Number: AV21-663
Date: 29 December 2021

Between 20 and 28 December 2021 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:

  • IBM App Connect Enterprise Certified Container – version 1.1-eus with Operator
  • IBM Business Automation Workflow – versions 18.0, 19.0, 20.0 and 21.0
  • IBM Business Monitor – versions 8.5.5, 8.5.6 and 8.5.7
  • IBM Business Process Manager – versions 8.5 and 8.6
  • IBM Event Streams – multiple versions
  • IBM Rational ClearCase – multiple versions
  • IBM Rational ClearQuest – versions 9.0, 9.0.1, 9.0.2 and 9.1
  • IBM – Apache Log4j Vulnerability – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

IBM – Apache Log4j Vulnerability
https://www.ibm.com/blogs/psirt/an–update–on–the–apache–log4j–cve–2021–44228–vulnerability/

IBM Product Security Incident Response
https://www.ibm.com/blogs/psirt/

Active Exploitation of Apache Log4j Vulnerability (AL21-019)
https://cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability

 



Source link