IBM Data Risk Manager (IDRM) 2.0.6.9 and earlier is impacted by Log4Shell (CVE-2021-44228), through the use of Apache Log4j’s JNDI logging feature. This vulnerability has been addressed in the updated version of IDRM 2.0.6.10. Please see remediation steps below to apply fix. All customers encouraged to act quickly to update their systems.
CVEID:CVE-2021-44228
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM DRM | 2.0.6 |
To obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6.9, and then apply the latest FixPack 2.0.6.10.
NOTE: The FixPack is not cumulative. So it must be applied on top of 2.0.6.9 in sequence.
Product| VRMF| _APAR
_| Remediation / First Fix
—|—|—|—
IBM Data Risk Manager| 2.0.6|
|
Apply DRM_2.0.6.1_Fixpack
Apply DRM_2.0.6.2_Fixpack
Apply DRM_2.0.6.3_FixPack
Apply DRM_2.0.6.4_FixPack
Apply DRM_2.0.6.5_FixPack
Apply DRM_2.0.6.6_FixPack
Apply DRM_2.0.6.7_FixPack
Apply DRM_2.0.6.8_FixPack
Apply DRM_2.0.6.9_FixPack
Apply DRM_2.0.6.10_FixPack
IBM Data Risk Manager| 2.0.6.1|
|
Apply DRM_2.0.6.2_Fixpack
Apply DRM_2.0.6.3_FixPack
Apply DRM_2.0.6.4_FixPack
Apply DRM_2.0.6.5_FixPack
Apply DRM_2.0.6.6_FixPack
Apply DRM_2.0.6.7_FixPack
Apply DRM_2.0.6.8_FixPack
Apply DRM_2.0.6.9_FixPack
Apply DRM_2.0.6.10_FixPack
IBM Data Risk Manager| 2.0.6.2|
|
Apply DRM_2.0.6.3_FixPack
Apply DRM_2.0.6.4_FixPack
Apply DRM_2.0.6.5_FixPack
Apply DRM_2.0.6.6_FixPack
Apply DRM_2.0.6.7_FixPack
Apply DRM_2.0.6.8_FixPack
Apply DRM_2.0.6.9_FixPack
Apply DRM_2.0.6.10_FixPack
IBM Data Risk Manager| 2.0.6.3|
|
Apply DRM_2.0.6.4_FixPack
Apply DRM_2.0.6.5_FixPack
Apply DRM_2.0.6.6_FixPack
Apply DRM_2.0.6.7_FixPack
Apply DRM_2.0.6.8_FixPack
Apply DRM_2.0.6.9_FixPack
Apply DRM_2.0.6.10_FixPack
IBM Data Risk Manager| 2.0.6.4|
|
Apply DRM_2.0.6.5_FixPack
Apply DRM_2.0.6.6_FixPack
Apply DRM_2.0.6.7_FixPack
Apply DRM_2.0.6.8_FixPack
Apply DRM_2.0.6.9_FixPack
Apply DRM_2.0.6.10_FixPack
IBM Data Risk Manager| 2.0.6.5|
|
Apply DRM_2.0.6.6_FixPack
Apply DRM_2.0.6.7_FixPack
Apply DRM_2.0.6.8_FixPack
Apply DRM_2.0.6.9_FixPack
Apply DRM_2.0.6.10_FixPack
IBM Data Risk Manager| 2.0.6.6|
|
Apply DRM_2.0.6.7_FixPack
Apply DRM_2.0.6.8_FixPack
Apply DRM_2.0.6.9_FixPack
Apply DRM_2.0.6.10_FixPack
IBM Data Risk Manager| 2.0.6.7|
|
Apply DRM_2.0.6.8_FixPack
Apply DRM_2.0.6.9_FixPack
Apply DRM_2.0.6.10_FixPack
IBM Data Risk Manager| 2.0.6.8|
|
Apply DRM_2.0.6.9_FixPack
Apply DRM_2.0.6.10_FixPack
IBM Data Risk Manager| 2.0.6.9|
|
None