IBM security advisory

Number: AV21-646
Date: 21 December 2021

Between 13 and 19 December 2021 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:

•    IBM Cloud Pak for Multicloud Management Monitoring – versions prior to 2.3 Fix Pack 2
•    IBM QRadar SIEM – versions 7.3.0 to 7.3.3 FP 10 and 7.4.0 to 7.4.3 FP 4  
•    IBM Resilient – version IBM Security SOAR
•    IBM Tivoli Netcool System Service Monitors/Application Service Monitors – version 4.0.1  
•    Watson Discovery versions 4.0.0 to 4.0.3 and 2.0.0 to 2.2.1
•    IBM – Apache Log4j Vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

IBM – Apache Log4j Vulnerability

https://www.ibm.com/blogs/psirt/an–update–on–the–apache–log4j–cve–2021–44228–vulnerability/

IBM Product Security Incident Response

https://www.ibm.com/blogs/psirt/

Active Exploitation of Apache Log4j Vulnerability (AL21-019)

https://cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability

Date modified: