OnDemand User Group
Welcome,
Guest
. Please
login
or
register
.
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News:
Home
Help
Search
Calendar
Login
Register
OnDemand User Group
»
General
»
Announcements & News
»
SECURITY - IBM FLASH update on Log4j
« previous
next »
Print
Pages: [
1
]
Author
Topic: SECURITY - IBM FLASH update on Log4j (Read 1863 times)
michrist62
Michelle
Global Moderator
Jr. Member
Posts: 38
SECURITY - IBM FLASH update on Log4j
«
on:
July 20, 2022, 06:39:52 AM »
IBM has issued an updated Security bulletin
: Security Bulletin: Content Manager OnDemand for Multiplatforms is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading.
Please use below fix:
10.1.0.10
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Content+Manager+OnDemand+for+Multiplatforms&release=10.1.0.8&platform=All&function=all
10.5.0.4:
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Content+Manager+OnDemand+for+Multiplatforms&release=10.5.0.2&platform=All&function=all
Full details here:
https://www.ibm.com/support/pages/node/6602955?myns=swgother&mynp=OCSSEPCD&mync=E&cm_sp=swgother-_-OCSSEPCD-_-E
Michelle Christensen
#CMOD #CMODEducation #Cloud #Migrations #Support #Hosting #ODF #Consulting #AIX #Linux #Multiplatforms #DB2 #TSM #SA #Performance #Security #Audits #Customizing #Availability #HA #DR
www.enChoice.com
enChoice Digital Transformation Services for CMOD:
Call: +1-480.889.0904 or eMail:
mchristensen@enchoice.com
«
Last Edit: July 20, 2022, 06:41:35 AM by michrist62
»
Logged
#CMOD #CMODEducation #Cloud #Migrations #Support #Hosting #ODF #Consulting #AIX #Linux #Multiplatforms #DB2 #TSM #SA #Performance #Security #Audits #Customizing #Availability #HA #DR
www.enChoice.com
enChoice Digital Transformation Services for CMOD:
Call: +1-480.889.0904 or eMail:
mchristensen@enchoice.com
jsquizz
Global Moderator
Hero Member
Posts: 577
Re: SECURITY - IBM FLASH update on Log4j
«
Reply #1 on:
July 21, 2022, 10:03:59 AM »
Hi Michelle,
based on this - is 10.5.0.4 impacted?
Logged
#CMOD #DB2 #AFP2PDF #TSM #AIX #RHEL #AWS #AZURE #GCP #EVERYTHING
Darrell Bryant
Full Member
Posts: 104
Sed fugit interea fugit inreparabile tempus-Virgil
Re: SECURITY - IBM FLASH update on Log4j
«
Reply #2 on:
July 21, 2022, 11:56:54 AM »
Server level 10.5.0.4 is the fixing level. As is 10.1.0.10. Or any higher levels.
https://www.ibm.com/support/pages/node/6602955
Or you can patch it manually if you don't want to run the current server level.
«
Last Edit: July 21, 2022, 11:59:31 AM by Darrell Bryant
»
Logged
#IBMi #iSeries #PDF #XML #400 Indexer #ASM
Justin Derrick
IBM Content Manager OnDemand Consultant
Administrator
Hero Member
Posts: 2231
CMOD Guru for hire...
Re: SECURITY - IBM FLASH update on Log4j
«
Reply #3 on:
July 22, 2022, 01:38:15 PM »
I saw this, but I don't think there's anything particularly new or exciting in the technote.
Can anyone provide some more insight on what's changed?
-JD.
Logged
IBM CMOD Professional Services:
http://TenaciousConsulting.com
Call: +1-866-533-7742 or eMail:
jd@justinderrick.com
IBM CMOD Wiki:
https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:
https://CMOD.Training/
Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR
Print
Pages: [
1
]
« previous
next »
OnDemand User Group
»
General
»
Announcements & News
»
SECURITY - IBM FLASH update on Log4j