Number: AV22-173
Date: 4 April 2022
Between 28 March to 3 April 2022 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:
- IBM – Apache Log4j Vulnerability – multiple versions and platforms
- IBM Cloud Pak for Security – versions 1.8.0.0, 1.8.1.0 and 1.9.1.0
- IBM Partner Engagement Manager – version 2.0
- IBM QRadar Network Security – versions 5.4.0 and 5.5.0
- IBM QRadar Network Packet Capture – multiple versions
- IBM Spectrum Discover – versions 2.0.4 and 2.0.4.1 to 2.0.4.4
- IBM WebSphere Application Server Liberty for IBM i – versions 7.2, 7.3 and 7.4
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
IBM – Apache Log4j Vulnerability
IBM Product Security Incident Response
Active Exploitation of Apache Log4j Vulnerability (AL21-019)