IBM Security Verify Governance Products NOT Affected by CVE-2021-44228 Exploit
After conducting extensive research product code base, it is determined that none of the products outlined below are using the vulnerable Java library log4j version with JNDI exploit (CVE-2021-44228)
IBM Security Identity Governance and Intelligence*
IBM Security Identity Manager*
IBM Security Verify Governance*
All supported versions and all their add-on components such as Adapters and Information Queue
Updated Tuesday, Dec 21 2021
Clarification for customers running IBM Security Verify Governance Products (Identity Manager) mentioned in this bulletin deployed as Software Stack (not Virtual Appliance):
Updated Monday, Dec 20 2021
Refer to the WebSphere Application Server security bulletins for additional information:
<https://www.ibm.com/support/pages/node/6525706>
<https://www.ibm.com/support/pages/node/6526750>