SECURITY - IBM FLASH update on Log4j

Previous topic - Next topic
Print
Go Down Pages1
User actions

michrist62

July 20, 2022, 01:39:52 PM Last Edit: July 20, 2022, 01:41:35 PM by michrist62
IBM has issued an updated Security bulletin: Security Bulletin: Content Manager OnDemand for Multiplatforms is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam.

Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading.

Please use below fix:

10.1.0.10

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Content+Manager+OnDemand+for+Multiplatforms&release=10.1.0.8&platform=All&function=all

10.5.0.4:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/Content+Manager+OnDemand+for+Multiplatforms&release=10.5.0.2&platform=All&function=all

Full details here: https://www.ibm.com/support/pages/node/6602955?myns=swgother&mynp=OCSSEPCD&mync=E&cm_sp=swgother-_-OCSSEPCD-_-E

Michelle Christensen
#CMOD #CMODEducation #Cloud #Migrations #Support #Hosting #ODF #Consulting #AIX #Linux #Multiplatforms #DB2 #TSM #SA #Performance #Security #Audits #Customizing #Availability #HA #DR

www.enChoice.com
enChoice Digital Transformation Services for CMOD:
Call:  +1-480.889.0904  or  eMail:  mchristensen@enchoice.com
#CMODSkills #CMOD #CMODEducation

www.CMOSDSkills.com
Foremost training provider for CMOD education options
Call:  +1-978.780.1192  or  eMail:  CMODSkills@outlook.com

jsquizz

#1
July 21, 2022, 05:03:59 PM
Hi Michelle,

based on this - is 10.5.0.4 impacted?
#CMOD #DB2 #AFP2PDF #TSM #AIX #RHEL #AWS #AZURE #GCP #EVERYTHING

Darrell Bryant

#2
July 21, 2022, 06:56:54 PM Last Edit: July 21, 2022, 06:59:31 PM by Darrell Bryant
Server level 10.5.0.4 is the fixing level. As is 10.1.0.10. Or any higher levels.
https://www.ibm.com/support/pages/node/6602955

Or you can patch it manually if you don't want to run the current server level.
#IBMi #iSeries #PDF #XML #400 Indexer #ASM

Justin Derrick

#3
July 22, 2022, 08:38:15 PM
I saw this, but I don't think there's anything particularly new or exciting in the technote.

Can anyone provide some more insight on what's changed?

-JD.
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Webinars:  https://CMOD.Training/
IBM CMOD Professional Services: https://CMOD.cloud

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR
Print
Go Up Pages1
User actions
SMF 2.1.4 © 2023, Simple Machines
ProCurve Theme Made By : TwitchisMental