Your review has been sent successfully

IBM Alert

3046
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

6 January, 2022

● Critical

2022-4166

All

Description:

IBM has released security updates to address several vulnerabilities in the following products:

Products that affected by the Apache Log4j vulnerability:

  • IBM Tivoli System Automation Application Manager
    • 4.1
  • BM Cloud Pak for Multicloud Management Security Services
    • Before 2.3 Fixpack 3
  • IBM Cloud Pak for Multicloud Management Monitoring
    • Before 2.3 Fixpack 3
  • IBM Cloud APM, Base Private
    • 8.1.4
  • IBM Cloud APM, Advanced Private
    • 8.1.4
  • IBM Jazz Reporting Service
    • 6.0.6.1
    • 7.0
    • 6.0.6
    • 7.0.1
  • RELM
    • 6.0.6.1
    • 6.0.6
  • ENI
    • 7.0.1
    • 7.0
  • Global Configuration Management
    • 6.0.6-7.0.1
  • RQM
    • 6.0.6.1
    • 6.0.6
  • ETM
    • 7.0.1
    • 7.0.0
  • EWM
    • 7.0.1
    • 7.0
  • RTC
    • 6.0.6.1
    • 6.0.6
  • DOORS Next
    • 7.0
    • 7.0.1
  • RDNG
    • 6.0.6.1
    • 6.0.6
    • 7.0.2
  • RMM
    • 7.0.1
    • 6.0.6.1
    • 6.0.6
    • 7.0
  • Rhapsody DM
    • 6.0.6
    • 6.0.6.1
  • ELM
    • 7.0.1
    • 7.0
    • 6.0.6.1
    • 6.0.6
  • IBM Spectrum Protect for Space Management
    • 8.1.11.0-8.1.13.1
    • 7.1.8.10-7.1.8.13
  • IBM Sterling Partner Engagement Manager Standard and Essentials
    • 6.1.2.3.3
    • 6.2.0.1.2
  • IBM Sterling Connect:Direct for zOS
    • 6.2
  • IBM Spectrum Protect Snapshot for Windows (formerly IBM Tivoli Storage FlashCopy Manager for Windows)
    • 8.1.11.0-8.1.13.1
  • IBM Tivoli Storage FlashCopy Manager for Windows
    • 4.1.6.10-4.1.6.x
  • IBM Spectrum Protect Backup-Archive Client
    • 8.1.11.0-8.1.13.1
    • 7.1.8.10-7.1.8.13
  • IBM Spectrum Protect for Virtual Environments: Data Protection for VMware
    • 8.1.11.0-8.1.13.1
    • 7.1.8.10-7.1.8.13
  • IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V
    • 8.1.11.0-8.1.13.1
  • IBM Tivoli Monitoring
    • 6.3.0 fix pack 7 service pack 5


  • RFT
    • 9.1
    • 9.2
    • 9.5
  • IBM Security Verify Access
    • 10.0.0
  • IBM Tivoli Monitoring
    • 6.3.0
Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Denial of service attack (DoS)
  • Disclose sensitive information
  • Remote code execution
Best practice and Recommendations:

The CERT team encourages users to review IBM security advisory and apply the necessary updates:

Last updated at 6 January, 2022

Rate the content

rate-icon
up icon