemove the JndiLookup.class from log4j-core-*.jar file\n\n1). find $PMC_TOP -name \"log4j-core-*.jar\" -exec zip -q -d {} org/apache/logging/log4j/core/lookup/JndiLookup.class \\;\n\n2). reboot services\n\nperfadmin stop all;perfadmin start all\n\npmcadmin stop;pmcadmin start \n \nSpectrum LSF Explorer\n\n| \n\n10.2\n\n| \n\nNone\n\n| \n\nRemove the JndiLookup.class from log4j-core-*.jar file\n\n1). find $PMC_TOP/../../ -name \"log4j-core-*.jar\" -exec zip -q -d {} org/apache/logging/log4j/core/lookup/JndiLookup.class \\;\n\n2). reboot services\n\nperfadmin stop all;perfadmin start all\n\npmcadmin stop;pmcadmin start\n\nsystemctl restart elasticsearch-for-lsf \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-22T06:47:03", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Log4j2 affect IBM Spectrum LSF Explorer and IBM Spectrum LSF Application Center", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-22T06:47:03", "id": "04D3658F043D6F4A2AA1B2F519A7E89C112641C7C4E2E58E14BEC11BA66E803D", "href": "https://www.ibm.com/support/pages/node/6527746", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:07", "description": "## Summary\n\nIBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.1.1.x and 4.2.0.x. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.1.1.x \nITNM| 4.2.0.x \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNM| 4.1.1.x| \n\n[Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty\" )\n\nSee section: For V9.0.0.0 through 9.0.5.10:\n\nSee section: For V8.5.0.0 through 8.5.5.20:\n\nSee section: For V8.0.0.0 through 8.0.0.15:\n\nSee section: For V7.0.0.0 through 7.0.0.45: \n \nITNM| 4.2.0.x| \n\n[Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty\" )\n\nSee section: For V9.0.0.0 through 9.0.5.10:\n\nSee section: For V8.5.0.0 through 8.5.5.20:\n\nSee section: For V8.0.0.0 through 8.0.0.15:\n\nSee section: For V7.0.0.0 through 7.0.0.45: \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-13T05:24:54", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2022-01-13T05:24:54", "id": "747C7023F8D283A88FE9778F37629C7BF2E2A7E5268A695905F9F28590BF76D3", "href": "https://www.ibm.com/support/pages/node/6540526", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:59:07", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Case Manager| 5.3CD \nIBM Case Manager| 5.2.1 \nIBM Case Manager| 5.2.0 \nIBM Case Manager| 5.1.1 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-22T07:09:10", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-22T07:09:10", "id": "023C54E1D297D5AA9E7F44F8089DE35CB079281FA1776467BF8B7A7AD4FE252E", "href": "https://www.ibm.com/support/pages/node/6527332", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:59", "description": "## Summary\n\nSome version of Tivoli Netcool/OMNIbus WebGUI uses Apache log4j-api library which has multiple vulnerabilities to CVE-2021-4104 and CVE-2021-45046, recommendation is to remove it if exists. Also, Tivoli Netcool/OMNIbus WebGUI uses IBM Jazz for Service Management and Websphere Application Server (WAS) component/product which are affected. Information about this security vulnerability affecting IBM Jazz for Service Management and Websphere Application Server (WAS) has been published in different security bulletins\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nTivoli Netcool/OMNIbus Web GUI| 8.1 GA - 8.1.0.25 \nIBM Jazz for Service Manager (JazzSM)| 1.1.3.0 - 1.1.3.13 \nWebsphere Application Server (WAS)| 8.5 - 9.0 \n \n## Remediation/Fixes\n\nPlease note in the steps below that $JazzSMHOME denotes the home directory where JazzSM is installed.\n\n 1. As per recommendation by Websphere Application Server (WAS), security bulletin [Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server \\(CVE-2021-4104, CVE-2021-45046\\)\" ) The recommended solution is to install interim fix [PH42762](<https://www.ibm.com/support/pages/node/6526686>). \n\n * If you are running WebSphere Application Server 8.5.5.11 to 8.5.5.20 or 9.0.5.3 or above, the interim fix [PH42762 ](<https://www.ibm.com/support/pages/node/6526686>)can be applied.\n * If you are running WebSphere Application Server prior to 8.5.5.11, WebSphere Application Server must be upgraded prior to applying the interim fix [PH42762](<https://www.ibm.com/support/pages/node/6526686>)\n 2. As per recommendation by IBM Jazz for Service Manager (JazzSM), security bulletin [IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability(CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6527246> \"IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability\\(CVE-2021-44228\\)\" ). \n\n * If you are running IBM Jazz for Service Manager 1.1.3.10 to 1.1.3.13, along with WebSphere Application Server 8.5.5.18 to 8.5.5.20 or 9.0.5.6 to 9.0.5.9, the interim fix [JazzSM 1.1.3.13 iFix01](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"JazzSM 1.1.3.13 iFix01\" ) can be applied.\n * If you are running IBM Jazz for Service Manager 1.1.3 to 1.1.3.9, along with WebSphere Application Server 8.5.5.9 to 8.5.5.18 or 9.0.5.3, IBM Jazz for Service Manager must be upgraded prior to applying the interim fix [JazzSM 1.1.3.13 iFix01](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"JazzSM 1.1.3.13 iFix01\" )\n * For if you have upgraded to WebSphere Application Server 8.5.5.20 with interim fix [PH42762](<https://www.ibm.com/support/pages/node/6526686>). Then you should also upgrade to JazzSM 1.1.3.13, then apply the interim fix [JazzSM 1.1.3.13 iFix01](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"JazzSM 1.1.3.13 iFix01\" )\n 3. Upgrade Tivoli Netcool/OMNIbus WebGUI to the appropriate version, that would support the corresponding Websphere Application Server (WAS) fix pack and IBM Jazz for Service Manager (JazzSM) fix pack installed. See table 3, in <https://www.ibm.com/docs/en/netcoolomnibus/8.1?topic=upgrade-web-gui-installation-prerequisites> \n\n * If you are running Websphere Application Server 8.5.5.20 and IBM Jazz Service Manager 1.1.3.13, then you must also upgrade to Tivoli Netcool/OMNIbus WebGUI 8.1.0.25.\n 4. If you are running Tivoli Netcool/OMNIbus WebGUI 8.1.0.11 (or higher), which contains the log4j-api-2*.jar file: \n\n 1. Stop the JazzSM server, eg. $JazzSMHOME/profile/bin/stopServer.sh server1\n 2. Move log4j-api-2*.jar file in the deployed OMNIbusWebGUI.war directoy, to an archive directory outside of $JazzSMHOME \n\n * For instance, $JazzSMHOME/profile/installedApps/installedApps/JazzSMNode01Cell/isc.ear/OMNIbusWebGUI.war/WEB-INF/lib/log4j-api-2*.jar\n 3. Start the JazzSM server, eg. $JazzSMHOME/profile/bin/startServer.sh server1\n 5. If you are running Tivoli Netcool/OMNIbus WebGUI prior to 8.1.0.11, no further action is required.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-23T01:03:40", "type": "ibm", "title": "Security Bulletin: Tivoli Netcool/OMNIbus WebGUI has multiple vulnerabilities in Apache log4j (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-23T01:03:40", "id": "9B0F66C4EFFAAF9FDB1B504C2B624740D85D778570BFE202D803740E0C99076C", "href": "https://www.ibm.com/support/pages/node/6528426", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:50", "description": "## Summary\n\nIBM WebSphere\u00ae Application Server is shipped with IBM\u00ae Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM\u00ae Intelligent Operations Center (IOC)| \n\nV1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3 \n \nIBM\u00ae Intelligent Operations Center for Emergency Management | V1.6 \n \n## Remediation/Fixes\n\nDownload the correct version of the fix from the following link: [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ). Installation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-23T18:34:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-4104, CVE-2021-45046).", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-23T18:34:02", "id": "DE8C5DCB7F07498942725CF8F7905DBA001C7B89D3D36370CC303A274CB9A8EB", "href": "https://www.ibm.com/support/pages/node/6528314", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:59:47", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. A remote attacker with control over Thread Context Map (MDC) input data or a Thread Context Map pattern to exploit this vulnerability to craft malicious input data using a JNDI Lookup pattern and cause a denial of service. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \nIBM WebSphere Application Server Patterns, all versions| WebSphere Application Server: \n\n * 9.0\n * 8.5\n * 8.0\n * Liberty \n \n \n\n\n## Remediation/Fixes\n\nPlease consult the following security bulletin for vulnerability details and information about fixes \n\n * [Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-16T21:14:11", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-16T21:14:11", "id": "9E08A11DD23150C79E969A8FA933F7C903468F74CE144600AC32149CD9CCC3CD", "href": "https://www.ibm.com/support/pages/node/6527326", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:41", "description": "## Summary\n\nApache Log4j is included in WebSphere Application Server Traditional, which is distributed with Stored IQ for Legal. There are multiple Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046) impacting Stored IQ for Legal application. Stored IQ for Legal uses Apache Log4j for logging . These issues are addressed in the Stored IQ for Legal interim fix PH42762 on top of WebSphere 8.5.18 .\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nStoredIQ for Legal| 2.0.3 \n \n\n\n## Remediation/Fixes\n\nApply the interim fix PH42762 on top of WebSphere 8.5.18 to address the log4j vulnerabilities immediately.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-04T06:59:56", "type": "ibm", "title": "Security Bulletin: Stored IQ for Legal is vulnerable to multiple Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2022-01-04T06:59:56", "id": "7AA351B847C7732E8B7AE01A83A77CC863325C3B53A57FDDE54F4DF8D16D14C1", "href": "https://www.ibm.com/support/pages/node/6538068", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:28", "description": "## Summary\n\nIBM Tivoli Netcool Impact and IBM WebSphere Application Server are bundled as components of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM Tivoli Netcool Impact and IBM WebSphere Application Server have been published in security bulletins.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Business Service Manager| 6.2.0 \nIBM Tivoli Business Service Manager for the Enterprise| 6.2.0 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by applying the interim fixes below:\n\n_Principal Product and Version(s)_| _Affected Supporting Product and Version_ \n---|--- \nTivoli Business Service Manager 6.2.0 \nTivoli Business Service Manager for the Enterprise 6.2.0| \n\n**For WebSphere Application Server (WAS) traditional:**\n\n[Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" )\n\nFor V8.5.0.0 through 8.5.5.20: \n\u00b7 Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix [PH42762](<https://www.ibm.com/support/pages/node/6526686> \"PH42762\" ) \n\\--OR-- \n\u00b7 Apply Fix Pack 8.5.5.21 or later fix pack if available. \n \n**For IBM Tivoli Netcool Impact: \n** \n[Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6527266> \"Security Bulletin: Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact \\(CVE-2021-44228\\)\" ) \n \nFor 7.1.0.18 through 7.1.0.24: \nApply Interim Fix [7.1.0-TIV-NCI-IF0010](<https://www.ibm.com/support/pages/node/6536702> \"7.1.0-TIV-NCI-IF0010\" ) \n \n## Workarounds and Mitigations\n\nIBM strongly recommends to apply the interim fixes now.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-06T15:48:44", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerability (CVE-2021-44228) has been identified in IBM Tivoli Netcool Impact and IBM WebSphere Application Server bundled with Tivoli Business Service Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2022-01-06T15:48:44", "id": "A6A496B2E032EDA1F9C9B0D3982C6A52B7D925C02D0F2EFE157394C4851AEBA7", "href": "https://www.ibm.com/support/pages/node/6528944", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:32", "description": "## Summary\n\nIBM Security SiteProtector System is NOT Affected by CVE-2021-44228, CVE-2021-45105, CVE-2021-45046 & CVE-2021-4104 Exploit \n \nIBM SiteProtector System uses log4j-1.2.8 binary. Hence SiteProtector System is not affected by vulnerabilities impacting log4j-2.x versions. \n \nExploiting log4j 1.x version is possible with specific configuration to use JMSAppender to perform JNDI requests. However, SiteProtector do not use JMSAppender in its configurations. Hence SiteProtector System is not affected by vulnerabilities impacting log4j 1.x versions.\n\n## Vulnerability Details\n\n**CVE ID: **CVE-2021-44228 \n**DESCRIPTION: **Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behaviour has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.\n\n**CVE ID: **CVE-2021-45105 \n**DESCRIPTION: **Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.\n\n**CVE ID: **CVE-2021-45046 \n**DESCRIPTION: **It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\n**CVE ID: **CVE-2021-4104 \n**DESCRIPTION: **JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.\n\n## Affected Products and Versions\n\nIBM Security SiteProtector System 3.1.1\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-06T05:32:07", "type": "ibm", "title": "Security Bulletin: IBM Security SiteProtector System is NOT Affected by CVE-2021-44228, CVE-2021-45105, CVE-2021-45046 & CVE-2021-4104 Exploit", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-06T05:32:07", "id": "BBA20026A90E4F85555F0C8BD6248AE07F7DE01D687CD62F0159CF4B22E7DA25", "href": "https://www.ibm.com/support/pages/node/6538014", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:45", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-38951](<https://vulners.com/cve/CVE-2021-38951>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211405](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211405>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Rational ClearCase| 8.0.0 \nIBM Rational ClearCase| 9.0 \nIBM Rational ClearCase| 9.0.1 \nIBM Rational ClearCase| 9.1 \nIBM Rational ClearCase| 9.0.2 \nIBM Rational ClearCase| 8.0.1 \n \n## Remediation/Fixes\n\nRefer to the following security bulletin(s) for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Rational ClearCase.\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Rational ClearCase, versions 8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x, 9.1.x| \n\nIBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0.\n\n| \n\n[Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" )\n\n[Security Bulletin: WebSphere Application Server is vulnerable to a Denial of Service (CVE-2021-38951)](<https://www.ibm.com/support/pages/node/6524674> \"Security Bulletin: WebSphere Application Server is vulnerable to a Denial of Service \\(CVE-2021-38951\\)\" ) \n \n**ClearCase Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n8.0.0.x, 8.0.1.x, 9.0.0.x, 9.0.1.x, 9.0.2.x, 9.1.x| \n\n 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section. Check your installed version of IBM WebSphere Application Server against this bulletin's list of vulnerable versions.\n 2. Identify the latest available fixes (per the bulletin(s) listed above) for the version of WAS used for CCRC WAN server.\n 3. Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n_For 8.0.x and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-29T00:14:31", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2021-4104, CVE-2021-45046, CVE-2021-38951)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38951", "CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-29T00:14:31", "id": "68F256DC5E144D5A2404101E56A66160645897F9BB7E8600047077C626B2FE43", "href": "https://www.ibm.com/support/pages/node/6528836", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:58", "description": "## Summary\n\nIBM QRadar Network Security is NOT Affected by CVE-2021-4104, CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105 exploits. \n \nIBM QRadar Network Security uses WebSphere Liberty as application server. Liberty package contains log4j binaries, however they are not used by Liberty & IBM QRadar Network Security. Since Liberty is not impacted by log4j vulnerabilities, XGS is also not impacted. \n \nhttps://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/ \n\n\n## Vulnerability Details\n\n**CVEID: **CVE-2021-4104 \n**DESCRIPTION: **JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.\n\n**CVEID: **CVE-2021-44228 \n**DESCRIPTION: **Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.\n\n**CVEID: **CVE-2021-45046 \n**DESCRIPTION: **It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\n \n**CVEID: **CVE-2021-45105 \n**DESCRIPTION: **Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3. \n\n\n## Affected Products and Versions\n\nIBM QRadar Network Security 5.4.0\n\nIBM QRadar Network Security 5.5.0\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-23T03:27:47", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Security is NOT Affected by CVE-2021-4104, CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105 exploits", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-23T03:27:47", "id": "7CE0B3947D8196985B00E6EB61ED45938560312360058DDC3063CF3D7BE03A81", "href": "https://www.ibm.com/support/pages/node/6536676", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:57:46", "description": "## Summary\n\nApache Log4j (CVE-2021-45105, CVE-2021-4104, CVE-2021-44228, CVE-2021-45046) is used by IBM Watson Machine Learning Accelerator as part of its logging infrastructure. The fix includes Apache Log4j v2.17.1.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Watson Machine Learning Accelerator| 1.2.2; 1.2.3 \nIBM Watson Machine Learning Accelerator| 2.2.0; 2.2.1 \nIBM Watson Machine Learning Accelerator| 2.3.0; 2.3.1; 2.3.2; 2.3.3; 2.3.4 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now. **\n\n**Affected Product(s)**| **Version(s)**| **Remediation** \n---|---|--- \nIBM Watson Machine Learning Accelerator| 1.2.2; 1.2.3| 1.2.2 fix patch: [wmla-1.2.2-build600973](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+PowerAI+Enterprise&release=All&platform=All&function=fixId&fixids=wmla-1.2.2-build600973&includeSupersedes=0> \"wmla-1.2.2-build600973\" ) \n1.2.3 fix patch: [dli-1.2.3-build600964-wmla](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+PowerAI+Enterprise&release=All&platform=All&function=fixId&fixids=dli-1.2.3-build600964-wmla&includeSupersedes=0> \"dli-1.2.3-build600964-wmla\" ) \n \nIBM Watson Machine Learning Accelerator \n \n| 2.2.0; 2.2.1| To address the vulnerabilities upgrade to IBM Watson Machine Learning Accelerator 2.2.2: <https://www.ibm.com/docs/en/cloud-paks/cp-data/3.5.0?topic=accelerator-upgrading-watson-machine-learning> \nIBM Watson Machine Learning Accelerator| 2.3.0; 2.3.1; 2.3.2; 2.3.3; 2.3.4| To address the vulnerabilities upgrade to IBM Watson Machine Learning Accelerator 2.3.5: <https://www.ibm.com/docs/en/wmla/2.3?topic=installation-install-upgrade> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-21T01:34:55", "type": "ibm", "title": "Security Bulletin: IBM Watson Machine Learning Accelerator is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-4104, CVE-2021-44228, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-21T01:34:55", "id": "F8F03C35A3C8AEA5027E6C01D991D7E1C3A4A0C9EAE0D875ACF760D1D56B8B9C", "href": "https://www.ibm.com/support/pages/node/6549766", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:58:20", "description": "## Summary\n\nMultiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 \n \n\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nJazz for Service Management version 1.1.3 - 1.1.3.13| Websphere Application Server Full Profile 8.5.5 | [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) \nJazz for Service Management version 1.1.3.7 - 1.1.3.13| \n\nWebsphere Application Server Full Profile 9.0\n\n| [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) \n \n## Workarounds and Mitigations\n\nPlease refer to WAS interim fix.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-10T08:04:51", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities in Apache log4j (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-01-10T08:04:51", "id": "EE31BACFE4E2531B3AC2273027A23C49C59978284694658A79B4BC6797F86ACB", "href": "https://www.ibm.com/support/pages/node/6539424", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:38", "description": "## Summary\n\nThere is a vulnerability in the Apache log4j library shipped with WebSphere Service Registry and Repository. This vulnerability also affects IBM WebSphere Application Server which is shipped with WebSphere Service Registry and Repository. For both products this vulnerability has been addressed by removing the log4j library.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-4104](<https://vulners.com/cve/CVE-2021-4104>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215048>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Service Registry and Repository| 8.5.x \n \n\n\n## Remediation/Fixes\n\nFor all versions of WebSphere Service Registry and Repository: \n\n * Upgrade to [WebSphere Service Registry and Repository V8.5.6.3](<https://www.ibm.com/support/pages/node/6564391> \"WebSphere Service Registry and Repository V8.5.6.3\" )\n\nFor IBM WebSphere Application Server consult the following bulletin:\n\n * [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-apache-log4j-affect-ibm-websphere-application-server-and-ibm-websphere-application-server-liberty-cve-2021-4104-cve-2021-45046> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-22T16:08:43", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache log4j affects WebSphere Service Registry and Repository (CVE-2021-4104)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-03-22T16:08:43", "id": "9C638946C07968147BC89DE8BAE5211C4767A334F7213E99654F7C02ADD0E910", "href": "https://www.ibm.com/support/pages/node/6565387", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:57:38", "description": "## Summary\n\nIBM Tivoli System Automation Application Manager is vulnerable to arbitrary code execution due to multiple Apache Log4j (CVE-2021-4104, CVE-2021-45046) vulnerabilities in Webssphere Application Server. The remediation addresses the vulnerabilities by removing Apache Log4j.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 8.5| [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) \nIBM Tivoli System Automation Application Manager 4.1| WebSphere Application Server 9.0| [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-26T16:33:49", "type": "ibm", "title": "Security Bulletin: IBM Tivoli System Automation Application Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-01-26T16:33:49", "id": "F35EB0C55F08CA4C671A4E6D2454A08936C6D1CD868709D0EE04FB71FFC263C1", "href": "https://www.ibm.com/support/pages/node/6551130", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:33", "description": "## Summary\n\nMultiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046). Both the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty products are bundled within IBM Cloud Pak for Applications. There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application and used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. This has been addressed in IBM WebSphere Application Server by removing log4j from the Admin Console and UDDI Registry application. This has been addressed in IBM WebSphere Application Server Liberty for z/OS by removing log4j from the zosConnect-1.0 and zosConnect-1.2 features.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Affected Product(s) and Version(s) | Affected Product(s) and Version(s) \n---|--- \nIBM Cloud Pak for Applications, 4.3| \n\nWebSphere Application Server Liberty\n\n * Continuous Deliver\n\nWebSphere Application Server\n\n * 9.0\n * 8.5\n * 8.0\n * 7.0 \n \n \n\n\n## Remediation/Fixes\n\n[Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-05T21:22:54", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty which are bundled as part of IBM Cloud Pak for Applications(CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-01-05T21:22:54", "id": "A1680316198638EA55AFA837EE37AE44184E9B8BCA2B9FD668F06E417908DF87", "href": "https://www.ibm.com/support/pages/node/6538444", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:45:27", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of IBM OpenPages with Watson. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**| ** ****Affected Supporting Product and Version** \n---|--- \nIBM OpenPages with Watson 8.1| IBM WebSphere Application Server 9.0.0.10 \n \n## Remediation/Fixes\n\nPlease consult the security bulletin [IBM WebSphere Application Server](<https://www.ibm.com/support/pages/node/6526750> \"IBM WebSphere Application Server\" ) for remediation details.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-06-14T22:23:27", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilties have been identified in IBM WebSphere Application Server shipped with IBM OpenPages with Watson (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-06-14T22:23:27", "id": "E8BA6A75873A4594BE92FFE48C361848E9581DAA153EABDC1D071E1A59172338", "href": "https://www.ibm.com/support/pages/node/6594505", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T17:58:19", "description": "## Summary\n\nIBM WebSphere Application Server (WAS) is shipped with IBM Security Identity Manager (ISIM). Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISIM| 6.0.0 \nISIM| 6.0.2 \nIBM Security Verify Governance, Identity Manager software component| All \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)| Affected Supporting Product and Version(s)| Affected Supporting Product Security Bulletin \n---|---|--- \nISIM 6.0.0 | WAS 7.0, 8.5| \n\n# [Security Bulletin:Multiple vulnerabilities in Apache Log4j affects WebSphere Application Server traditional(CVE-2021-4104,CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin:Multiple vulnerabilities in Apache Log4j affects WebSphere Application Server traditional\\(CVE-2021-4104,CVE-2021-45046\\)\" ) \n \nISIM 6.0.2, \n\nIBM Security Verify Governance, Identity Manager software component \n\n| WAS 9.0 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-12T19:29:05", "type": "ibm", "title": "Security Bulletin:Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-01-12T19:29:05", "id": "CA643463AA3DD27CF347651D7B084BEA39601B3E21A99AD0FE90A4163037F126", "href": "https://www.ibm.com/support/pages/node/6540290", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:50:32", "description": "## Summary\n\nIBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNCM| 6.4.2 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation \n---|---|--- \nITNCM| 6.4.2| \n\n[Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty\" )\n\nSee section: For V9.0.0.0 through 9.0.5.10 :\n\nSee section: For V8.5.0.0 through 8.5.5.20 :\n\nSee section: For V8.0.0.0 through 8.0.0.15 :\n\nSee section: For V7.0.0.0 through 7.0.0.45 : \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-01-13T05:23:19", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-01-13T05:23:19", "id": "D9425756DF631BB7CA03B3451BD1F9C557325B8A2BB0CD34A22102962A0F4213", "href": "https://www.ibm.com/support/pages/node/6540524", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T17:58:12", "description": "## Summary\n\nIBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions of the IBM Maximo Asset Management core product. Older versions of Maximo Asset Management may be impacted. The recommended action is to update to the latest version.\n\n**Maximo Asset Management core product versions affected:**\n\nPrincipal Product and Version(s)\n\n| \n\nAffected Supporting Product and Version \n \n---|--- \n \nMaximo Asset Management 7.6.0.x \nMaximo Asset Management 7.6.1.x\n\n| \n\nIBM WebSphere Application Server 9.0 \nIBM WebSphere Application Server 8.5.5 Full Profile \nIBM WebSphere Application Server 8.5 Full Profile \n \n* To determine the core product version, log in and view System Information. The core product version is the \"Tivoli's process automation engine\" version. Please consult the [Product Coexistence Matrix](<https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20Maximo%20Asset%20Management/page/Product%20compatibility>) for a list of supported product combinations.\n\n## Remediation/Fixes\n\n[Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-12T21:06:00", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-01-12T21:06:00", "id": "F02EA1DD204629897DA1861F147A272B72A3FA34A5315D58B896A636EAE341F5", "href": "https://www.ibm.com/support/pages/node/6527290", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:59:32", "description": "## Summary\n\nWebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM WebSphere Remote Server - Product Family| All \n \n\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server. \n \n\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version**\n\n| \n\n**Affected Supporting Product Security Bulletin** \n \n---|---|--- \n \nWebSphere Remote Server \n9.0, 8.5, 7.1, 7.0\n\n| \n\nWebSphere Application Server 9.0, 8.5, 8.0\n\n| \n\n[Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-17T16:41:40", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2021-12-17T16:41:40", "id": "0B62A979A39E5FDD103EF50E44280DC84E1DA4B8937991D39D2F70B94DE5CDC6", "href": "https://www.ibm.com/support/pages/node/6527932", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:17", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities (CVE-2021-4104, CVE-2021-45046) affecting IBM WebSphere Application Server have been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Tivoli Federated Identity Manager| 6.2.0 - 6.2.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is/are shipped with IBM Tivoli Federated Identity Manager. \n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version**\n\n| \n\n**Affected Supporting Product Security Bulletin** \n \n---|---|--- \nIBM Tivoli Federated Identity Manager 6.2.0 - 6.2.2| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0| \n\n[Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-10T18:33:41", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Federated Identity Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104,\u00a0 CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-01-10T18:33:41", "id": "73EAFB98AF656367DD4CBD6C4D9BDB98FBF39B358F625D93589F37D52771AA8D", "href": "https://www.ibm.com/support/pages/node/6539538", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:22", "description": "## Summary\n\nThis bulletin provides information for addressing the Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046) in IBM Workload Scheduler by remediating the vulnerabilities in IBM WebSphere Application Server (WAS) and IBM WebSphere Application Server Liberty.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Workload Scheduler| 9.5 \nIBM Workload Scheduler| 9.4 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now. \n**\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server and IBM WebSphere Application Server Liberty which are shipped with IBM Workload Scheduler.\n\n<https://www.ibm.com/support/pages/node/6526750>\n\n * Implementing the Remediation/Fixes detailed in the WAS bulletin addresses the vulnerabilities for the IBM Workload Scheduler versions listed in the Affected Products/Versions section. Note that IWS 9.5 Liberty is not configured with features zosConnect-1.0 and zosConnect-1.2 so it is not affected.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-10T09:19:17", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Workload Scheduler (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-01-10T09:19:17", "id": "C2D7FDE6929D1789B9A1618D087E5DCB3FC2780B2EC1CA3CFF40FDF3AD014A8E", "href": "https://www.ibm.com/support/pages/node/6539426", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:31", "description": "## Summary\n\nMultiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046). Both IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are bundled with IBM WebSphere Hybrid Edition. There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server in the Admin Console and UDDI Registry application and used by the IBM WebSphere Application Server Liberty for z/OS in features zosConnect-1.0 and zosConnect-1.2. This has been addressed in IBM WebSphere Application Server by removing log4j from the Admin Console and UDDI Registry application. This has been addressed in IBM WebSphere Application Server Liberty for z/OS by removing log4j from the zosConnect-1.0 and zosConnect-1.2 features.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Affected Product(s) and Version(s) | Affected Product(s) and Version(s) \n---|--- \nIBM WebSphere Hybrid Edition| \n\nWebSphere Application Server Liberty\n\n * Continuous Deliver\n\nWebSphere Application Server\n\n * 9.0\n * 8.5\n * 8.0\n * 7.0 \n \n\n\n## Remediation/Fixes\n\n[Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-05T21:21:18", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty which are bundled in IBM WebSphere Hybrid Edition (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-01-05T21:21:18", "id": "1AEC66B946906A8F4682C35B7C619499014756DEA99B2673B7DD17DB8DFF256D", "href": "https://www.ibm.com/support/pages/node/6538442", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:55:49", "description": "## Summary\n\nVulnerabilities in Apache Log4j (CVE-2021-4104, CVE-2021-45046) impact IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. The fix addresses the vulnerabilities by removing Apache Log4j.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Access Manager for Enterprise Single-Sign On| 8.2.0, 8.2.1, 8.2.2 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.0| IBM WebSphere Application Server 7.0| [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.1| IBM WebSphere Application Server 7.0, 8.5| [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) \nIBM Security Access Manager for Enterprise Single Sign-On 8.2.2| IBM WebSphere Application Server 8.5| [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-16T03:25:30", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-03-16T03:25:30", "id": "30A0E9F889B3548B9BD0339A7DD9F4F3D51821FE906234D247C17BB05B831873", "href": "https://www.ibm.com/support/pages/node/6563859", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:58:26", "description": "## Summary\n\nThere are multiple vulnerabilities from Apache Log4j (CVE-2021-4104, CVE-2021-45046) that affect IBM WebSphere Application Server that affect IBM Engineering Products based on IBM Jazz technology. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nCollaborative Lifecycle Management (CLM)| 6.0.6, 6.0.6.1 \nRational Team Concert (RTC)| 6.0.6, 6.0.6.1 \nRational DOORS Next Generation (RDNG)| 6.0.6, 6.0.6.1 \nRational Quality Manager (RQM)| 6.0.6, 6.0.6.1 \nEngineering Lifecycle Management (ELM)| 7.0, 7.0.1, 7.0.2 \nIBM Engineering Workflow Management (EWM)| 7.0, 7.0.1, 7.0.2 \nIBM Engineering Requirements Management DOORS Next (DOORS Next)| 7.0, 7.0.1, 7.0.2 \nIBM Engineering Workflow Management (EWM)| 7.0, 7.0.1, 7.0.2 \nGlobal Configuration Management (GCM)| 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by taking the steps below:**\n\nThere are multiple vulnerabilities in Apache Log4j (CVE-2021-4104, CVE-2021-45046), which is used by different versions of IBM WebSphere Application Server (WAS). If you integrate any of the IBM Jazz Team Server-based products and versions (6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2) listed above, you will want to review and apply the following IBM WebSphere Application Server (WAS) remediation guidance.\n\n[Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-07T18:19:37", "type": "ibm", "title": "Security Bulletin: Apache Log4j vulnerabilities in IBM WebSphere Application Server impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-01-07T18:19:37", "id": "CB1A96B060B639265D7CCD4E0C186EA367A7C82E1756FDF32E57D9F350AD3873", "href": "https://www.ibm.com/support/pages/node/6538722", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:48:16", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V21.0 \nV20.0 \nV19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \nWebSphere Enterprise Service Bus| V7.5 \nV7.0 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the [Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046)](<https://www.ibm.com/support/pages/node/6526750> \"Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty \\(CVE-2021-4104, CVE-2021-45046\\)\" ) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-4104, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-45046"], "modified": "2022-09-14T15:28:14", "id": "DEAB63B690E03D8E8203ACA19836C2D36A8ED9D5C66A32CCF4F7F6B6C9F8DE84", "href": "https://www.ibm.com/support/pages/node/6527774", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:44:31", "description": "## Summary\n\nApache Log4j open source library used by IBM\u00ae Db2\u00ae is affected by multiple vulnerabilities that could allow a remote attacker to execute arbitrary code on the system or cause a denial of service. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the Apache Log4j library to 2.17.0. Please see CVE-2021-4104 for bulletin relating to Log4j V1. Please see CVE-2021-44832 and CVE-2021-44228 for bulletins relating to Log4j V2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFix pack levels of IBM Db2 V11.5 for all editions on all platforms are affected only if the following features are configured:\n\nFederation: \n\n * DVM JDBC wrapper driver,\n * NoSQL wrapper driver (for Hadoop),\n * Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only)\n\nIBM Db2 V9.7, V10.1, V10.5 and V11.1 are not affected. Please note that log4j v1.x was removed in a previous build, and customers are strongly recommended to apply those fixes if you are on an older version of Db2. See [Security Bulletin](<https://www.ibm.com/support/pages/node/6528678> \"Security Bulletin\" ) for details. \n\n\nTo determine if Federation is enabled, issue the following:\n\ndb2 get dbm cfg | grep FEDERATED\n\nIf a value of NO is returned, you are not vulnerable.\n\nYou can determine if you are using one of the affected wrappers by performing:\n\nTo determine if the DVM JDBC wrapper is in use, issue the following statement:\n\ndb2 \"select servername from syscat.serveroptions where option = 'DRIVER_CLASS' and setting = 'com.rs.jdbc.dv.DvDriver'\"\n\nIf a servername is returned, then you are using the DVM JDBC wrapper via the DvDriver class.\n\n \nTo determine if the NoSQL hadoop wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.servers where servertype = 'HDFSPARQUET'\" \n\nIf 1 or more rows are returned, then NoSQL hadoop wrapper is in use.\n\nTo determine if the NoSQL Blockchain wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.serveroptions where option='PEER_URL'\"\n\nIf 1 or more rows are returned, then NoSQL Blockchain wrapper is in use.\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for the V11.5.6 and V11.5.7 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\nNote: These builds supersede the builds provided for resolution to [CVE-2021-44228](<https://www.ibm.com/support/pages/node/6526462> \"CVE-2021-44228\" ) and [CVE-2021-4104](<https://www.ibm.com/support/pages/node/6528678> \"CVE-2021-4104\" )\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV11.5| TBD| [IT39474](<https://www.ibm.com/support/pages/apar/IT39474> \"IT39474\" )| Special Build for V11.5.6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135867_DB2-aix64-universal_fixpack-11.5.6.0-FP000%3A427692916793185792&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13478_135868_DSClients-linuxia32-client-11.5.6.0-FP000%3A229400084660469792&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135870_DB2-linuxx64-universal_fixpack-11.5.6.0-FP000%3A138274479725175920&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135866_DB2-linuxppc64le-universal_fixpack-11.5.6.0-FP000%3A979582216771911552&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135869_DB2-linux390x64-universal_fixpack-11.5.6.0-FP000%3A276882097350046112&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13478_135865_DSClients-nt32-client-11.5.6000.1809-FP000%3A661797018354168448&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13478_135864_DB2-ntx64-universal_fixpack-11.5.6000.1809-FP000%3A583179472819140992&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV11.5| 11.5.8| [IT39474](<https://www.ibm.com/support/pages/apar/IT39474> \"IT39474\" )| <https://www.ibm.com/support/pages/node/6830623> \n \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-11-11T17:20:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-45046, CVE-2021-45105)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-11-11T17:20:42", "id": "CDB95A8580AD247B239607B2769A506C10A81055AF8F4063AA0D26A850A33B58", "href": "https://www.ibm.com/support/pages/node/6528672", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:53:56", "description": "## Summary\n\nThere are multiple vulnerabilities in Log4j used by IBM Content Integrator. IBM Content Integrator is not affected by these vulnerabilities. However, the team has addressed vulnerabilities by removing references.\n\n## Vulnerability Details\n\n**CVEID: CVE-2021-44228** \nDESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure \nto protect against attacker-controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially \ncrafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take \ncomplete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921 for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID: CVE-2021-45046** \nDESCRIPTION: Apache Log4j could result in remote code execution, caused by an incomplete fix \nof CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default \nPattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft \nmalicious input data using a JNDI Lookup pattern to leak sensitive \ninformation and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195 for the current score. \nCVSS Vector: Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\n\n**CVEID: CVE-2021-45105** \nDESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled \nrecursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could \ncraft malicious input data that contains a recursive lookup to cause a StackOverflowError \nthat will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647 for the current score. \nCVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n**CVEID: CVE-2021-4104** \nDESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the \ndeserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to \nuse JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048 for the current score. \nCVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\n\n**CVEID: CVE-2021-38951** \nDESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, \ncaused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to \ncause the server to consume all available CPU resources. IBM X-Force ID: 211405. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211405 for the current score. \nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Content Integrator | 8.6 \n \n## Remediation/Fixes\n\nIBM Content Integrator 8.6.0.4 IF0009 [Fix Central](<https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=ICI_8604-IF0009&continue=1> \"Fix Central\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-05T14:49:44", "type": "ibm", "title": "Security Bulletin: IBM Content Integrator is not affected by multiple vulnerabilities in Log4j", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38951", "CVE-2021-4104", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-05-05T14:49:44", "id": "AD5C7F7150FBD846C587F5FAD0D7C7B48F81990F52A351F824E5CBBBAC83F163", "href": "https://www.ibm.com/support/pages/node/6582359", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:44:32", "description": "## Summary\n\nThe Apache Log4j open source library used by IBM\u00ae Db2\u00ae is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library to version 2.17.1. Please see CVE-2021-4104 for bulletin relating to Log4j V1. Please see CVE-2021-45046, CVE-2021-45105 and CVE-2021-44228 for bulletins relating to Log4j V2.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44832](<https://vulners.com/cve/CVE-2021-44832>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216189](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216189>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nFix pack levels of IBM Db2 V11.5 for all editions on all platforms are affected only if the following features are configured:\n\nFederation: \n\n * DVM JDBC wrapper driver,\n * NoSQL wrapper driver (for Hadoop),\n * Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only)\n\nIBM Db2 V9.7, V10.1, V10.5 and V11.1 are not affected by this issue. Please note that log4j v1.x was removed in a previous build, and customers are strongly recommended to apply those fixes if you are on an older version of Db2. See [Security Bulletin](<https://www.ibm.com/support/pages/node/6528678> \"Security Bulletin\" ) for details.\n\nTo determine if Federation is enabled, issue the following:\n\ndb2 get dbm cfg | grep FEDERATED\n\nIf a value of NO is returned, you are not vulnerable.\n\nYou can determine if you are using one of the affected wrappers by performing:\n\nTo determine if the DVM JDBC wrapper is in use, issue the following statement:\n\ndb2 \"select servername from syscat.serveroptions where option = 'DRIVER_CLASS' and setting = 'com.rs.jdbc.dv.DvDriver'\"\n\nIf a servername is returned, then you are using the DVM JDBC wrapper via the DvDriver class.\n\n \nTo determine if the NoSQL hadoop wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.servers where servertype = 'HDFSPARQUET'\" \n\nIf 1 or more rows are returned, then NoSQL hadoop wrapper is in use.\n\nTo determine if the NoSQL Blockchain wrapper is in use, issue the following statement:\n\ndb2 \"select * from syscat.serveroptions where option='PEER_URL'\"\n\nIf 1 or more rows are returned, then NoSQL Blockchain wrapper is in use.\n\n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V11.5, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for the V11.5.6 and V11.5.7 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV11.5| TBD| [IT39584](<https://www.ibm.com/support/pages/apar/IT39584> \"IT39584\" )| Special Build for V11.5.6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140511_DB2-aix64-universal_fixpack-11.5.6.0-FP000%3A845800489744802176&includeSupersedes=0> \"AIX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13806_140509_DSClients-linuxia32-client-11.5.6.0-FP000%3A517046716861436544&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140512_DB2-linuxx64-universal_fixpack-11.5.6.0-FP000%3A956085215716772224&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140513_DB2-linuxppc64le-universal_fixpack-11.5.6.0-FP000%3A437126386150870272&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140510_DB2-linux390x64-universal_fixpack-11.5.6.0-FP000%3A526111219902489984&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_13806_140508_DSClients-nt32-client-11.5.6000.1809-FP000%3A411600865803667264&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_13806_140507_DB2-ntx64-universal_fixpack-11.5.6000.1809-FP000%3A273075359147908384&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV11.5| 11.5.8| [IT39584](<https://www.ibm.com/support/pages/apar/IT39584> \"IT39584\" )| \n\n<https://www.ibm.com/support/pages/node/6830623> \n \n## Workarounds and Mitigations\n\nOn a Unix-type system, if you are not using Federation wrappers, you can remove log4j jar files. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-11-11T17:14:24", "type": "ibm", "title": "Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM\u00ae Db2\u00ae (CVE-2021-44832)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-11-11T17:14:24", "id": "6DF2E72D03F9AA8435A0A58D154D82EDF5203309F8C81C42E35CBC71D2A79BDD", "href": "https://www.ibm.com/support/pages/node/6549888", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T17:53:57", "description": "## Summary\n\nWebSphere Application Server (WAS) is shipped as a component of IBM Security Guardium Key Lifecycle Manager (GKLM). Information about the Apache Log4j vulnerability has been published in a security bulletin. Customers are encouraged to take quick action to update their systems.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n\n\n**DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.\n\n \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version(s)** \n \n---|--- \nIBM Security Key Lifecycle Manager (SKLM) v2.7** [EOS] | WebSphere Application Server v9.0.0.1 \nIBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5 \nIBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1 | WebSphere Application Server v9.0.5.5 \nIBM Security Guardium Key Lifecycle Manager (GKLM) v4.1.1 | WebSphere Application Server Liberty 21.0.0.6 \n \n****** IBM Security Key Lifecycle Manager (SKLM) v2.7 - Applicable only for customer with extension.\n\n## Remediation/Fixes\n\n**IMPORTANT**\n\nThe fix in this bulletin has been superseded by [Security Bulletin: Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)](<https://www.ibm.com/support/pages/node/6539408>). \n--- \n \n**IBM strongly recommends addressing the vulnerability now by upgrading. **\n\nDepending on your GKLM/SKLM version, see the relevant section:\n\n * For SKLM 3.0, 3.0.1 and SKLM 4.0\n * For GKLM 4.1\n * For GKLM 4.1.1\n\n* * *\n\n## For SKLM 3.0, 3.0.1 and SKLM 4.0\n\nFor information about the vulnerability fixes, see [Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6525706> \"Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server \\(CVE-2021-44228\\)\" ) \u200b\u200b\u200b.\u200b\u200b\n\nYou only need to apply the interim fix provided by the WAS team. Before you apply the interim fix, check the WAS minimum fix pack requirement and the supported WAS for your SKLM version (see [Support Matrix](<https://www.ibm.com/support/pages/node/296957>)). \n\nFor instructions, see [How to install WebSphere Application Server interim fix](<https://www.ibm.com/support/pages/node/6538024>).\n\n**Note:** _Also applicable for SKLM 2.7_ (**only for customers with extension**).\n\n** Recommended: Upgrade Java**\n\nAfter you apply the WAS interim fix, it is recommended that you upgrade the IBM\u00ae SDK Java\u2122 Technology Edition maintenance to [V8.0.6.26](<https://www.ibm.com/support/pages/node/587245#80626>). For instructions, see [How to upgrade IBM SDK Java Technology Edition](<https://www.ibm.com/support/pages/node/6538362>).\n\n**Note:** You only need to apply Java SDK. No other manual step is required. \n\n* * *\n\n## For GKLM 4.1.0\n\n 1. On Linux and AIX systems, log in as the database user. For example, sklmdb41.\n 2. Stop WebSphere Application Server.\n\n**On Linux or AIX:**\n \n WAS_HOME/bin/stopServer.sh\u00a0server1 -username WAS_USER -password WAS_PASSWORD\n\nFor example,\n \n /opt/IBM/WebSphere/AppServer/bin/stopServer.sh server1 -username wasadmin -password waspassword\n\n**On Windows:**\n \n WAS_HOME\\bin\\stopServer.bat server1 -username WAS_USER -password WAS_PASSWORD\n\nFor example,\n \n C:\\Program Files\\IBM\\WebSphere\\AppServer\\bin\\stopServer.bat server1 -username wasadmin -password waspassword\n\n 3. Apply the WebSphere Application Server interim fix provided by the WAS team. For instructions, see [How to install WebSphere Application Server interim fix](<https://www.ibm.com/support/pages/node/6538024>). \n\nFor information about the vulnerability and fixes, see [Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)](<https://www.ibm.com/support/pages/node/6525706> \"Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server \\(CVE-2021-44228\\)\" ) . \n\n**Note**: You only need to apply the interim fix provided by the WAS team.\n\n 4. Update Log4j.\n\n 1. Download the latest log4j 2.15.0 files from the following link: \n\n<https://archive.apache.org/dist/logging/log4j/2.15.0/>\n\n 2. Depending on your platform, download the applicable file: \n * apache-log4j-2.15.0-bin.tar.gz\n * apache-log4j-2.15.0-bin.zip\n 3. Extract the downloaded files. Copy the following extracted JAR files to some other location (for example, desktop): \n * log4j-api-2.15.0.jar\n * log4j-core-2.15.0.jar\n 4. Rename the JAR files as follows: \n * log4j-api-2.15.0.jar to log4j-api-2.13.3.jar\n * log4j-core-2.15.0.jar to log4j-core-2.13.3.jar\n\n**Note:** This is a workaround. Because of this workaround, even after you apply the fix, the grep command shows log4j-api-2.13.3.jar version in the output. However, be assured that Log4j is upgraded to log4j-api-2.15.0.jar.\n\n 5. Copy the renamed Log4j JAR files to the following location: \n\n**On Linux or AIX:**\n \n WAS_HOME/profiles/KLMProfile/installedApps/SKLMCell/sklm_kms.ear/lib\n\nFor example,\n \n /opt/IBM/WebSphere/AppServer/profiles/KLMProfile/installedApps/SKLMCell/sklm_kms.ear/lib\n\n**On Windows:**\n \n WAS_HOME\\profiles\\KLMProfile\\installedApps\\SKLMCell\\sklm_kms.ear\\lib\n\nFor example,\n \n C:\\Program Files\\IBM\\WebSphere\\AppServer\\profiles\\KLMProfile\\installedApps\\SKLMCell\\sklm_kms.ear\\lib\n\n 5. Start WebSphere Application Server. \n\n**On Linux or AIX:**\n \n WAS_HOME/bin/startServer.sh server1\n\nFor example,\n \n /opt/IBM/WebSphere/AppServer/bin/startServer.sh server1\n\n**On Windows:**\n \n WAS_HOME\\bin\\startServer.bat server1\n\nFor example,\n \n C:\\Program Files\\IBM\\WebSphere\\AppServer\\bin\\startServer.bat server1\n\n** **\n\n** **\n\n** ****Recommended: Upgrade Java**\n\nAfter you apply the WAS interim fix, it is recommended that you upgrade the IBM\u00ae SDK Java\u2122 Technology Edition maintenance to [V8.0.6.26](<https://www.ibm.com/support/pages/node/587245#80626>). For instructions, see [How to upgrade IBM SDK Java Technology Edition](<https://www.ibm.com/support/pages/node/6538362>).\n\n**Note:** You only need to apply Java SDK. No other manual step is required.\n\n* * *\n\n## For GKLM 4.1.1\n\nThis issue is fixed in [GKLM 4.1.1 - Fix Pack 2](<https://www.ibm.com/support/pages/node/6525282> \"GKLM 4.1.1 - Fix Pack 2\" ). You can download it from [Fix Central](<https://www.ibm.com/support/fixcentral>).\n\n* * *\n\n** **\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-04T14:07:15", "type": "ibm", "title": "Security Bulletin: Apache Log4j (CVE-2021-44228) vulnerability in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) and IBM Security Guardium Key Lifecycle Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228", "CVE-2021-44832", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-05-04T14:07:15", "id": "30E9FB4250193CA2C5AB02F5095C96F34F2044E06280324E18E38EEFD7C1490E", "href": "https://www.ibm.com/support/pages/node/6527756", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T15:36:36", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:4112-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-18T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : log4j12 (openSUSE-SU-2021:4112-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:log4j12", "p-cpe:/a:novell:opensuse:log4j12-javadoc", "p-cpe:/a:novell:opensuse:log4j12-manual", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-4112.NASL", "href": "https://www.tenable.com/plugins/nessus/156181", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:4112-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156181);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2021-4104\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n script_xref(name:\"IAVA\", value:\"0001-A-0650\");\n\n script_name(english:\"openSUSE 15 Security Update : log4j12 (openSUSE-SU-2021:4112-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:4112-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write\n access to the Log4j configuration. The attacker can provide TopicBindingName and\n TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result\n in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2\n when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193662\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U355AEBE4AWYTPUPBMC3XAO6XBTWFRBL/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72242b66\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j12, log4j12-javadoc and / or log4j12-manual packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4104\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j12-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j12-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'log4j12-1.2.17-4.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j12-javadoc-1.2.17-4.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j12-manual-1.2.17-4.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j12 / log4j12-javadoc / log4j12-manual');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:18:07", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:4111-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-18T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4111-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:log4j-manual", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-4111.NASL", "href": "https://www.tenable.com/plugins/nessus/156177", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:4111-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156177);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2021-4104\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n script_xref(name:\"IAVA\", value:\"0001-A-0650\");\n\n script_name(english:\"openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4111-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:4111-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write\n access to the Log4j configuration. The attacker can provide TopicBindingName and\n TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result\n in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2\n when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193662\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RTBP7J2BY2P4Y4VVPTAERSBRBHRHKIDZ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72cced44\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j-manual package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4104\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'log4j-manual-1.2.17-5.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j-manual');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:43:19", "description": "The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:4115-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-18T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : log4j (SUSE-SU-2021:4115-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:log4j", "p-cpe:/a:novell:suse_linux:log4j-manual", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-4115-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156170", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:4115-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156170);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-4104\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n script_xref(name:\"IAVA\", value:\"0001-A-0650\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:4115-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : log4j (SUSE-SU-2021:4115-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as\nreferenced in the SUSE-SU-2021:4115-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write\n access to the Log4j configuration. The attacker can provide TopicBindingName and\n TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result\n in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2\n when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4104\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009918.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed6408a4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j and / or log4j-manual packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4104\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'log4j-1.2.15-126.6.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'log4j-1.2.15-126.6.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'log4j-1.2.15-126.6.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'log4j-1.2.15-126.6.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'log4j-1.2.15-126.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'log4j-manual-1.2.15-126.6.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'log4j-manual-1.2.15-126.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'log4j-1.2.15-126.6.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'log4j-1.2.15-126.6.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'log4j-1.2.15-126.6.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'log4j-1.2.15-126.6.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j / log4j-manual');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-13T14:23:21", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 / 21.10 host has a package installed that is affected by a vulnerability as referenced in the USN-5223-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-13T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 21.04 / 21.10 : Apache Log4j 1.2 vulnerability (USN-5223-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2023-07-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.04", "cpe:/o:canonical:ubuntu_linux:21.10", "p-cpe:/a:canonical:ubuntu_linux:liblog4j1.2-java"], "id": "UBUNTU_USN-5223-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156712", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5223-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156712);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\"CVE-2021-4104\");\n script_xref(name:\"USN\", value:\"5223-1\");\n script_xref(name:\"IAVA\", value:\"0001-A-0650\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 21.04 / 21.10 : Apache Log4j 1.2 vulnerability (USN-5223-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 / 21.10 host has a package installed that is affected by a vulnerability\nas referenced in the USN-5223-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write\n access to the Log4j configuration. The attacker can provide TopicBindingName and\n TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result\n in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2\n when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5223-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected liblog4j1.2-java package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4104\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liblog4j1.2-java\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release || '21.04' >< os_release || '21.10' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 21.04 / 21.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'liblog4j1.2-java', 'pkgver': '1.2.17-8+deb10u1ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'liblog4j1.2-java', 'pkgver': '1.2.17-9ubuntu0.1'},\n {'osver': '21.04', 'pkgname': 'liblog4j1.2-java', 'pkgver': '1.2.17-10ubuntu0.21.04.1'},\n {'osver': '21.10', 'pkgname': 'liblog4j1.2-java', 'pkgver': '1.2.17-10ubuntu0.21.10.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liblog4j1.2-java');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:40:39", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:4111-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-18T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : log4j (SUSE-SU-2021:4111-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:log4j", "p-cpe:/a:novell:suse_linux:log4j-manual", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-4111-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156169", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:4111-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156169);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-4104\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n script_xref(name:\"IAVA\", value:\"0001-A-0650\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:4111-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : log4j (SUSE-SU-2021:4111-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced\nin the SUSE-SU-2021:4111-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write\n access to the Log4j configuration. The attacker can provide TopicBindingName and\n TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result\n in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2\n when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4104\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009917.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b31ab146\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j and / or log4j-manual packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4104\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:log4j-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'log4j-1.2.17-5.6.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'log4j-manual-1.2.17-5.6.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'log4j-1.2.17-5.6.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'log4j-manual-1.2.17-5.6.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'log4j-1.2.17-5.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'log4j-manual-1.2.17-5.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'log4j-1.2.17-5.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'log4j-1.2.17-5.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'log4j-manual-1.2.17-5.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'log4j-manual-1.2.17-5.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'log4j-1.2.17-5.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'log4j-manual-1.2.17-5.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j / log4j-manual');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:27", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1612-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-25T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : log4j12 (openSUSE-SU-2021:1612-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:log4j12", "p-cpe:/a:novell:opensuse:log4j12-javadoc", "p-cpe:/a:novell:opensuse:log4j12-manual", "p-cpe:/a:novell:opensuse:log4j12-mini", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1612.NASL", "href": "https://www.tenable.com/plugins/nessus/156276", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1612-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156276);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2021-4104\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n script_xref(name:\"IAVA\", value:\"0001-A-0650\");\n\n script_name(english:\"openSUSE 15 Security Update : log4j12 (openSUSE-SU-2021:1612-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:1612-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write\n access to the Log4j configuration. The attacker can provide TopicBindingName and\n TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result\n in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2\n when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193662\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VHZ7COSTMBF33SO76DMFLY7V62XQUQLS/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5441da09\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4104\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j12, log4j12-javadoc, log4j12-manual and / or log4j12-mini packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4104\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j12-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j12-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:log4j12-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'log4j12-1.2.17-lp152.3.3.2', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j12-javadoc-1.2.17-lp152.3.3.2', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j12-manual-1.2.17-lp152.3.3.2', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'log4j12-mini-1.2.17-lp152.3.3.2', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'log4j12 / log4j12-javadoc / log4j12-manual / log4j12-mini');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:39:41", "description": "The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:14866-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-18T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : log4j (SUSE-SU-2021:14866-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4104", "CVE-2021-44228"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:log4j", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2021-14866-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156167", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:14866-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156167);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-4104\");\n script_xref(name:\"IAVA\", value:\"2021-A-0573\");\n script_xref(name:\"IAVA\", value:\"0001-A-0650\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:14866-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : log4j (SUSE-SU-2021:14866-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE-\nSU-2021:14866-1 advisory.\n\n - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write\n access to the Log4j configuration. The attacker can provide TopicBindingName and\n TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result\n in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2\n when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of\n life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the\n previous versions. (CVE-2021-4104)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4104\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009915.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e463296\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected log4j package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4104\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:
CVE-2021-4104
