Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM90BE58D9524F7F6A98C3EE79C93A2EE6A0EA2C0D7E33DC628128C7D1BCFA8619
HistoryJan 05, 2022 - 7:09 p.m.

Security Bulletin: IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Log4j for CVE-2021-44228

2022-01-0519:09:46
www.ibm.com
28

0.976 High

EPSS

Percentile

100.0%

JSON

Summary

IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Log4j for CVE-2021-44228. Log4j is used by various microservices either directly or indirectly through dependent open source software for logging messages to files.

Vulnerability Details

CVEID:CVE-2021-44228
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for Multicloud Management Security Services Before 2.3 Fixpack 3
IBM Cloud Pak for Multicloud Management Monitoring Before 2.3 Fixpack 3

Remediation/Fixes

Upgrade to IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 3 by following the instructions at <https://ibm.biz/upgrade_fixpack&gt;.

Note:

- The Apache Log4j open source library is used by Elasticsearch for logging messages to files. The recommended solution involves two images of IBM Cloud Pak for Multicloud Management: icp-elasticsearch-oss. This image has been updated to use Elasticsearch 6.8.21 in IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 3. For details about Elasticsearch announcement (ESA-2021-31), see <https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476&gt;

- Where the log4j package could not be updated at this time, this 2.3 Fix Pack3 release mitigates the vulnerability by setting the JVM option 3.4k -Dlog4j2.formatMsgNoLookups=true and removing the vulnerable JndiLookup class from the Log4j package. Some vulnerability scanners might continue to flag Elasticsearch in association with this vulnerability based on the Log4j version alone. However, the mitigations sufficiently protect both remote code execution and information leakage.

Workarounds and Mitigations

IBM recommends clients should configure their firewalls to block unauthorized outbound connections to mitigate against this and similar vulnerabilities.

Related

threatpost 48
nessus 5
trellix 1
kitploit 2
ibm 48
hivepro 1
osv 4
thn 5
rapid7blog 3
freebsd 1
suse 1
hackerone 2
openvas 4
nvd 1
cisa 2
metasploit 1
githubexploit 54
ubuntu 2
zdt 2
wallarmlab 1
github 1
mmpc 1
fedora 2
packetstorm 2
prion 1
veeam 1
qualysblog 1
malwarebytes 1
vmware 1
threatpost
threatpost
The Log4j Vulnerability Puts Pressure on the Security World
2022-01-18 20:21:04
Emotet Now Spreading Through Malicious Excel Files
2022-02-16 13:39:33
Cyberattackers Cook Up Employee Personal Data Heist for Meyer
2022-02-22 20:41:48
nessus
nessus
FreeBSD : serviio -- affected by log4j vulnerability (1ea05bb8-5d74-11ec-bb1e-001517a2e1a4)
2021-12-15 00:00:00
Cisco Identity Services Log4j Engine Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)
2022-05-02 00:00:00
Cisco UCS Director Log4j Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)
2022-06-03 00:00:00
trellix
trellix
Log4J and The Memory That Knew Too Much
2022-01-19 00:00:00
kitploit
kitploit
NodeSecurityShield - A Developer And Security Engineer Friendly Package For Securing NodeJS Applications
2022-05-14 21:30:00
Ox4Shell - Deobfuscate Log4Shell Payloads With Ease
2022-08-24 12:30:00
ibm
ibm
Security Bulletin: Vulnerabilities in log4j could affect Name Analyzer in IBM InfoSphere Global Name Management (CVE-2021-44228)
2022-04-20 17:04:55
Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics Subscription (CVE-2021-44228)
2021-12-21 20:44:40
Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-44228)
2021-12-20 23:06:27
hivepro
hivepro
Monti ransomware infiltrates networks via the well-known Log4Shell
2022-09-16 10:51:13
osv
osv
apache-log4j2 - security update
2021-12-12 00:00:00
apache-log4j2 vulnerability
2021-12-17 12:46:46
apache-log4j2 vulnerability
2021-12-14 13:39:20
thn
thn
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
2022-01-08 07:04:00
Last Years Open Source - Tomorrow's Vulnerabilities
2022-11-01 12:04:00
Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
2022-08-27 03:23:00
rapid7blog
rapid7blog
Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List
2022-01-14 14:46:41
Log4Shell 2 Months Later: Security Strategies for the Internet's New Normal
2022-02-17 18:00:00
3 Takeaways From the 2022 Verizon Data Breach Investigations Report
2022-05-31 13:22:17
freebsd
freebsd
graylog -- include log4j patches
2021-12-10 00:00:00
suse
suse
Security update for log4j (important)
2021-12-12 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Log4Shell: RCE 0-day exploit on █████████
2021-12-16 18:32:13
Acronis: [CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day
2021-12-13 23:42:16
openvas
openvas
Fedora: Security Advisory for log4j (FEDORA-2021-66d6c484f3)
2021-12-23 00:00:00
Apache JSPWiki 2.11.0 Log4j RCE Vulnerability (Log4Shell) - Active Check
2021-12-20 00:00:00
Mageia: Security Advisory (MGASA-2021-0556)
2022-01-28 00:00:00
nvd
nvd
CVE-2021-44228
2021-12-10 10:15:09
cisa
cisa
Ivanti Updates Log4j Advisory with Security Updates for Multiple Products  
2022-01-14 00:00:00
CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
2021-12-13 00:00:00
metasploit
metasploit
Log4Shell HTTP Header Injection
2021-12-29 14:10:07
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-12 10:53:15
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-12 12:27:39
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-10 18:06:06
ubuntu
ubuntu
Apache Log4j 2 vulnerability
2021-12-17 00:00:00
Apache Log4j 2 vulnerability
2021-12-14 00:00:00
zdt
zdt
UniFi Network Application Unauthenticated Log4Shell Remote Code Execution Exploit
2022-01-24 00:00:00
Apache Log4j 2 - Remote Code Execution Exploit
2021-12-14 00:00:00
wallarmlab
wallarmlab
Log4j 0day mitigation update CVE-2021-44228
2021-12-10 20:56:40
github
github
Apache Log4j Remote Code Execution
2021-12-14 21:07:14
mmpc
mmpc
Build a stronger cybersecurity team through diversity and training
2022-01-20 17:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: jansi-2.1.1-4.fc34
2021-12-22 01:14:26
[SECURITY] Fedora 35 Update: log4j-2.15.0-1.fc35
2021-12-13 17:13:00
packetstorm
packetstorm
Apache Log4j2 2.14.1 Information Disclosure
2021-12-14 00:00:00
UniFi Network Application Unauthenticated Log4Shell Remote Code Execution
2022-01-24 00:00:00
prion
prion
Default configuration
2021-12-10 10:15:00
veeam
veeam
Log4j Vulnerability (CVE-2021-44228)
2021-12-13 00:00:00
qualysblog
qualysblog
Put SecOps in the Driver’s Seat with Custom Assessment and Remediation
2022-05-20 13:00:00
malwarebytes
malwarebytes
CISA Log4Shell warning: Patch VMware Horizon installations immediately
2022-06-27 09:54:58
vmware
vmware
VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
2021-12-10 00:00:00

0.976 High

EPSS

Percentile

100.0%

JSON
Related for 90BE58D9524F7F6A98C3EE79C93A2EE6A0EA2C0D7E33DC628128C7D1BCFA8619
threatpost48nessus5trellix1kitploit2ibm48hivepro1osv4thn5rapid7blog3freebsd1suse1hackerone2openvas4nvd1cisa2metasploit1githubexploit54ubuntu2zdt2wallarmlab1github1mmpc1fedora2packetstorm2prion1veeam1qualysblog1malwarebytes1vmware1