Apache Log4j remote code execution vulnerability affects IBM Sterling Control Center. Customers are strongly encouraged to take action and apply the fix below.
CVEID:CVE-2021-44832
**DESCRIPTION:**Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary code on the system. By constructing a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI , an attacker could exploit this vulnerability to execute remote code.
CVSS Base score: 6.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216189 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Control Center | 6.2.1.0 |
IBM Sterling Control Center | 6.2.0.0 |
IBM Sterling Control Center | 6.1.3.0 |
IBM strongly recommends addressing the vulnerability now by upgrading.
Product
|
VRMF
|
iFix
|
Remediation
—|—|—|—
IBM Sterling Control Center
|
6.2.1.0
|
iFix05
|
IBM Sterling Control Center
|
6.2.0.0
|
iFix15
|
IBM Sterling Control Center
|
6.1.3.0
|
iFix11
|
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm control center | eq | 6130 | |
ibm control center | eq | 6200 | |
ibm control center | eq | 6210 |