IBM security advisory

Number: AV21-663
Date: 29 December 2021

Between 20 and 28 December 2021 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:

  • IBM App Connect Enterprise Certified Container – version 1.1-eus with Operator
  • IBM Business Automation Workflow – versions 18.0, 19.0, 20.0 and 21.0
  • IBM Business Monitor – versions 8.5.5, 8.5.6 and 8.5.7
  • IBM Business Process Manager – versions 8.5 and 8.6
  • IBM Event Streams – multiple versions
  • IBM Rational ClearCase – multiple versions
  • IBM Rational ClearQuest – versions 9.0, 9.0.1, 9.0.2 and 9.1
  • IBM – Apache Log4j Vulnerability – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

IBM – Apache Log4j Vulnerability
https://www.ibm.com/blogs/psirt/an–update–on–the–apache–log4j–cve–2021–44228–vulnerability/

IBM Product Security Incident Response
https://www.ibm.com/blogs/psirt/

Active Exploitation of Apache Log4j Vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. (AL21-019)
https://cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability

 

Date modified: