Hello,
I also created a support thicket about this with IBM in
Dec 11, 2021, and asked for confirmation about other PA components, other than PAW, being affected or not by this log4j vulnerability. As per the response, I got the following response in
Dec 22, 2021:
"Within IBM Planning Analytics 2.0, only the IBM Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilities."
which is also mentioned in
https://www.ibm.com/support/pages/node/6528790. But in this case, I think it still needs to be clarified where this file "
...\Program Files\ibm\cognos\tm1_64\bin\log4j-1.2.17.jar " being used? In which PA component?Regards,
Mucahit
------------------------------
Mucahit Erdal
------------------------------
Original Message:
Sent: Tue January 11, 2022 09:01 AM
From: George Tonkin
Subject: Log4j and PAL / TM1 DB - Time for an update?
I would like to second this request as I have a client, with multiple installed servers across many countries, asking about updates to log4j throughout PA, wherever it is used i.e. TM1, TM1Web/Spreadsheet services etc. etc.
They have had a risk raised and group IT are pushing to get a plan of action with timelines to remediate in place.
I am sure that there are many other clients that will be looking to remediate soon. A roadmap would be great.
TIA, George.
------------------------------
George Tonkin
Original Message:
Sent: Tue January 11, 2022 08:47 AM
From: Steven Rowe
Subject: Log4j and PAL / TM1 DB - Time for an update?
Hi,
The version of log4j that ships with the TM1DB is 1.2.17
As shown at this location.
...\Program Files\ibm\cognos\tm1_64\bin\log4j-1.2.17.jar
Given the recent focus on this component, please can IBM make a statement on updating the version of log4j that ships with the DB?
This is now triggering alerts with customers internal scanning and questions are being asked about this and more generally about the policy of keeping these components up to date.
Version 1.2 was of end of lifed in Aug - 2015.....
Many thanks,
------------------------------
Steven Rowe
Technical Director, InfoCat
------------------------------
#PlanningAnalyticswithWatson