9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises are vulnerable to Apache Log4j (CVE-2021-45105, CVE-2021-45046, CVE-2021-4104, CVE-2021-44832) due to multiple components using Apache Log4j for logging. This has been addressed in each of the components; refer to the Remediation section for details.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Predictive Maintenance and Quality | 2.6.3 |
IBM Maximo APM - Predictive Maintenance Insights On-Premises | 1.0.3 |
IBM strongly recommends addressing the vulnerabilities now by applying interim fixes for all components as listed for all Affected Products/Versions listed above.
Affected Component
|
_Remediation/Fix _
|
**Security Bulletin and****Fix Details
**
—|—|—
Websphere Application Server 9.0
|
Apache Log4j library is removed. Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH42762, or Apply Fix Pack 9.0.5.11.
|
<https://www.ibm.com/support/pages/node/6538148>
(CVE-2021-45105, CVE-2021-44832)
<https://www.ibm.com/support/pages/node/6526750>
(CVE-2021-4104, CVE-2021-45046)
Db2 11.5
|
Apache Log4j library is updated to 2.17.0. Apply interim fix as per <https://www.ibm.com/support/pages/apar/IT39474>
|
<https://www.ibm.com/support/pages/node/6528672>
(CVE-2021-45046, CVE-2021-45105)
Cognos 11.1
|
11.1.7 Interim Fix 8 includes Apache Log4j upgrade to v2.17.1.
|
<https://www.ibm.com/support/pages/node/6538720>
(CVE-2021-45046)
SPSS Modeler 18.2
|
Interim Fix includes upgrading Apache Log4j to 2.17.0.
|
<https://www.ibm.com/support/pages/node/6555104> (CVE-2021-4104)
SPSS Collaboration and Deployment Services 18.2
|
Interim fix includes upgrading Apache Log4J to 2.17.1.
|
<https://www.ibm.com/support/pages/node/6549774> (CVE-2021-4104)
SPSS Statistics Server 26.0
|
Interim fix includes upgrading Apache Log4J to 2.17.1
|
<https://www.ibm.com/support/pages/node/6527952> (CVE-2021-4104)
SPSS Analytic Server 3.1.1
|
Interim fix includes upgrading Apache Log4J to 2.17.1
|
<https://www.ibm.com/support/pages/node/6540892> (CVE-2021-4104)
None
CPE | Name | Operator | Version |
---|---|---|---|
predictive maintenance and quality | eq | 2.6.3 |
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%