Lucene search

K
ibmIBM8C8A687167096A3D2AA73F94AC7D6F1C43EF830C110ED1F9406D92FAD9FCBA59
HistoryFeb 18, 2022 - 5:30 p.m.

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046)

2022-02-1817:30:26
www.ibm.com
27

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%

Summary

IBM Sterling File Gateway is impacted by Apache Log4j vulnerabilities CVE-2021-45105 and CVE-2021-45046. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below.

Vulnerability Details

CVEID:CVE-2021-45105
**DESCRIPTION:**Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-45046
**DESCRIPTION:**Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling File Gateway 6.0.0.0 - 6.1.1.0

Note that remote perimeter server, CLA2, OpsServer and external purge has been assessed for impact and were found to be not affected.

Due to concern surrounding Apache Log4j CVE-2021-45046 and CVE-2021-45105, end-of-support stream IBM Sterling B2B Integrator Version 5.2.x has been assessed for impact the versions and fix packs below were found to be not affected by CVE-2021-45046 and CVE-2021-45105:
5020605_3 and all lower fix packs
5020604 and all fix packs
5020603 and all fix packs
5020602 and all fix packs
5020601 and all fix packs
5020600 and all fix packs
5020500 and all fix packs
5020402 and all fix packs

Remediation/Fixes

Affected Product(s) Version(s)
IBM Sterling File Gateway

IIM

Step 1: Apply IBM Sterling Filegateway IIM version 6.0.0.7, 6.0.3.5, 6.1.0.4, 6.1.1.0, 6.0.2.3 or 6.0.1.2

Step 2: Apply the remediating ifix 6.0.0.7_1, 6.0.3.5_1, 6.1.0.4_1 , 6.1.1.0_1, 6.0.2.3._1 or 6.0.1.2_1 that are located on Fix Central

Also for 6.1.1.0 after applying the remediating ifix 6.1.1.0_1, additionally follow the steps in this technote.

Docker & Containers

Step 1: Apply either IBM Sterling Filegateway Docker version 6.0.0.7, 6.0.3.5 or 6.1.0.4,

Step 2: Next apply one of the remediating ifixes below:

IBM Sterling Filegateway Docker version 6.0.0.7_1 on Fix Central

IBM Sterling Filegateway Docker version 6.0.3.5_1 on Fix Central

IBM Sterling Filegateway Container version 6.1.0.4_1

Workarounds and Mitigations

If you are unable to apply the remediated fix packs above, as an alternative IBM strongly recommends addressing the vulnerability by applying one of these mandatory remediation steps below now.

Before applying any of the Workarounds and Mitigations below ensure that the file system of IBM Sterling B2B Integrator has been fully backed up.

Linux: The following script can be applied to Linux B2Bi ASI node and Adapter Container nodes. Please ensure to read the included readme file before applying.

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=B2Bi-rhel-log4j-remediation&source=SAR

AIX: The following script can be applied toAIX B2Bi ASI node and Adapter Container nodes. Please ensure to read the included readme file before applying.

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=B2Bi-aix-log4j-remediation&source=SAR

Docker Container or OCP: The following document with steps can be manually applied toDocker Container or OCP B2Bi ASI node and Adapter Container nodes:

[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=B2Bi-Docker-and-OCP-log4j-remediation&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=B2Bi-Docker-and-OCP-log4j-remediation&source=SAR>)

**Windows:**The following document with steps can be manually applied to Windows B2Bi ASI node and Adapter Container nodes:

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=B2Bi-windows-log4j-remediation&source=SAR

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%

Related for 8C8A687167096A3D2AA73F94AC7D6F1C43EF830C110ED1F9406D92FAD9FCBA59