NewsIBM update on the Apache Log4j CVE-2021-44228 vulnerability - 3rd update Dec. 15, 2021, 5 p.m.

Andreas Schwab — 15. December 2021
Reading time: 00:51 minutes

IBM update on the Apache Log4j CVE-2021-44228 vulnerability ist da!

IBM has commented on the following website about the next steps and the affected systems/products:

An update on the Apache Log4j CVE-2021-44228 vulnerability: https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products. Here you can find the complete list of IBM products that are NOT affected with respect to the Log4j vulnerability.


On this IBM PSIRT blog a list of NOT affected hardware and software products (Products not Impacted) is listed.

Excerpt of the list of IBM Spectrum Protect software - NOT affected: 

  • Spectrum Protect Client Management Service
  • Spectrum Protect for Databases: Data Protection for Oracle
  • Spectrum Protect for Databases: Data Protection for SQL
  • Spectrum Protect for Enterprise Resource Planning
  • Spectrum Protect for Mail: Data Protection for Domino
  • Spectrum Protect for Mail: Data Protection for Exchange
  • Spectrum Protect for Workstations
  • Spectrum Protect for z/OS USS Client and API
  • Spectrum Protect Plus Db2 Agent
  • Spectrum Protect Plus Exchange Agent
  • Spectrum Protect Plus File Systems Agent
  • Spectrum Protect Plus MongoDB Agent
  • Spectrum Protect Plus O365 Agent
  • Spectrum Protect Server
  • Spectrum Protect Snapshot for UNIX
  • Spectrum Protect Snapshot for VMWare
     

Excerpt from the list of IBM hardware - NOT affected!

  • Storage TS1160
  • Storage TS228
  • Storage TS2900 Library
  • Storage TS3100-TS3200 Library
  • Storage TS4500 Library
  • Storage Virtualization Engine TS7700
  • Tape System Library Manager
  • Total Storage Service Console (TSSC) / TS4500 IMC
    TS4300 

Currently there are no fixes available. IBM is working hard on fixes for the affected products!

IBM's recommendations to its customers

At this time, IBM recommends that organizations using Apache Log4j take the following actions:

  • Check for vulnerable versions of Apache Log4j in your environments and applications.
  • Deploy the latest patch to your production environment as soon as possible.
  • Monitor IBM PSIRT for security bulletins.
  • Monitor vendor patches as they become available.

If you have any questions, please contact us via the contact form.

Your Empalis team

Andreas Schwab

Andreas Schwab

Andreas Schwab is an IT consultant and senior service engineer at Empalis. For the past three years, he has enriched our Managed Service Team with over 25 years of experience and know-how from system administration - from setup to further development and operation of the entire IBM Spectrum Protect environment (client and server).

You were interested in this, then you may also be interested in...