Lucene search

K
ibmIBME2AA9B11D88890FE4ED3C245CC3A519ACAAD11F11F032D2AE032FE428B8C4012
HistoryJan 13, 2022 - 7:45 a.m.

Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-45105, CVE-2021-44832).

2022-01-1307:45:31
www.ibm.com
26

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

Summary

IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM® Intelligent Operations Center (IOC)

V1.5.0, V1.5.0.1, V1.5.0.2, V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3

IBM® Intelligent Operations Center for Emergency Management | V1.6

Remediation/Fixes

Download the correct version of the fix from the following link: Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-45105, CVE-2021-44832). Installation instructions for the fix are included in the readme document that is in the fix package.

Workarounds and Mitigations

None

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

Related for E2AA9B11D88890FE4ED3C245CC3A519ACAAD11F11F032D2AE032FE428B8C4012