Number: AV22-001
Date: 4 January 2022
Between 29 December 2021 and 3 January 2022 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:
- IBM – Apache Log4j Vulnerability – multiple versions and platforms
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.
IBM – Apache Log4j Vulnerability
https://www.ibm.com/blogs/psirt/an–update–on–the–apache–log4j–cve–2021–44228–vulnerability/
IBM Product Security Incident Response
https://www.ibm.com/blogs/psirt/
Active Exploitation of Apache Log4j Vulnerability (AL21-019)
https://cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability