www.ibm.com
Open in
urlscan Pro
2a02:26f0:1700:48d::1e89
Public Scan
URL:
https://www.ibm.com/support/pages/node/6556406
Submission: On March 01 via api from US — Scanned from DE
Submission: On March 01 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
POST /support/pages/node/6556406
<form action="/support/pages/node/6556406" method="post" id="openid-connect-login-form" accept-charset="UTF-8">
<div><input data-drupal-selector="edit-openid-connect-client-generic-login" type="submit" id="edit-openid-connect-client-generic-login" name="generic" value="Log in with Generic" class="button js-form-submit form-submit">
</div><input autocomplete="off" data-drupal-selector="form-t2rpfg7gc896uqoopjiybyatzjqgmp02y-hospuj6uq" type="hidden" name="form_build_id" value="form-T2rPFg7gC896UQoopjIyByATzJQGmp02Y-HOSPuJ6uQ">
<input data-drupal-selector="edit-openid-connect-login-form" type="hidden" name="form_id" value="openid_connect_login_form">
</form><form class="ibm-row-form ibm-home-search ibm" enctype="multipart/form-data" id="spng-search" ng-submit="omniType()">
<input id="spng-search-query" class="bx--search-input" name="text" size="40" type="search" autocomplete="off" placeholder="Search support or find a product">
<a title="Search" aria-label="Search" href="#" tabindex="-1" id="spng-search-button" ng-click="omniButton()" class="ibm-search-link common-search-link"></a>
<div id="spng-search-typeahead-wrapper" style="display:none" class="search-results-wrapper">
<div id="spng-search-typeahead" class="common-search-results">
<div id="spng-spinner" style="display:none">
<h2 class="ibm-h2 ibm-h4 ibm-bold"><span class="ibm-spinner"> </span></h2>
</div>
<div id="sp-no-results" style="display:none">
<div class="results">
<p>No results were found for your search query.</p>
<div class="ibm-rule">
<hr>
</div>
<h5 class="ibm-h5"><strong>Tips</strong></h5>
<p>To return expected results, you can:</p>
<ul>
<li><strong>Reduce the number of search terms.</strong> Each term you use focuses the search further.</li>
<li><strong>Check your spelling.</strong> A single misspelled or incorrectly typed term can change your result.</li>
<li><strong>Try substituting synonyms for your original terms.</strong> For example, instead of searching for "java classes", try "java training"</li>
<li><strong>Did you search for an IBM acquired or sold product ?</strong> If so, follow the appropriate link below to find the content you need.</li>
</ul>
</div>
</div>
<div id="sp-doc-failure" style="display:none">
<div class="category">Our apologies</div>
<div class="results">
<p>Search results are not available at this time. Please try again later or use one of the other support options on this page.</p>
</div>
</div>
<div id="sp-prev-products" class="result_section"></div>
<div id="sp-wd-results" class="result_section"></div>
<div id="sp-prod-results" class="result_section"></div>
<div id="sp-doc-results" class="result_section"></div>
</div>
</div>
</form>Text Content
Support My IBM Log in
IBM Support
No results were found for your search query.
--------------------------------------------------------------------------------
TIPS
To return expected results, you can:
* Reduce the number of search terms. Each term you use focuses the search
further.
* Check your spelling. A single misspelled or incorrectly typed term can change
your result.
* Try substituting synonyms for your original terms. For example, instead of
searching for "java classes", try "java training"
* Did you search for an IBM acquired or sold product ? If so, follow the
appropriate link below to find the content you need.
Our apologies
Search results are not available at this time. Please try again later or use one
of the other support options on this page.
SECURITY BULLETIN: IBM CLOUD PAK FOR DATA SYSTEM 1.0 IS VULNERABLE TO REMOTE
CODE EXECUTION DUE TO APACHE LOG4J (CVE-2021-44832)
SECURITY BULLETIN
SUMMARY
Apache Log4j is used by IBM Cloud Pak for Data System 1.0 in openshift-logging.
This bulletin provides a remediation for the Apache Log4j vulnerability
(CVE-2021-44832).
VULNERABILITY DETAILS
CVEID: CVE-2021-44832
DESCRIPTION: Apache Log4j could allow a remote attacker with permission to
modify the logging configuration file to execute arbitrary code on the system.
By constructing a malicious configuration using a JDBC Appender with a data
source referencing a JNDI URI , an attacker could exploit this vulnerability to
execute remote code.
CVSS Base score: 6.6
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/216189 for the current
score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
AFFECTED PRODUCTS AND VERSIONS
Affected Product(s)Version(s)IBM Cloud Pak for Data System (ICPDS) 1.0 -
Openshift Container Platform 3.111.0.0.0- 1.0.7.7
REMEDIATION/FIXES
IBM strongly recommends addressing the vulnerability now by applying below
patch.
ProductVRMFRemediation / Fix
IBM Cloud Pak for Data System 1.0 - Openshift Container Platform 3.11
1.0.0.1-openshift-3.11.log4j-WS-ICPDS-fp140Link to Fix Central
* Please follow the steps given in release notes to apply above remediation.
Please replace fpxxx in the release note with fp140.
WORKAROUNDS AND MITIGATIONS
None
GET NOTIFIED ABOUT FUTURE SECURITY BULLETINS
Subscribe to My Notifications to be notified of important product support alerts
like this.
REFERENCES
Complete CVSS v3 Guide
On-line Calculator v3
Off
RELATED INFORMATION
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
CHANGE HISTORY
14 Feb 2022: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately
impact the Overall CVSS Score. Customers can evaluate the impact of this
vulnerability in their environments by accessing the links in the Reference
section of this Security Bulletin.
DISCLAIMER
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
DOCUMENT LOCATION
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o
TPS"},"Product":{"code":"SSHDA9","label":"IBM Cloud Pak for Data
System"},"Component":"","Platform":[{"code":"PF025","label":"Platform
Independent"}],"Version":"All Versions","Edition":"","Line of
Business":{"code":"LOB10","label":"Data and AI"}}]
DOCUMENT INFORMATION
More support for:
IBM Cloud Pak for Data System
Software version:
All Versions
Document number:
6556406
Modified date:
14 February 2022
UID
ibm16556406
Page Feedback
Close
CONTACT AND FEEDBACK
NEED SUPPORT?
* Submit feedback to IBM Support
* 1-800-IBM-7378 (USA)
* Directory of worldwide contacts
Top products & platforms Industries Artificial intelligence Blockchain Business
operations Cloud computing Data & Analytics Hybrid cloud IT infrastructure
Security Supply chain What is Hybrid Cloud? What is Artificial intelligence?
What is Cloud Computing? What is Kubernetes? What are Containers? What is
DevOps? What is Machine Learning? IBM Consulting Communities Developer education
Support - Download fixes, updates & drivers IBM Research Partner with us -
PartnerWorld Training - Courses Upcoming events & webinars Annual report Career
opportunities Corporate social responsibility Diversity & inclusion Investor
relations News & announcements Thought leadership Security, privacy & trust
About IBM LinkedIn Twitter Instagram Contact IBM Privacy Terms of use
Accessibility United States — English Contact and feedback