Number: AV21-646
Date: 21 December 2021
Between 13 and 19 December 2021 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:
• IBM Cloud Pak for Multicloud Management Monitoring – versions prior to 2.3 Fix Pack 2
• IBM QRadar SIEM – versions 7.3.0 to 7.3.3 FP 10 and 7.4.0 to 7.4.3 FP 4
• IBM Resilient – version IBM Security SOAR
• IBM Tivoli Netcool System Service Monitors/Application Service Monitors – version 4.0.1
• Watson Discovery versions 4.0.0 to 4.0.3 and 2.0.0 to 2.2.1
• IBM – Apache Log4j Vulnerability – multiple versions and platforms
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.
IBM – Apache Log4j Vulnerability
https://www.ibm.com/blogs/psirt/an–update–on–the–apache–log4j–cve–2021–44228–vulnerability/
IBM Product Security Incident Response
https://www.ibm.com/blogs/psirt/
Active Exploitation of Apache Log4j Vulnerability (AL21-019)
https://cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability