Lucene search

K
ibmIBMC786E96DD673C5766A45B6750BE6B879F3CF37718ACD79668ADC1130AF26E274
HistoryJan 13, 2022 - 9:43 p.m.

Security Bulletin: Due to use of Apache Log4j, IBM WebSphere Application Server Patterns is vulnerable to arbitrary code execution (CVE-2021-44832) and denial of service (CVE-2021-45105)

2022-01-1321:43:58
www.ibm.com
199

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.3%

Summary

IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about the Apache Log4j security vulnerabilities (CVE-2021-44832, CVE-2021-45105) affecting IBM WebSphere Application Server have been published in a separate security bulletin. The interim fix removes Apache Log4j.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Principal Product and Version(s)

|

Affected Supporting Product and Version

—|—
IBM WebSphere Application Server Patterns:

  • 2.3.3.3
    | IBM WebSphere Application Server:

  • 9.0

  • 8.5

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now. Please consult the following security bulletin for vulnerability details and information about fixes.

Workarounds and Mitigations

None

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.3%

Related for C786E96DD673C5766A45B6750BE6B879F3CF37718ACD79668ADC1130AF26E274