Vulnerability Name:

CVE-2021-45046 (CCN-215195)

Assigned:2021-12-14
Published:2021-12-14
Updated:2023-06-27
Summary:Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments.
CVSS v3 Severity:9.0 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
7.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
7.8 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-45046

Source: CCN
Type: US-CERT VU#930724
Apache Log4j allows insecure JNDI lookups

Source: security@apache.org
Type: Mailing List, Mitigation, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: XF
Type: UNKNOWN
apache-log4j-cve202145046-code-exec(215195)

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: CCN
Type: Apache Web site
Apache Log4j Security Vulnerabilities

Source: security@apache.org
Type: Mitigation, Release Notes, Vendor Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: CCN
Type: Cisco Security Advisory cisco-sa-apache-log4j-qRuKNEbd
Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Not Applicable
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: CCN
Type: IBM Security Bulletin 6526750 (WebSphere Application Server)
Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)

Source: CCN
Type: IBM Security Bulletin 6527436 (Curam Social Program Management)
Vulnerabilities in Apache Log4j may affect Curam Social Program Management (CVE-2021-44228 , CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6527886 (Operations Analytics - Predictive Insights)
A vulnerability in Apache log4j affects IBM Operations Analytics Predictive Insights (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6527924 (MQ)
IBM MQ Blockchain bridge dependencies are vulnerable to an issue in Apache Log4j (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6528372 (SPSS Statistics)
Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6528374 (Tivoli Netcool/Impact)
Vulnerability in Apache Log4j affects IBM Tivoli Netcool Impact (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6528388 (Cognos Analytics)
IBM Cognos Analytics: Apache Log4j vulnerability (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6528440 (QRadar Risk Manager)
There are multiple vulnerabilities in the Apache Log4j used in IBM QRadar Risk Manager that may allow for remote code execution (RCE).

Source: CCN
Type: IBM Security Bulletin 6528580 (Cognos Controller)
IBM Cognos Controller 10.4.2 IF16: Apache Log4j vulnerability (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6528672 (DB2 for Linux, UNIX and Windows)
Multiple vulnerabilities in Apache Log4j affects some features of IBM Db2 (CVE-2021-45046, CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6528790 (Planning Analytics Workspace)
IBM Planning Analytics 2.0: Apache Log4j Vulnerabilities (CVE-2021-45046 & CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6529162 (QRadar User Behavior Analytics)
A vulnerability in Apache Log4j (CVE-2021-45046) impacts IBM QRadar User Behavior Analytics add on to IBM QRadar SIEM.

Source: CCN
Type: IBM Security Bulletin 6529238 (Db2 Web Query for i)
Multiple Vulnerabilities in Apache Log4j affect IBM Db2 Web Query for i

Source: CCN
Type: IBM Security Bulletin 6529304 (Control Center)
Apache Log4j Vulnerability Affects IBM Sterling Control Center (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6529364 (DS8900F)
DS8000 Hardware Management Console is vulnerable to Apache Log44j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6529452 (Cloud Private)
Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6529538 (Secure External Authentication Server)
Apache Log4j Vulnerability Affects IBM Secure External Authentication Server (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6529556 (Sterling Secure Proxy)
Apache Log4j Vulnerability Afffects IBM Secure Proxy (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6536624 (Partner Engagement Manager)
Apache Log4j vulnerability (CVE-2021-45046) affects IBM Sterling Partner Engagement Manager

Source: CCN
Type: IBM Security Bulletin 6536640 (App Connect Enterprise)
Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6536644 (App Connect for Manufacturing)
Vulnerabilities in Apache Log4j affect IBM App Connect for Manufacturing 2.0 (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6536704 (SPSS Collaboration and Deployment Services)
Vulnerabilities in Apache Log4j affects SPSS Collaboration and Deployment Services

Source: CCN
Type: IBM Security Bulletin 6536710 (Jazz for Service Management)
IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6536724 (Cloud Pak for Integration)
Vulnerability in Apache Log4j affects Operations Dashboard ( CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6536726 (Cloud Integration Platform)
Vulnerability in Apache Log4j affects IBM Cloud Integration Platform (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6536746 (Sterling Connect:Direct File Agent)
Apache Log4j Vulnerabilities Affect IBM Sterling Connect:Direct File Agent (CVE-2021-45046, CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6536828 (OpenPages with Watson)
IBM OpenPages with Watson has addressed multiple security vulnerabilities in Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6536868 (Tivoli Netcool/OMNIbus)
Multiple vulnerabilities have been identified in Apache Log4j shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228)

Source: CCN
Type: IBM Security Bulletin 6536870 (SPSS Analytic Server)
Vulnerability in Apache Log4j affects IBM SPSS Analytic Server (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6536872 (Cloud Application Business Insights)
Vulnerabilities in Apache Log4j impact IBM Cloud Application Business Insights (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6536920 (Event Streams)
Vulnerability in Apache Log4j affects IBM Event Streams (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537002 (Sterling Connect:Direct Web Services)
Apache Log4j vulnerabilities impacts IBM Sterling Connect:Direct Web Services (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537036 (Spectrum Control)
Vulnerabilities in Apache Log4j affect IBM Spectrum Control (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537142 (Security Guardium)
IBM Security Guardium is vulnerable to a denial of service vulnerability in Apache log4j2 component (CVE-2021-45105 & CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537178 (Common Licensing)
Multiple Remote Attack Vulnerabilities in Apache Log4j affect IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent

Source: CCN
Type: IBM Security Bulletin 6537180 (SPSS Statistics)
IBM SPSS Statistics is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537182 (SPSS Statistics Desktop)
Apache Log4j vulnerabilities, CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15), affect IBM SPSS Statistics Desktop

Source: CCN
Type: IBM Security Bulletin 6537184 (SPSS Statistics)
Apache Log4j vulnerabilities, CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15), affect IBM SPSS Statistics Server

Source: CCN
Type: IBM Security Bulletin 6537186 (SPSS Statistics Subscription)
Apache Log4j vulnerabilities, CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15), affect IBM SPSS Statistics Subscription

Source: CCN
Type: IBM Security Bulletin 6537212 (SPSS Modeler)
BM SPSS Modeler is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537240 (Spectrum Protect Operations Center)
Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Operations Center (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537354 (SANnav Management Portal)
Multiple vulnerabilities in IBM SANnav software used by IBM b-type SAN directors and switches (CVE-2021-45105 and CV-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537486 (Security Guardium Data Encryption)
Vulnerability in Apache Log4j affects IBM Guardium Data Encryption (GDE) (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537634 (Spectrum Protect Plus)
Vulnerabilities in Apache Log4j impact IBM Spectrum Protect Plus (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537636 (Spectrum Protect Plus)
Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537638 (Spectrum Copy Data Management)
Vulnerabilities in Apache Log4j affect IBM Spectrum Copy Data Management (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537640 (Spectrum Protect for Space Management)
Vulnerabilities in Apache Log4j affect IBM Spectrum Protect for Space Management (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537642 (Tivoli Storage FlashCopy Manager)
Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537644 (Spectrum Protect Snapshot for VMware)
Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Snapshot for VMware (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537664 (Sterling B2B Integrator)
Apache Log4j Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537670 (Sterling File Gateway)
Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537748 (Spectrum Scale)
Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537750 (Elastic Storage Server)
Multiple vulnerabilities in Apache Log4j impact IBM Elastic Storage System (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537752 (Elastic Storage Server)
Multiple vulnerabilities in Apache Log4j impact IBM Spectrum Scale for IBM Elastic Storage Server (CVE-2021-45105,CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537760 (Sterling Global Mailbox)
Apache Log4j vulnerability impacts IBM Sterling Global Mailbox (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6537856 (Cloud Pak System)
IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046, CVE-2021-44228)

Source: CCN
Type: IBM Security Bulletin 6537918 (i2 Analyze)
IBM i2 Analyze and IBM i2 Analyst's Notebook Premium are affected by Apache Log4j Vulnerabilities (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538008 (Sterling Connect:Direct for UNIX)
Apache Log4j vulnerabilities impact IBM Sterling Connect:Direct for UNIX (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538068 (StoredIQ for Legal)
Stored IQ for Legal is vulnerable to multiple Apache Log4j vulnerabilities (CVE-2021-4104, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538100 (Sterling Secure Proxy)
Multiple vulnerabilities in Apache Log4j impact IBM Sterling Secure Proxy (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538102 (Sterling External Authentication Server)
Multiple Vulnerabilities in Apache Log4j impact IBM Sterling External Authentication Server (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538142 (Sterling Connect:Direct for Microsoft Windows)
Apache Log4j vulnerabilities impact IBM Sterling Connect:Direct for Microsoft Windows (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538332 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j

Source: CCN
Type: IBM Security Bulletin 6538344 (Sterling Partner Engagement Manager)
Apache Log4j vulnerability impacts IBM Sterling Partner Engagement Manager (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538388 (Sterling Connect:Direct for z/OS)
Apache Log4j vulnerabilities impact IBM Sterling Connect:Direct for z/OS (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538396 (Spectrum Protect for Virtual Environments)
Vulnerabilities in Apache Log4j impacts IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538414 (Tivoli Monitoring V6)
Multiple vulnerabilities affect IBM Tivoli Monitoring Installed WebSphere Application Server including Log4j

Source: CCN
Type: IBM Security Bulletin 6538694 (Tivoli Netcool/Impact)
Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6538840 (Security SOAR)
IBM Security SOAR is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046).

Source: CCN
Type: IBM Security Bulletin 6538936 (z/TPF)
Apache Log4j vulnerabilities impact z/Transaction Processing Facility (z/TPF) and TPF Operations Server (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6539408 (Security Key Lifecycle Manager)
Multiple vulnerabilities in Apache Log4j affect the IBM WebSphere Application Server and IBM Security Guardium Key Lifecycle Manager (CVE-2021-4104, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832)

Source: CCN
Type: IBM Security Bulletin 6539410 (Spectrum Symphony)
Multiple vulnerabilities in Apache Log4j addressed in IBM Spectrum Symphony

Source: CCN
Type: IBM Security Bulletin 6539506 (Cloud Transformation Advisor)
Multiple Security Vulnerabilities Affect IBM Cloud Transformation Advisor

Source: CCN
Type: IBM Security Bulletin 6539552 (InfoSphere Master Data Management)
Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Source: CCN
Type: IBM Security Bulletin 6539828 (PowerVM NovaLink)
Novalink is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6540016 (Engineering Lifecycle Management Base)
IBM Engineering Lifecycle Management products are vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6540478 (Spectrum Archive Enterprise Edition)
Vulnerabilities in Apache Log4j affect IBM Spectrum Archive Enterprise Edition (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6540518 (StoredIQ for Legal)
Due to use of Apache Log4j, IBM StoredIQ for Legal is vulnerable to arbitrary code execution (CVE-2021-44228, CVE-2021-45046) and denial of service (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6540528 (Watson Explorer)
Due to use of Apache Log4j, IBM Watson Explorer is vulnerable to arbitrary code execution (CVE-2021-44832, CVE-2021-45046) and denial of service (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6540542 (Business Automation Workflow)
IBM Business Automation Workflow is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6540566 (Engineering Systems Design Rhapsody)
IBM Engineering Systems Design Rhapsody (Rhapsody) is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6540584 (WebSphere Automation for Cloud Pak for Watson AIOps)
Due to Apache Log4j, IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6540606 (Data Risk Manager)
Vulnerability in Apache Log4j affects IBM Data Risk Manager (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6540618 (Engineering Requirements Management DOORS)
IBM Engineering Requirements Management DOORS is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6540672 (Rational Publishing Engine)
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6540694 (Edge Application Manager)
Vulnerabilities in Apache Log4j affects IBm Edge Application Manager (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6541048 (Db2 Warehouse)
IBM Db2 Warehouse is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6541056 (Crypto Hardware Initialization and Maintenance)
Crypto Hardware Initialization and Maintenance is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6541156 (Cloud Pak for Security)
Cloud Pak for Security is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6541164 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046) and denial of service due to Apache Log4j (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6541168 (Telco Network Cloud Manager)
IBM Telco Network Cloud Manager - Performance is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6541182 (Security Access Manager for Enterprise Single Sign-On)
IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6541206 (Cloud Pak for Watson AIOps)
Due to use of Apache Log4j, IBM Cloud PAK for Watson AI Ops is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6541224 (Robotic Process Automation with Automation Anywhere)
Due to use of Apache Log4j, IBM Robotic Process Automation with Automation Anywhere is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6541258 (Rational Software Architect RealTime)
IBM Rational Software Architect RealTime Edition (RSA RT) is is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6541544 (TRIRIGA Portfolio Data Manager)
IBM TRIRIGA Connector for Esri ArcGIS Indoors a component of IBM TRIRIGA Portfolio Data Manager is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6541728 (API Connect)
API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832)

Source: CCN
Type: IBM Security Bulletin 6541736 (Spectrum Conductor)
Due to the use of Apache Log4j, IBM Spectrum Conductor is vulnerable to arbitrary code execution (CVE-2021-44832 and CVE-2021-45046) and denial of service (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6541922 (Disconnected Log Collector)
IBM Disconnected Log Collector is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6541930 (Integrated Analytics System)
IBM Integrated Analytics System is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6541934 (Cloud Private for Data System)
IBM Cloud Pak for Data System 2.0 (ICPDS 2.0 ) is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6549360 (Operations Analytics Predictive Insights)
IBM Operations Analytics Predictive Insights is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6549764 (InfoSphere Information Server)
IBM InfoSphere Information Server is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6549838 (Netcool Agile Service Manager)
IBM Netcool Agile Service Manager is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6550462 (Security Guardium Insights)
IBM Security Guardium Insights is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6550806 (Observability with Instana)
IBM Observability by Instana and IBM Observability with Instana - Server and Agents are vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6550816 (Cloud Pak for Automation)
IBM Cloud Pak for Automationis vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551118 (Db2 Warehouse)
BM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551168 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551310 (Tivoli Netcool/OMNIbus)
IBM Tivoli Netcool/OMNIbus Common Integration Libraries is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6551312 (Watson Studio Premium Add On in Cloud Pak for Data)
IBM Watson Studio Premium Add On in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551314 (Watson Studio in Cloud Pak for Data)
IBM Watson Studio in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551316 (Watson Machine Learning in Cloud Pak for Data)
IBM Watson Machine Learning in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551326 (Cloud Pak for Data)
IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551364 (Cloud Private for Data System)
IBM Cloud Pak for Data System 1.0 is vulnerable to arbitrary code execution due to Apache Log4j ( CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551376 (Decision Optimization for Cloud Pak for Data)
IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551390 (Tivoli Network Manager IP Edition)
IBM Tivoli Network Manager IP Edition is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551430 (Watson Assistant for Cloud Pak for Data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6551438 (Watson Assistant for Cloud Pak for Data)
Vulnerability inApache Log4j - CVE-2021-45046 may affect IBM Watson Assistant for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6551744 (Data Virtualization on Cloud Pak for Data)
IBM Data Virtualization on Cloud Pak for Data is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105) due to Apache Log4j

Source: CCN
Type: IBM Security Bulletin 6551954 (Sterling Selling and Fulfillment Suite)
IBM Sterling Configure, Price, Quote is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6552546 (Tivoli Netcool/OMNIbus)
Tivoli Netcool/Omnibus installation contains vulnerable Apache Log4j code (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6552888 (Data Management Platform for EDB Postgres Enterprise)
IBM Data Management Platform for EDB Postgres Enterprise is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6552890 (Data Management Platform for EDB Postgres Standard)
IBM Data Management Platform for EDB Postgres Standard is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6554808 (Netcool Operations Insight)
Netcool Operations Insight is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6557080 (Financial Transaction Manager)
Financial Transaction Manager is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6557082 (OpenPages for Cloud Pak for Data)
IBM OpenPages for Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6557424 (Cloud Pak for Multicloud Management Monitoring)
IBM Cloud Pak for Multicloud Management is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6557464 (Telco Network Cloud Manager)
IBM Cloud Pak for Network Automation is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6558826 (Operational Decision Manager)
IBM Operational Decision Manager is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) .

Source: CCN
Type: IBM Security Bulletin 6559880 (Content Navigator)
Due to use of Apache Log4j, IBM Content Navigator is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6565383 (Cloudera Enterprise Data Hub)
Cloudera Data Platform Private Cloud Base with IBM products have log messages vulnerable to arbitrary code execution, denial of service, remote code execution, and SQL injection due to Apache Log4j vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6565401 (Big SQL)
IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6566913 (Maximo Application Suite)
MAS Monitor 8.4, 8.5, and 8.6 log4j

Source: CCN
Type: IBM Security Bulletin 6568213 (Watson Knowledge Catalog InstaScan)
Watson Knowledge Catalog InstaScan is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6568843 (Informix Dynamic Server on Cloud Pak for Data)
IBM Informix Dynamic Server in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6572685 (Informix Dynamic Server)
IBM Informix Dynamic Server is vulnerable to denial of service (CVE-2021-45105) and remote code execution (CVE-2021-45046) due to Apache Log4j

Source: CCN
Type: IBM Security Bulletin 6590993 (PureData System for Operational Analytics)
IBM PureData System for Operational Analytics is vulnerable to arbitrary code execution, remote code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6595965 (Analytic Accelerator Framework for Communications Service Providers)
IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics for Communications Service Providers and Datasets Impacted by Log4j Vulnerabilities (CVE-2021-45046, CVE-2021-45105)

Source: CCN
Type: IBM Security Bulletin 6596155 (StoredIQ)
StoredIQ is vulnerable to denial of service and remote code execution in Apache Log4j (CVE-2021-44228, CVE-2021-45046).

Source: CCN
Type: IBM Security Bulletin 6602951 (Enterprise Content Management System Monitor)
Enterprise Content Management System Monitor is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Source: CCN
Type: IBM Security Bulletin 6605839 (Security Verify Governance)
Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Governance, Identity Manager virtual appliance component

Source: CCN
Type: IBM Security Bulletin 6612331 (Security Identity Manager Virtual Appliance)
IBM Security Identity Manager Virtual Appliance is vulnerable to arbitrary code execution due to Apache Log4j and other issues (CVE-2021-4104, CVE-2021-45046, CVE-2021-38951)

Source: CCN
Type: IBM Security Bulletin 6828713 (Hortonworks DataFlow Enterprise Flow Management)
Hortonworks DataFlow product has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities [CVE-2021-44228], [CVE-2021-45105], and [CVE-2021-45046]

Source: CCN
Type: IBM Security Bulletin 6830617 (Maximo Asset Management)
Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory, US Government Resource
security@apache.org

Source: CCN
Type: oss-sec Mailing List, Tue, 14 Dec 2021 16:52:05 +0000
CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Patch, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [12-09-2021]
Log4Shell HTTP Scanner

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:apache:log4j:2.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:log4j:2.13.1:-:*:*:*:*:*:*
  • OR cpe:/a:apache:log4j:2.14.0:-:*:*:*:*:*:*
  • OR cpe:/a:apache:log4j:2.14.1:-:*:*:*:*:*:*
  • OR cpe:/a:apache:log4j:2.15.0:-:*:*:*:*:*:*
  • OR cpe:/a:apache:log4j:2.0:beta9:*:*:*:*:*:*
  • OR cpe:/a:apache:log4j:2.12.1:-:*:*:*:*:*:*
  • OR cpe:/a:apache:log4j:2.13.0:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_connect:5.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_symphony:7.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:4.8:*:*:*:microsoft_windows:*:*:*
  • OR cpe:/o:ibm:security_access_manager:8.2.2:*:enterprise_single_sign-on:*:*:*:*:*
  • OR cpe:/a:ibm:rational_engineering_lifecycle_manager:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_team_concert:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_quality_manager:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_key_lifecycle_manager:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_symphony:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_publishing_engine:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_with_automation_anywhere:11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:jazz_reporting_service:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:4.3.0:*:*:*:unix:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_secure_proxy:3.4.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:6.0.0:*:*:*:unix:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_connect:direct:6.0:*:*:*:microsoft_windows:*:*:*
  • OR cpe:/a:ibm:rational_team_concert:6.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:jazz_reporting_service:6.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_publishing_engine:6.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:netcool_agile_service_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storediq:7.6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:*
  • OR cpe:/a:ibm:security_key_lifecycle_manager:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_connect:2018.4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_symphony:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:11.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_quality_manager:6.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_conductor:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2019.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_operations_center:7.1.0.000:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_operations_center:8.1.0.000:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:18.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:19.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_key_lifecycle_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:jazz_reporting_service:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2019.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:6.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mq:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2019.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_engineering_lifecycle_manager:6.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:engineering_lifecycle_optimization:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:engineering_lifecycle_optimization:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:engineering_workflow_management:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_center:6.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_connect:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_application_business_insights:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:engineering_test_management:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_for_virtual_environments:8.1.11.0:*:*:*:*:hyper-v:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_for_space_management:7.1.8.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_external_authentication_server:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_secure_proxy:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.1.1.0:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_external_authentication_server:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:5.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_user_behavior_analytics:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_virtualization_on_cloud_pak_for_data:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_virtualization_on_cloud_pak_for_data:1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:12.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_risk_manager:7.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_warehouse:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2_warehouse:4.0:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_data:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_virtualization_on_cloud_pak_for_data:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_application_suite:8.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_application_suite:8.5:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7713
    P
    log4j-2.17.2-150200.4.24.13 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3120
    P
    krb5-1.12.5-40.37.7 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94750
    P
    log4j-2.17.1-4.20.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:112955
    P
    log4j-2.16.0-2.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:111175
    P
    Security update for log4j (Important)
    2021-12-20
    oval:org.opensuse.security:def:95471
    P
    Security update for log4j (Important)
    2021-12-16
    oval:org.opensuse.security:def:6269
    P
    Security update for log4j (Important)
    2021-12-16
    oval:org.opensuse.security:def:67012
    P
    Security update for log4j (Important)
    2021-12-16
    oval:org.opensuse.security:def:108850
    P
    Security update for log4j (Important)
    2021-12-16
    oval:org.opensuse.security:def:93999
    P
    (Important)
    2021-12-16
    oval:org.opensuse.security:def:102184
    P
    Security update for log4j (Important)
    2021-12-16
    oval:org.opensuse.security:def:76080
    P
    Security update for log4j (Important)
    2021-12-16
    oval:org.opensuse.security:def:94421
    P
    (Important)
    2021-12-16
    oval:org.opensuse.security:def:5923
    P
    Security update for log4j (Important)
    2021-12-16
    oval:org.opensuse.security:def:111839
    P
    Security update for log4j (Important)
    2021-12-16
    oval:org.opensuse.security:def:93784
    P
    (Important)
    2021-12-16
    oval:org.opensuse.security:def:67358
    P
    Security update for log4j (Important)
    2021-12-16
    oval:org.opensuse.security:def:94210
    P
    (Important)
    2021-12-16
    oval:org.opensuse.security:def:100698
    P
    (Important)
    2021-12-16
    oval:org.opensuse.security:def:76426
    P
    Security update for log4j (Important)
    2021-12-16
    oval:org.opensuse.security:def:93996
    P
    (Important)
    2021-12-15
    oval:org.opensuse.security:def:94418
    P
    (Important)
    2021-12-15
    oval:org.opensuse.security:def:111837
    P
    Security update for log4j (Important)
    2021-12-15
    oval:org.opensuse.security:def:93781
    P
    (Important)
    2021-12-15
    oval:org.opensuse.security:def:67356
    P
    Security update for log4j (Important)
    2021-12-15
    oval:org.opensuse.security:def:94207
    P
    (Important)
    2021-12-15
    oval:org.opensuse.security:def:100695
    P
    (Important)
    2021-12-15
    oval:org.opensuse.security:def:76424
    P
    Security update for log4j (Important)
    2021-12-15
    oval:org.opensuse.security:def:6267
    P
    Security update for log4j (Important)
    2021-12-15
    BACK
    apache log4j 2.8.1
    apache log4j 2.13.1 -
    apache log4j 2.14.0 -
    apache log4j 2.14.1 -
    apache log4j 2.15.0 -
    apache log4j 2.0 beta9
    apache log4j 2.12.1 -
    apache log4j 2.13.0 -
    ibm websphere application server 7.0
    ibm websphere application server 8.0
    ibm websphere application server 8.5
    ibm infosphere information server 11.3
    ibm tivoli netcool/impact 7.1.0
    ibm tivoli netcool/omnibus 8.1.0
    ibm watson explorer 11.0.0
    ibm infosphere information server 11.5
    ibm api connect 5.0.0.0
    ibm watson explorer 11.0.1
    ibm websphere application server 9.0
    ibm tivoli monitoring 6.3.0.7
    ibm infosphere master data management 11.6
    ibm cognos analytics 11.0
    ibm watson explorer 11.0.2
    ibm operations analytics predictive insights 1.3.6
    ibm cognos analytics 11.0.6
    ibm infosphere information server 11.7
    ibm spectrum symphony 7.2.0.2
    ibm security guardium 10.5
    ibm sterling connect:direct 4.8
    ibm security access manager for enterprise single sign-on 8.2.2
    ibm rational engineering lifecycle manager 6.0.6
    ibm rational doors next generation 6.0.6
    ibm rational team concert 6.0.6
    ibm rational quality manager 6.0.6
    ibm security key lifecycle manager 3.0
    ibm websphere application server
    ibm spectrum symphony 7.2.1
    ibm rational publishing engine 6.0.6
    ibm watson explorer 12.0.0
    ibm robotic process automation with automation anywhere 11
    ibm operations analytics predictive insights 1.3.6
    ibm jazz reporting service 6.0.6
    ibm cloud private 3.1.0
    ibm sterling connect:direct 4.3.0
    ibm cloud private 3.1.1
    ibm cloud private 3.1.2
    ibm sterling b2b integrator 6.0.0.0
    ibm sterling secure proxy 3.4.3.2
    ibm security guardium 10.6
    ibm sterling connect:direct 6.0.0
    ibm watson explorer 12.0.1
    ibm watson explorer 12.0.2
    ibm sterling connect:direct 6.0
    ibm rational team concert 6.0.6.1
    ibm jazz reporting service 6.0.6.1
    ibm jazz for service management 1.1.3
    ibm rational publishing engine 6.0.6.1
    ibm cloud private 3.2.0
    ibm netcool agile service manager 1.1
    ibm rational doors next generation 6.0.6.1
    ibm storediq 7.6.0.0
    ibm cognos analytics 11.1
    ibm mq 9.1.0
    ibm security key lifecycle manager 3.0.1
    ibm cloud pak system 2.3
    ibm cloud pak system 2.3.0.1
    ibm api connect 2018.4.1.0
    ibm cloud pak for automation 19.0.3
    ibm spectrum symphony 7.3
    ibm watson explorer 12.0.3
    ibm app connect enterprise 11.0.0.7
    ibm security guardium 11.0
    ibm cloud pak system 2.3.1.1
    ibm security guardium 11.1
    ibm rational quality manager 6.0.6.1
    ibm spectrum conductor 2.4.1
    ibm cloud private 3.2.1 cd
    ibm data risk manager 2.0.6
    ibm event streams 2019.4.1
    ibm spectrum protect operations center 7.1.0.000
    ibm spectrum protect operations center 8.1.0.000
    ibm cloud pak for automation 20.0.1
    ibm business automation workflow 18.0
    ibm business automation workflow 19.0
    ibm business automation workflow 20.0
    ibm security identity manager virtual appliance 7.0.2
    ibm security key lifecycle manager 4.0
    ibm jazz reporting service 7.0.1
    ibm event streams 2019.4.2
    ibm event streams 10.0.0
    ibm cloud private 3.2.2 cd
    ibm db2 11.5
    ibm db2 11.5
    ibm db2 11.5
    ibm security identity manager virtual appliance 7.0.1
    ibm cloud pak system 2.3.2.0
    ibm api connect 10.0.0.0
    ibm informix dynamic server 14.10
    ibm security guardium 11.2
    ibm elastic storage server 6.0.1.0
    ibm cognos controller 10.4.2
    ibm sterling file gateway 6.0.0.0
    ibm mq 9.2.0
    ibm cloud pak system 2.3.3.0
    ibm event streams 2019.4.3
    ibm event streams 10.1.0
    ibm rational engineering lifecycle manager 6.0.6.1
    ibm engineering lifecycle optimization 7.0
    ibm engineering lifecycle optimization 7.0.1
    ibm engineering workflow management 7.0.1
    ibm control center 6.2.0.0
    ibm api connect 10.0.1.0
    ibm cloud application business insights 1.1.5
    ibm engineering test management 7.0.1
    ibm engineering lifecycle optimization 7.0.2
    ibm watson discovery 2.2.1
    ibm spectrum protect for virtual environments 8.1.11.0
    ibm cloud pak system 2.3.3.3
    ibm security guardium 11.3
    ibm spectrum protect for space management 7.1.8.10
    ibm event streams 10.2.0
    ibm cloud pak for automation 21.0.1
    ibm app connect enterprise 12.0.1.0
    ibm secure external authentication server 6.0.2
    ibm cloud pak for automation 21.0.2 -
    ibm sterling secure proxy 6.0.2
    ibm cloud pak system 2.3.0.0
    ibm cloud pak for security 1.7.2.0
    ibm event streams 10.3.0
    ibm event streams 10.3.1
    ibm security key lifecycle manager 4.1.1
    ibm security key lifecycle manager 4.1.0
    ibm security guardium 11.4
    ibm sterling b2b integrator 6.1.1.0
    ibm financial transaction manager 3.2.4.0
    ibm financial transaction manager 3.2.7
    ibm sterling secure proxy 6.0.3
    ibm secure external authentication server 6.0.3
    ibm spectrum scale 5.1.0.0
    ibm qradar user behavior analytics 1.0.0
    ibm data virtualization on cloud pak for data 1.3.0
    ibm data virtualization on cloud pak for data 1.5.0
    ibm informix dynamic server 12.10
    ibm qradar risk manager 7.3.0
    ibm cloud pak system 2.2.6
    ibm watson discovery 2.0.0
    ibm cloud pak for automation 19.0.1
    ibm db2 warehouse 3.5 -
    ibm db2 warehouse 4.0 -
    ibm cloud pak for data 3.5 -
    ibm data virtualization on cloud pak for data 1.4.1
    ibm collaborative lifecycle management 6.0.6
    ibm collaborative lifecycle management 6.0.6.1
    ibm engineering requirements management doors next 7.0.1
    ibm engineering lifecycle management 7.0.1
    ibm engineering lifecycle optimization - engineering insights 7.0.1
    ibm engineering lifecycle management 7.0.2
    ibm maximo application suite 8.4
    ibm maximo application suite 8.5