Expert GuideEKMF Mitigation for log4j - CVE-2021-44228

André Wild — 15. December 2021
Lesezeit: 1:17 Minuten

IBM released a mitigation patch for EKMF.

IBM released a mitigation patch for EKMF. It will overwrite the content of any file matching the following case insensitive pattern which is stored under "/opt/ibm".

"*log4j-core*.jar"
"*log4j-api*.jar

It currently uses "log4j-core-2.15.0.jar" and "log4j-api-2.15.0.jar". Unfortunately they do not check the return values of the overwrite command. Therefore read the logs closely or execute the mitigation patch twice. Because it s checks if the file was previously updated.

You can also use the following commands to make sure you've upgraded the files properly

log4j - v2.15.0

find /opt/ibm -iname "*log4j-core*.jar" -exec echo 81e0433ae00602c0e4d00424d213b0ab {} \; 2>/dev/null | md5sum -c -
find /opt/ibm -iname "*log4j-api*.jar" -exec echo a9ccfa7e3382dd2b9e0647a43d8286d7 {} \; 2>/dev/null | md5sum -c -

log4j - v2.16.0

find /opt/ibm -iname "*log4j-core*.jar" -exec echo 9f41928a418200de2232dd326e522cc7 {} \; 2>/dev/null | md5sum -c -
find /opt/ibm -iname "*log4j-api*.jar" -exec echo ade293913c90e835c2deb56cbfa2229b {} \; 2>/dev/null | md5sum -c -

In addition you can use the following commands to look for unpatched log4j libraries on your filesystem

log4j - v2.15.0

find / -iname "*log4j-core*.jar" -exec echo 81e0433ae00602c0e4d00424d213b0ab {} \; 2>/dev/null | md5sum -c -
find / -iname "*log4j-api*.jar" -exec echo a9ccfa7e3382dd2b9e0647a43d8286d7 {} \; 2>/dev/null | md5sum -c -

log4j - v2.16.0

find / -iname "*log4j-core*.jar" -exec echo 9f41928a418200de2232dd326e522cc7 {} \; 2>/dev/null | md5sum -c -
find / -iname "*log4j-api*.jar" -exec echo ade293913c90e835c2deb56cbfa2229b {} \; 2>/dev/null | md5sum -c -

Please notice that the currently available EKMF mitigation patch includes v2.15.0 and not v2.16.0 which completely disables the jndi logging features.

Version 2.15.0 of log4j is still affected by CVE-2021-45046. For more details read the description in https://nvd.nist.gov/vuln/detail/CVE-2021-45046.

Sprechen Sie uns gerne an, wenn Sie Fragen haben.

Ihr Empalis Team

Sie haben sich für dieses Thema interessiert, vielleicht möchten Sie weiterlesen

IBM update on the Apache Log4j CVE-2021-44228 vulnerability ist da!

Do you have any questions? Please feel free to contact us

André Wild, Consultant
Phone +4917254114229

Send email

Do you need to implement NIS2? Cyber resilience is (not) a question of backup

Modern and innovative data protection for your company.

Managed service - backup tailored to your needs

Empalis supports you with your comprehensive security management.

Discover the Empalis Cloud: flexible, multifunctional, highly scalable.

IBM Tivoli System Automation for z/OS (SA for z/OS): Numerous system management functions with a single point of control

Get solutions to a wide range of NIS2-related issues in one go: with VIKING Backup Guardian - cyber-resilient all-in-one backup solution.

Harden your IT infrastructure against cyber attacks

Optimise your data backup environment and archiving

We manage your backup environment for you.

Easy and efficient administration of IBM System z/OS

Veeam offers you exciting opportunities to future-proof your IT and backup environment.

Since more than 30 years we provide consulting services for IBM products and manage IBM infrastructures in the enterprise environment.

Alert message: Error in Veeam Backup for Microsoft 365: First aid for admins when backing up Exchange mailboxes

Cohesity is our strong partner for cyber-resilient architectures with VIKING.

With Predatar, you have a clear advantage thanks to AI anomaly detection: Proactive Recovery Assurance

So why not wasabi?

The interface for easy use of IBM Storage Protect (ISP)

Because our customers love it: Get to know our partner technologies from General Storage

Automated monitoring & reporting - complete control of all backups and restores in your company

Managing Microsoft Sharepoint - sustainable, secure, productive with Docave

Get an overview of trainings & events

Easter bundle until 30.04.2024: Book now and save 20%-30% by quoting the promo code!

Am 18.06.2024 diskutieren wir mit unseren Partnern Veeam und Wasabi, wie Sie Risiken effizienter minimieren.

Proxmox with Veeam - an alternative to VMware?

Empalis technical article in IT Security Online: Cyber Resilience: Which backup solution for Microsoft 365?

Empalis ist again awarded as top company in 2024 - thank you!

The formula for our success: Be there, keep listening, implement.

Empalis ist pioneer partner of Apex by Predatar

Empalis is welcoming new employees - just send us your unsolicited application.

We look forward to hearing from you!

Expert GuideEKMF Mitigation for log4j - CVE-2021-44228

You can also use the following commands to make sure you've upgraded the files properly

log4j - v2.15.0

log4j - v2.16.0

In addition you can use the following commands to look for unpatched log4j libraries on your filesystem

log4j - v2.15.0

log4j - v2.16.0

Ihr Empalis Team

Sie haben sich für dieses Thema interessiert, vielleicht möchten Sie weiterlesen

Do you have any questions? Please feel free to contact us

You were interested in this, then you may also be interested in...

NewsIBM update on the Apache Log4j CVE-2021-44228 vulnerability - 3rd update Dec. 15, 2021, 5 p.m. -

News4th Update - Security Bulletins and Fixes Available for Log4j Vulnerability CVE 2021-44228 - Dec 16, 2021 10:00 AM -

NewsLog4j can be fixed now - 5th update

NewsLog4j vulnerability - bugfixed version 2.17 now available

NewsUpdate on security vulnerability in Log4j in combination with IBM Spectrum Protect and Spectrum Protect Plus

Expert GuideRunning macros in IBM Spectrum Protect

NewsIBM update on the Apache Log4j CVE-2021-44228 vulnerability
- 3rd update Dec. 15, 2021, 5 p.m. -

News4th Update - Security Bulletins and Fixes Available for Log4j Vulnerability CVE 2021-44228
- Dec 16, 2021 10:00 AM -