News4th Update - Security Bulletins and Fixes Available for Log4j Vulnerability CVE 2021-44228 - Dec 16, 2021 10:00 AM

Markus Stumpf — 16. December 2021
Reading time: 02:25 minutes

Aktuelles zur kritischen Schwachstelle Log4J CVE-2021-44228

Tonight IBM released the security bulletins and fixes for Log4j Vulnerability CVE 2021-44228.

Tonight IBM released the security bulletins for all affected Spectrum Protect components. As suspected, the Spectrum Protect Web Client and the Web GUI of Spectrum Protect for VE are affected:

Security Bulletin

Vulnerability in Apache Log4j affects IBM Spectrum Protect Client Web User Interface and IBM Spectrum Protect for Virtual Environments (CVE-2021-44228)
https://www.ibm.com/support/pages/node/6527080?myns=swgtiv&mynp=OCSSEQVQ&mync=E&cm_sp=swgtiv-_-OCSSEQVQ-_-E

The above security bulletin also includes the local fix, it consists of replacing the Log4j binaries.

The following products from the Spectrum Protect family are also affected

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Operations Center (CVE-2021-44228)
https://www.ibm.com/support/pages/node/6527084?myns=s033&mynp=OCSSER5J&mync=E&cm_sp=s033-_-OCSSER5J-_-E
Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-44228)
https://www.ibm.com/support/pages/node/6527090?myns=s033&mynp=OCSSNQFQ&mync=E&cm_sp=s033-_-OCSSNQFQ-_-E

We recommend to go directly to version 2.16.0, contrary to the IBM documentation, because CVE 2021-45046 is also fixed there.

The download for Log4j can be found here:
https://logging.apache.org/log4j/2.x/download.html

Empalis will be happy to support you with the implementation of the local fixes or if you have further questions.

Markus Stumpf

Markus Stumpf is Head of Data Protection Services and Business Development Manager at Empalis Consulting GmbH.
As an expert in data protection solutions such as IBM Spectrum Protect, Veeam or Cohesity and with over 20 years of experience in implementation, operation and training (especially with IBM Spectrum Protect), he is happy to answer all your questions.

Do you need to implement NIS2? Cyber resilience is (not) a question of backup

Modern and innovative data protection for your company.

Managed service - backup tailored to your needs

Empalis supports you with your comprehensive security management.

Discover the Empalis Cloud: flexible, multifunctional, highly scalable.

IBM Tivoli System Automation for z/OS (SA for z/OS): Numerous system management functions with a single point of control

Get solutions to a wide range of NIS2-related issues in one go: with VIKING Backup Guardian - cyber-resilient all-in-one backup solution.

Harden your IT infrastructure against cyber attacks

Optimise your data backup environment and archiving

We manage your backup environment for you.

Easy and efficient administration of IBM System z/OS

Veeam offers you exciting opportunities to future-proof your IT and backup environment.

Since more than 30 years we provide consulting services for IBM products and manage IBM infrastructures in the enterprise environment.

Alert message: Error in Veeam Backup for Microsoft 365: First aid for admins when backing up Exchange mailboxes

Cohesity is our strong partner for cyber-resilient architectures with VIKING.

With Predatar, you have a clear advantage thanks to AI anomaly detection: Proactive Recovery Assurance

So why not wasabi?

The interface for easy use of IBM Storage Protect (ISP)

Because our customers love it: Get to know our partner technologies from General Storage

Automated monitoring & reporting - complete control of all backups and restores in your company

Managing Microsoft Sharepoint - sustainable, secure, productive with Docave

Get an overview of trainings & events

Easter bundle until 30.04.2024: Book now and save 20%-30% by quoting the promo code!

Am 18.06.2024 diskutieren wir mit unseren Partnern Veeam und Wasabi, wie Sie Risiken effizienter minimieren.

Proxmox with Veeam - an alternative to VMware?

Empalis technical article in IT Security Online: Cyber Resilience: Which backup solution for Microsoft 365?

Empalis ist again awarded as top company in 2024 - thank you!

The formula for our success: Be there, keep listening, implement.

Empalis ist pioneer partner of Apex by Predatar

Empalis is welcoming new employees - just send us your unsolicited application.

We look forward to hearing from you!

News4th Update - Security Bulletins and Fixes Available for Log4j Vulnerability CVE 2021-44228 - Dec 16, 2021 10:00 AM

Security Bulletin

The following products from the Spectrum Protect family are also affected

We recommend to go directly to version 2.16.0, contrary to the IBM documentation, because CVE 2021-45046 is also fixed there.

Markus Stumpf

Do you need to implement NIS2? Cyber resilience is (not) a question of backup

Modern and innovative data protection for your company.

Managed service - backup tailored to your needs

Empalis supports you with your comprehensive security management.

Discover the Empalis Cloud: flexible, multifunctional, highly scalable.

IBM Tivoli System Automation for z/OS (SA for z/OS): Numerous system management functions with a single point of control

Get solutions to a wide range of NIS2-related issues in one go: with VIKING Backup Guardian - cyber-resilient all-in-one backup solution.

Harden your IT infrastructure against cyber attacks

Optimise your data backup environment and archiving

We manage your backup environment for you.

Easy and efficient administration of IBM System z/OS

Veeam offers you exciting opportunities to future-proof your IT and backup environment.

Since more than 30 years we provide consulting services for IBM products and manage IBM infrastructures in the enterprise environment.

Alert message: Error in Veeam Backup for Microsoft 365: First aid for admins when backing up Exchange mailboxes

Cohesity is our strong partner for cyber-resilient architectures with VIKING.

With Predatar, you have a clear advantage thanks to AI anomaly detection: Proactive Recovery Assurance

So why not wasabi?

The interface for easy use of IBM Storage Protect (ISP)

Because our customers love it: Get to know our partner technologies from General Storage

Automated monitoring & reporting - complete control of all backups and restores in your company

Managing Microsoft Sharepoint - sustainable, secure, productive with Docave

Get an overview of trainings & events

Easter bundle until 30.04.2024: Book now and save 20%-30% by quoting the promo code!

Am 18.06.2024 diskutieren wir mit unseren Partnern Veeam und Wasabi, wie Sie Risiken effizienter minimieren.

Proxmox with Veeam - an alternative to VMware?

Empalis technical article in IT Security Online: Cyber Resilience: Which backup solution for Microsoft 365?

Empalis ist again awarded as top company in 2024 - thank you!

The formula for our success: Be there, keep listening, implement.

Empalis ist pioneer partner of Apex by Predatar

Empalis is welcoming new employees - just send us your unsolicited application.

We look forward to hearing from you!

News4th Update - Security Bulletins and Fixes Available for Log4j Vulnerability CVE 2021-44228 - Dec 16, 2021 10:00 AM

Security Bulletin

The following products from the Spectrum Protect family are also affected

We recommend to go directly to version 2.16.0, contrary to the IBM documentation, because CVE 2021-45046 is also fixed there.

Markus Stumpf

You were interested in this, then you may also be interested in...

News1st update and possible emergency action on Apache Log4j CVE-2021-44228 vulnerability related to Spectrum Protect. - Update 12/14/2021, 5:00 PM -

News2nd update: Second vulnerability to Log4j - extended help and emergency response Apache Log4j CVE-2021-44228 and CVE 2021-45046

NewsIBM update on the Apache Log4j CVE-2021-44228 vulnerability - 3rd update Dec. 15, 2021, 5 p.m. -

NewsLog4j can be fixed now - 5th update

News1st update and possible emergency action on Apache Log4j CVE-2021-44228 vulnerability related to Spectrum Protect.

- Update 12/14/2021, 5:00 PM -

NewsIBM update on the Apache Log4j CVE-2021-44228 vulnerability
- 3rd update Dec. 15, 2021, 5 p.m. -