Number: AV21-646
Date: 21 December 2021

Between 13 and 19 December 2021 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:

•    IBM Cloud Pak for Multicloud Management Monitoring – versions prior to 2.3 Fix Pack 2
•    IBM QRadar SIEM – versions 7.3.0 to 7.3.3 FP 10 and 7.4.0 to 7.4.3 FP 4  
•    IBM Resilient – version IBM Security SOAR
•    IBM Tivoli Netcool System Service Monitors/Application Service Monitors – version 4.0.1  
•    Watson Discovery versions 4.0.0 to 4.0.3 and 2.0.0 to 2.2.1
•    IBM – Apache Log4j Vulnerability – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

IBM – Apache Log4j Vulnerability

https://www.ibm.com/blogs/psirt/an–update–on–the–apache–log4j–cve–2021–44228–vulnerability/

IBM Product Security Incident Response

https://www.ibm.com/blogs/psirt/

Active Exploitation of Apache Log4j Vulnerability (AL21-019)

https://cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability



Source link