IBM Alert
1807Warning Date
Severity Level
Warning Number
Target Sector
25 January, 2022
● High
2022-4270
All
IBM has released security updates to address several vulnerabilities in the following products:
- IBM WebSphere Application Server Liberty
- Apache Log4j
- IBM Security Guardium Insights
- IBM OpenPages with Watson
- IBM Spectrum Copy Data Management
- Apache Solr and Logstash shipped with IBM Operations Analytics – Log Analysis
- IBM Data Studio Client
- IBM® Db2®
- IBM® Java SDK
- Liberty for Java for IBM Cloud
Attacker could exploit these vulnerabilities by doing the following:
- Remote code execution
- Denial of service attack (DoS)
- LDAP injection
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson-has-addressed-apache-log4j-vulnerability-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-copy-data-management-cve-2021-44832/
- https://www.ibm.com/blogs/psirt/security-bulletin-log4j-remote-code-execution-vulnerability-in-apache-solr-and-logstash-shipped-with-ibm-operations-analytics-log-analysis-cve-2021-44228-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-data-studio-client-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-liberty-for-java-for-ibm-cloud-october-2021-cpu/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-ldap-injection-cve-2021-39031/
- https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/