Security Bulletin: IBM Watson Machine Learning in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary There are multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 impacting IBM Watson Machine Learning in Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is...

Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Summary Apache Log4j CVE-2021-45105, CVE-2021-45046 is used by IBM Operations Analytics Predictive Insights as part of its UI and REST Mediation components . The fix includes Apache log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

Security Bulletin: IBM® Disconnected Log Collector is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j is used by IBM® Disconnected Log Collector to log system events. This bulletin provides a remediation for the vulnerabilities, CVE-2021-45105 and CVE-2021-45046 by upgrading IBM® Disconnected Log Collector and thus addressing the exposure to the Apache Log4j vulnerabilities...

Security Bulletin: Due to the use of Apache Log4j, IBM Spectrum Symphony is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary Apache Log4j is used by IBM Spectrum Symphony for generating logs in some of its components such as ELK, GUI and so on. This bulletin provides interim fixes which include Apache Log4j 2.17.1 to fix arbitrary code execution CVE-2021-44832 and CVE-2021-45046 and denial of service...

Security Bulletin: IBM Telco Network Cloud Manager - Performance is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j is used by IBM Telco Network Cloud Manager - Performance for logging and is vulnerable to denial of service and arbitrary code execution due to Apache Log4j CVE-2021-45105 and CVE-2021-45046. The fix includes Apache Log4j v2.17. Vulnerability Details CVEID: CVE-2021-45105...

Security Bulletin: IBM Db2® Warehouse is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Apache Log4j open source library used by IBM® Db2® Warehouse is affected by multiple vulnerabilitiies CVE-2021-45105 and CVE-2021-45046. This library is used by the Db2 Federation, Spark, Livy and IBM Spectrum Protect as part of its logging infrastructure. The fix includes includes Apache...

Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for IBM Connections (CVE-2021-45105)

Summary Apache Log4j open source library is used by Content Collector for IBM Connections. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure...

Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for File Systems (CVE-2021-45105)

Summary Apache Log4j open source library is used by Content Collector for File Systems. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Data Risk Manager (CVE-2021-45105, CVE-2021-45046)

Summary IBM Data Risk Manager IDRM 2.0.6.10 and earlier is impacted by Log4j CVE-2021-45105, CVE-2021-45046. This vulnerability has been addressed in the updated version of IDRM 2.0.6.11 which includes Apache Log4j 2.17.1. Please see remediation steps below to apply fix. All customers encouraged ...

Security Bulletin: Due to Apache Log4j, IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Summary There are vulnerabilities in the Apache Log4j open source library. The library is used by IBM CloudPak foundational services which is a dependency of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps. The fix includes upgrade to Apache Log4j v2.17. Vulnerability Details CVEID:...

Security Bulletin: Apache Log4j vulnerabilities impact z/Transaction Processing Facility (z/TPF) and TPF Operations Server (CVE-2021-45105, CVE-2021-45046)

Summary The Apache Log4j vulnerabilities affect the z/Transaction Processing Facility z/TPF system and TPF Operations Server. Several Java applications on the z/TPF system depend on Apache Log4j capabilities. Additionally, the 64-bit Java support in TPF Operations Server uses Apache Log4j...

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect for Space Management (CVE-2021-45105, CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. IBM Spectrum Protect for Space Management includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j files. The below fix packages include Apache Log4j 2.17...

Security Bulletin: Apache Log4j vulnerability impacts IBM Sterling Partner Engagement Manager (CVE-2021-45105, CVE-2021-45046)

Summary Apache Log4j is used by IBM Sterling Partner Engagement Manager for generating logs in all components and tools. This bulletin provides remediation for the reported vulnerability by upgrading Apache Log4j jars to 2.17.0 in IBM Sterling Partner Engagement Manager. Vulnerability Details...

Security Bulletin: Apache Log4j vulnerabilities impact IBM Sterling Connect:Direct for Microsoft Windows (CVE-2021-45105, CVE-2021-45046)

Summary There are vulnerabilities in Apache Log4j used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log...

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Sterling Secure Proxy (CVE-2021-45105, CVE-2021-45046)

Summary IBM Sterling Secure Proxy is vulnerable to denial of service and arbitrary code execution due to Apache Log4j, which is used for logging CVE-2021-45105,CVE-2021-45046. The fix includes Apache Log4j 2.17.0. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable...

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-45105, CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift due to its use of the Strimzi operator. The below fix package includes Apache...

Security Bulletin: Apache Log4j vulnerabilities, CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15), affect IBM SPSS Statistics Desktop

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Statistics Desktop which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of...

Security Bulletin: IBM SPSS Statistics is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Statistics which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-45105) affects IBM Workload Scheduler 9.5

Summary Apache Log4j 2.16, that is affected by CVE-2021-45105, is installed with IBM Workload Scheduler 9.5.0.5 in jdbc driver for informix/Onedb rdbms. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fro...

Security Bulletin: Vulnerability in Apache Log4j affects IBM SPSS Analytic Server (CVE-2021-45105 and CVE-2021-45046)

Summary There is a vulnerability in the version of Apache Log4j that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from...