The official site for Saudi CERT
IBM Updates
2697
Warning Date
Severity Level
Warning Number
Target Sector
28 December, 2021
● Critical
2021-4142
All
Description:
IBM has released security updates to address several vulnerabilities in the following products:
Products that affected by the Apache Log4j vulnerability:
- SPSS Statistics Subscription
- 1.0
- IBM SPSS Statistics Server
- 28.0.1
- 27.0.1
- 26.0
- 25.0
- IBM SPSS Statistics Desktop
- 28.0.1
- IBM Common Licensing
- Agent 9.0
- ART 9.0
- IBM Spectrum Protect Operations Center
- 8.1.0.000-8.1.13.100
- 7.1.0.000-7.1.14.100
- IBM SPSS Modeler
- 18.3.0.0
- 18.2.2.0
- IBM® Db2®
- IBM i
- 7.4
- 7.3
- 7.2
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Leak sensitive information
- Remote code execution
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-cve-2021-45105-affecting-v2-16-and-cve-2021-45046-affecting-v2-15-affect-ibm-spss-statistics-subscription/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spss-statistics-is-vulnerable-to-denial-of-service-due-to-apache-log4j-cve-2021-45105-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-cve-2021-45105-affecting-v2-16-and-cve-2021-45046-affecting-v2-15-affect-ibm-spss-statistics-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-cve-2021-45105-affecting-v2-16-and-cve-2021-45046-affecting-v2-15-affect-ibm-spss-statistics-desktop/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-remote-attack-vulnerabilities-in-apache-log4j-affect-ibm-common-licensings-license-key-server-lks-administration-and-reporting-tool-art-and-its-agent/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-protect-operations-center-cve-2021-45105-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletinibm-spss-modeler-is-vulnerable-to-denial-of-service-due-to-apache-log4j-cve-2021-45105-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-45046-cve-2021-45105-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-navigator-for-i-is-affected-by-security-vulnerability-cve-2021-38876/
For the latest updates on IBM products being affected by the Apache Log4j vulnerability:
Rate the content
Share the page
