207 matches found
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)
Summary There are multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 impacting IBM Decision Optimization for Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary There are multiple Apache Log4j vulnerabilities CVE-2021-45105, CVE-2021-45046 impacting IBM Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of servic...
Ubuntu 18.04 LTS / 20.04 LTS : Apache Log4j 2 vulnerabilities (USN-5222-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5222-1 advisory. It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI...
Security Bulletin: Apache Log4j is vulnerable to CVE-2021-45105 and CVE-2021-45046 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Apache Log4j which is vulnerable to CVE-2021-45105 and CVE-2021-45046. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled...
SUSE CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j
Summary The following security issues has been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect fr...
Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Cloud Application Business Insights (CVE-2021-45105, CVE-2021-45046)
Summary IBM Cloud Application Business Insights ICABI is vulnerable to denial of service due to Apache Log4j CVE-2021-45105 and arbitrary code execution due to Apache Log4j CVE-2021-45046 Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...
Amazon Linux 2022 : log4j (ALAS2022-2022-225)
The version of log4j installed on the remote host is prior to 2.17.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-225 advisory. - Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in...
Security Bulletin: Vulnerabilities from log4j-core-2.16.0.jar affect IBM Operations Analytics - Log Analysis (CVE-2021-44832, CVE-2021-45105)
Summary log4j-core-2.16.0.jar is vulnerable to remote code execution RCE attack and uncontrolled recursion. This is shipped in Log Analysis. The fix includes Apache Log4j core 2.17.1 Vulnerability Details CVEID:CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission...
Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)
Summary For the 8.0.0 version of MSO, which is distributed as part of the MAS catalog here are the instructions to move to the 8.0.3 version to get log4j 2.17.1 Apache Log4j - CVE-2021-45105 affecting v2.16 and CVE-2021-45046 affecting v2.15 Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION:...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM InfoSphere Information Server which uses Apache Log4j for logging. The fix upgrades Apache Log4j to version 2.17.0. Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerab...
Security Bulletin: Hortonworks DataFlow product has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities [CVE-2021-44228], [CVE-2021-45105], and [CVE-2021-45046]
Summary Hortonworks DataFlow product for IBM has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45105, and CVE-2021-45046. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache...
Security Bulletin: Vulnerability have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-45105, CVE-2021-44832)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2021-45105, CVE-2021-44832)
Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Governance, Identity Manager virtual appliance component
Summary IBM has found several open source vulnerabilites in the IBM Security Verify Governance, Identity Manager virtual appliance product, including Apache Log4j, which is used by IBM Security Verify Governance, Identity Manager virtual appliance component as part of its logging infrastructure...
Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15)
Summary For the 8.0.0 version of MSO, which is distributed as part of the MAS catalog here are the instructions to move to the 8.0.3 version to get log4j 2.17.1 Apache Log4j - CVE-2021-45105 affecting v2.16 and CVE-2021-45046 affecting v2.15 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION:...
Security Bulletin: Enterprise Content Management System Monitor is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)
Summary Enterprise Content Management System Monitor is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-45105 and CVE-2021-45046. Apache Log4j is used by Enterprise Content Management System Monitor as part of its logging infrastructure.The fix includes Apache Log4j v2.17.1...
Security Bulletin: IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics for Communications Service Providers and Datasets Impacted by Log4j Vulnerabilities (CVE-2021-45046, CVE-2021-45105)
Summary Apache Log4j is used by as part of its logging infrastructure by IBM Analytic Accelerator Framework for Communication Service Providers AAF and IBM Customer and Network Analytics for Communications Service Providers and Datasets CNA. These products are vulnerable to CVE-2021-45105 and...
Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)
Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are use...
Security Bulletin: IBM StoredIQ for Legal is vulnerable to denial of service and remote code execution due to Apache log4j ( CVE-2021-44228, CVE-2021-45105)
Summary There are multiple Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45105 impacting IBM StoredIQ for Legal. Apache Log4j is included in WebSphere Application Server WAS, which is distributed with IBM Stored IQ for Legal. These vulnerabilities are addressed by removing Apache Log4j fr...