Lucene search
IBM9B0F66C4EFFAAF9FDB1B504C2B624740D85D778570BFE202D803740E0C99076CHistoryDec 23, 2021 - 1:03 a.m.
Security Bulletin: Tivoli Netcool/OMNIbus WebGUI has multiple vulnerabilities in Apache log4j (CVE-2021-4104, CVE-2021-45046)
2021-12-2301:03:40
www.ibm.com
34
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
99.9%
Summary
Some version of Tivoli Netcool/OMNIbus WebGUI uses Apache log4j-api library which has multiple vulnerabilities to CVE-2021-4104 and CVE-2021-45046, recommendation is to remove it if exists. Also, Tivoli Netcool/OMNIbus WebGUI uses IBM Jazz for Service Management and Websphere Application Server (WAS) component/product which are affected. Information about this security vulnerability affecting IBM Jazz for Service Management and Websphere Application Server (WAS) has been published in different security bulletins
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Tivoli Netcool/OMNIbus Web GUI | 8.1 GA - 8.1.0.25 |
| IBM Jazz for Service Manager (JazzSM) | 1.1.3.0 - 1.1.3.13 |
| Websphere Application Server (WAS) | 8.5 - 9.0 |
Remediation/Fixes
Please note in the steps below that $JazzSMHOME denotes the home directory where JazzSM is installed.
- As per recommendation by Websphere Application Server (WAS), security bulletin Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server (CVE-2021-4104, CVE-2021-45046) The recommended solution is to install interim fix PH42762.
* If you are running WebSphere Application Server 8.5.5.11 to 8.5.5.20 or 9.0.5.3 or above, the interim fix [PH42762 ](<https://www.ibm.com/support/pages/node/6526686>)can be applied.
* If you are running WebSphere Application Server prior to 8.5.5.11, WebSphere Application Server must be upgraded prior to applying the interim fix [PH42762](<https://www.ibm.com/support/pages/node/6526686>)
- As per recommendation by IBM Jazz for Service Manager (JazzSM), security bulletin IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability(CVE-2021-44228).
* If you are running IBM Jazz for Service Manager 1.1.3.10 to 1.1.3.13, along with WebSphere Application Server 8.5.5.18 to 8.5.5.20 or 9.0.5.6 to 9.0.5.9, the interim fix [JazzSM 1.1.3.13 iFix01](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> "JazzSM 1.1.3.13 iFix01" ) can be applied.
* If you are running IBM Jazz for Service Manager 1.1.3 to 1.1.3.9, along with WebSphere Application Server 8.5.5.9 to 8.5.5.18 or 9.0.5.3, IBM Jazz for Service Manager must be upgraded prior to applying the interim fix [JazzSM 1.1.3.13 iFix01](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> "JazzSM 1.1.3.13 iFix01" )
* For if you have upgraded to WebSphere Application Server 8.5.5.20 with interim fix [PH42762](<https://www.ibm.com/support/pages/node/6526686>). Then you should also upgrade to JazzSM 1.1.3.13, then apply the interim fix [JazzSM 1.1.3.13 iFix01](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> "JazzSM 1.1.3.13 iFix01" )
- Upgrade Tivoli Netcool/OMNIbus WebGUI to the appropriate version, that would support the corresponding Websphere Application Server (WAS) fix pack and IBM Jazz for Service Manager (JazzSM) fix pack installed. See table 3, in <https://www.ibm.com/docs/en/netcoolomnibus/8.1?topic=upgrade-web-gui-installation-prerequisites>
* If you are running Websphere Application Server 8.5.5.20 and IBM Jazz Service Manager 1.1.3.13, then you must also upgrade to Tivoli Netcool/OMNIbus WebGUI 8.1.0.25.
- If you are running Tivoli Netcool/OMNIbus WebGUI 8.1.0.11 (or higher), which contains the log4j-api-2*.jar file:
1. Stop the JazzSM server, eg. $JazzSMHOME/profile/bin/stopServer.sh server1
2. Move log4j-api-2*.jar file in the deployed OMNIbusWebGUI.war directoy, to an archive directory outside of $JazzSMHOME
* For instance, $JazzSMHOME/profile/installedApps/installedApps/JazzSMNode01Cell/isc.ear/OMNIbusWebGUI.war/WEB-INF/lib/log4j-api-2*.jar
3. Start the JazzSM server, eg. $JazzSMHOME/profile/bin/startServer.sh server1
- If you are running Tivoli Netcool/OMNIbus WebGUI prior to 8.1.0.11, no further action is required.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli netcool/omnibus | eq | 8.1.0 |
Related
ibm
ibm
threatpost
threatpost
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
2021-12-15 14:04:19
APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools
2021-12-30 16:16:23
attackerkb
attackerkb
CVE-2021-44228 (Log4Shell)
2022-02-08 00:00:00
CVE-2021-45046
2021-12-14 00:00:00
redhat
redhat
symantec
symantec
Symantec Security Advisory for Log4j Vulnerability
2021-12-11 01:06:47
nessus
nessus
thn
thn
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability
2021-12-18 12:18:00
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges
2021-12-16 06:24:00
rapid7blog
rapid7blog
The Everyperson’s Guide to Log4Shell (CVE-2021-44228)
2021-12-15 19:44:42
How to Protect Your Applications Against Log4Shell With tCell
2021-12-15 14:58:14
qualysblog
qualysblog
CVE-2021-44228: Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell)
2021-12-10 19:30:11
New Options Profiles for Log4Shell Detection
2021-12-20 17:33:11
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-17 10:36:16
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-13 21:57:58
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-16 17:22:17
gentoo
gentoo
Ubiquiti UniFi: remote code execution via bundled log4j
2023-10-26 00:00:00
suse
suse
Security update for log4j (important)
2021-12-20 00:00:00
Security update for log4j (important)
2021-12-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-12-15 00:30:50
Deserialisation Of Untrusted Object
2021-12-15 13:38:24
vmware
vmware
prion
prion
Default configuration
2021-12-14 19:15:00
cve
cve
CVE-2021-45046
2021-12-14 19:15:00
amazon
amazon
Critical: java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk
2021-12-17 18:12:00
Critical: java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk
2021-12-17 17:39:00
Critical: aws-kinesis-agent
2021-12-16 00:11:00
redhatcve
redhatcve
CVE-2021-45046
2022-05-07 14:27:31
openvas
openvas
Apache Log4j 2.0.x Multiple Vulnerabilities (Web Application URL Parameter, Log4Shell) - Active Check
2022-03-30 00:00:00
Debian: Security Advisory (DSA-5022-1)
2021-12-17 00:00:00
Apache Log4j 2.0.x Multiple Vulnerabilities (SMTP, Log4Shell) - Active Check
2022-01-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)
2021-12-10 00:00:00
talosblog
talosblog
Quarterly Report: Incident Response Trends in Q2 2022
2022-07-26 14:03:00
securelist
securelist
CVE-2021-44228 vulnerability in Apache Log4j library
2021-12-13 14:10:21
fortinet
fortinet
Apache log4j2 log messages substitution (CVE-2021-44228)
2021-12-12 00:00:00
nuclei
nuclei
Apache Log4j2 - Remote Code Injection
2021-12-23 15:41:50
typo3
typo3
Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)
2021-12-16 00:00:00
mssecure
mssecure
osv
osv
CVE-2021-45046
2021-12-14 19:15:07
Incomplete fix for Apache Log4j vulnerability
2021-12-14 18:01:28
Remote code injection in Log4j
2021-12-10 00:40:56
intel
intel
kitploit
kitploit
debiancve
debiancve
CVE-2021-45046
2021-12-14 19:15:00
CVE-2021-4104
2021-12-14 12:15:00
ubuntu
ubuntu
Apache Log4j 2 vulnerability
2021-12-15 00:00:00
ubuntucve
ubuntucve
CVE-2021-45046
2021-12-14 00:00:00
CVE-2021-4104
2021-12-14 00:00:00
debian
debian
[SECURITY] [DSA 5022-1] apache-log4j2 security update
2021-12-16 10:29:17
github
github
Incomplete fix for Apache Log4j vulnerability
2021-12-14 18:01:28
Remote code injection in Log4j
2021-12-10 00:40:56
malwarebytes
malwarebytes
mmpc
mmpc
impervablog
impervablog
Log4Shell log4j Remote Code Execution – The COVID of the Internet
2022-01-06 16:41:56
freebsd
freebsd
graylog -- remote code execution in log4j from user-controlled log input
2021-11-14 00:00:00
f5
f5
K32171392 : Apache Log4j2 vulnerability CVE-2021-45046
2021-12-16 00:00:00
K24554520 : Apache Log4j Remote Code Execution vulnerability CVE-2021-4104
2021-12-15 00:00:00
mageia
mageia
Updated log4j packages fix security vulnerability
2021-12-19 15:26:08
huawei
huawei
cisa_kev
cisa_kev
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
2023-05-01 00:00:00
atlassian
atlassian
Update Log4J to 1.2.17-atlassian-15 to fix CVE-2021-4104
2022-01-14 13:13:21
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
99.9%
Related for 9B0F66C4EFFAAF9FDB1B504C2B624740D85D778570BFE202D803740E0C99076C