1
Announcements & News / SECURITY - IBM FLASH update on Log4j
« on: July 20, 2022, 06:39:52 AM »
IBM has issued an updated Security bulletin: Security Bulletin: Content Manager OnDemand for Multiplatforms is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading.
Please use below fix:
10.1.0.10
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Content+Manager+OnDemand+for+Multiplatforms&release=10.1.0.8&platform=All&function=all
10.5.0.4:
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Content+Manager+OnDemand+for+Multiplatforms&release=10.5.0.2&platform=All&function=all
Full details here: https://www.ibm.com/support/pages/node/6602955?myns=swgother&mynp=OCSSEPCD&mync=E&cm_sp=swgother-_-OCSSEPCD-_-E
Michelle Christensen
#CMOD #CMODEducation #Cloud #Migrations #Support #Hosting #ODF #Consulting #AIX #Linux #Multiplatforms #DB2 #TSM #SA #Performance #Security #Audits #Customizing #Availability #HA #DR
www.enChoice.com
enChoice Digital Transformation Services for CMOD:
Call: +1-480.889.0904 or eMail: mchristensen@enchoice.com
Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading.
Please use below fix:
10.1.0.10
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Content+Manager+OnDemand+for+Multiplatforms&release=10.1.0.8&platform=All&function=all
10.5.0.4:
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Content+Manager+OnDemand+for+Multiplatforms&release=10.5.0.2&platform=All&function=all
Full details here: https://www.ibm.com/support/pages/node/6602955?myns=swgother&mynp=OCSSEPCD&mync=E&cm_sp=swgother-_-OCSSEPCD-_-E
Michelle Christensen
#CMOD #CMODEducation #Cloud #Migrations #Support #Hosting #ODF #Consulting #AIX #Linux #Multiplatforms #DB2 #TSM #SA #Performance #Security #Audits #Customizing #Availability #HA #DR
www.enChoice.com
enChoice Digital Transformation Services for CMOD:
Call: +1-480.889.0904 or eMail: mchristensen@enchoice.com