Number: AV22-139
Date: 21 March 2022
Between 14 and 20 March 2022 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:
- IBM – Apache Log4j Vulnerability - multiple versions and platforms
- IBM Cloud Automation Manager – version 4.2.0.1
- IBM Control Center – version 6.1.3 and 6.2.0.0
- IBM Netezza Performance Portal – versions prior to 2.1.1.12
- IBM Spectrum Protect Operations Center – version 8.1.0.000 to 8.1.13.300
- IBM Spectrum Protect for Virtual Environments – multiple platforms, version 8.1.0.0 to 8.1.13.3
- IBM Spectrum Protect for Workstations Central Administration Console – version 8.1.0.0 to 8.1.2.3
- IBM Tivoli Netcool/OMNIbus Integrations – Probe DSL Factory Framework
- Tivoli Composite Application Manager for Application Diagnostics – version 7.1.0
- IBM TRIRIGA – version 4.0
- IBM TRIRIGA Application Platform – version 3.8
- Websphere Application Server – v8.5 and v9
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
IBM – Apache Log4j Vulnerability
IBM Product Security Incident Response
Active Exploitation of Apache Log4j Vulnerability (AL21-019)