NewsWhat we can say so far about Apache Log4j CVE-2021-44228 vulnerability in relation to Spectrum Protect

Markus Stumpf — 13. December 2021
reading time: 1:00 minute

Over the last weekend, we received the first reports and inquiries about how Spectrum Protect and Spectrum Protect Plus are affected by CVE-2021-44228.

Currently the full extent is not yet clear, there is also no information about exact product releases and possible fixes.

IBM has set up an extra page that provides general information about the assessment and further measures and is continuously updated: https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/

From older security bulletins we strongly assume that at least the Spectrum Protect Backup/Archive Client and Spectrum Protect for Virtual Environments are affected, as these two components were already affected by another vulnerability in Log4J in May:

https://www.ibm.com/support/pages/security-bulletin-vulnerabilities-apache-commons-and-log4j-affect-ibm-spectrum-protect-backup-archive-client-and-ibm-spectrum-protect-virtual-environments

Currently there are a number of other vulnerabilities that have been fixed with the just released 8.1.13 versions. The overall solution should be coordinated with the current CVE and its solution.

Further information on the situation on the part of the BSI Bund

Please feel free to contact us directly if you have any questions.
We will continue to keep you updated via this channel as well.

Click here for the follow-up article on Log4j:

Update zu Apache Log4j CVE-2021-44228 vulnerability in Bezug auf Spectrum Protect

Markus Stumpf

Markus Stumpf is Head of Data Protection Services and Business Development Manager at Empalis Consulting GmbH.
As an expert in data protection solutions such as IBM Spectrum Protect, Veeam or Cohesity and with over 20 years of experience in implementation, operation and training (especially with IBM Spectrum Protect), he is happy to answer all your questions.

Do you need to implement NIS2? Cyber resilience is (not) a question of backup

Modern and innovative data protection for your company.

Managed service - backup tailored to your needs

Empalis supports you with your comprehensive security management.

Discover the Empalis Cloud: flexible, multifunctional, highly scalable.

IBM Tivoli System Automation for z/OS (SA for z/OS): Numerous system management functions with a single point of control

Get solutions to a wide range of NIS2-related issues in one go: with VIKING Backup Guardian - cyber-resilient all-in-one backup solution.

Harden your IT infrastructure against cyber attacks

Optimise your data backup environment and archiving

We manage your backup environment for you.

Easy and efficient administration of IBM System z/OS

Veeam offers you exciting opportunities to future-proof your IT and backup environment.

Since more than 30 years we provide consulting services for IBM products and manage IBM infrastructures in the enterprise environment.

Alert message: Error in Veeam Backup for Microsoft 365: First aid for admins when backing up Exchange mailboxes

Cohesity is our strong partner for cyber-resilient architectures with VIKING.

With Predatar, you have a clear advantage thanks to AI anomaly detection: Proactive Recovery Assurance

So why not wasabi?

The interface for easy use of IBM Storage Protect (ISP)

Because our customers love it: Get to know our partner technologies from General Storage

Automated monitoring & reporting - complete control of all backups and restores in your company

Managing Microsoft Sharepoint - sustainable, secure, productive with Docave

Get an overview of trainings & events

Easter bundle until 30.04.2024: Book now and save 20%-30% by quoting the promo code!

Am 18.06.2024 diskutieren wir mit unseren Partnern Veeam und Wasabi, wie Sie Risiken effizienter minimieren.

Proxmox with Veeam - an alternative to VMware?

Empalis technical article in IT Security Online: Cyber Resilience: Which backup solution for Microsoft 365?

Empalis ist again awarded as top company in 2024 - thank you!

The formula for our success: Be there, keep listening, implement.

Empalis ist pioneer partner of Apex by Predatar

Empalis is welcoming new employees - just send us your unsolicited application.

We look forward to hearing from you!

NewsWhat we can say so far about Apache Log4j CVE-2021-44228 vulnerability in relation to Spectrum Protect

Click here for the follow-up article on Log4j:

Markus Stumpf

Do you need to implement NIS2? Cyber resilience is (not) a question of backup

Modern and innovative data protection for your company.

Managed service - backup tailored to your needs

Empalis supports you with your comprehensive security management.

Discover the Empalis Cloud: flexible, multifunctional, highly scalable.

IBM Tivoli System Automation for z/OS (SA for z/OS): Numerous system management functions with a single point of control

Get solutions to a wide range of NIS2-related issues in one go: with VIKING Backup Guardian - cyber-resilient all-in-one backup solution.

Harden your IT infrastructure against cyber attacks

Optimise your data backup environment and archiving

We manage your backup environment for you.

Easy and efficient administration of IBM System z/OS

Veeam offers you exciting opportunities to future-proof your IT and backup environment.

Since more than 30 years we provide consulting services for IBM products and manage IBM infrastructures in the enterprise environment.

Alert message: Error in Veeam Backup for Microsoft 365: First aid for admins when backing up Exchange mailboxes

Cohesity is our strong partner for cyber-resilient architectures with VIKING.

With Predatar, you have a clear advantage thanks to AI anomaly detection: Proactive Recovery Assurance

So why not wasabi?

The interface for easy use of IBM Storage Protect (ISP)

Because our customers love it: Get to know our partner technologies from General Storage

Automated monitoring & reporting - complete control of all backups and restores in your company

Managing Microsoft Sharepoint - sustainable, secure, productive with Docave

Get an overview of trainings & events

Easter bundle until 30.04.2024: Book now and save 20%-30% by quoting the promo code!

Am 18.06.2024 diskutieren wir mit unseren Partnern Veeam und Wasabi, wie Sie Risiken effizienter minimieren.

Proxmox with Veeam - an alternative to VMware?

Empalis technical article in IT Security Online: Cyber Resilience: Which backup solution for Microsoft 365?

Empalis ist again awarded as top company in 2024 - thank you!

The formula for our success: Be there, keep listening, implement.

Empalis ist pioneer partner of Apex by Predatar

Empalis is welcoming new employees - just send us your unsolicited application.

We look forward to hearing from you!

NewsWhat we can say so far about Apache Log4j CVE-2021-44228 vulnerability in relation to Spectrum Protect

Click here for the follow-up article on Log4j:

Markus Stumpf

You were interested in this, then you may also be interested in...

Expert GuideThese 10 steps will help you now if your IBM Storage Protect server certificate cert256.arm has expired.

Expert Guide"Attack Target: Information Leakage." - What protects you now from cyber attackers in current ISP server vulnerabilities.

Expert GuideSpectrum Protect Plus - Hands On: How to delete an SLA when no system is assigned anymore