Global Data Management Forum

 View Only
Expand all | Collapse all

Is MDM susceptible to the CVE-2021-44228 (LOG4J) vulnerability? (OFFICIAL IBM RESPONSE)

  • 1.  Is MDM susceptible to the CVE-2021-44228 (LOG4J) vulnerability? (OFFICIAL IBM RESPONSE)

    Posted Mon December 13, 2021 03:10 PM

    A recent security vulnerability has been identified regarding Apache log4j, known as CVE-2021-44228 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228).

    The vulnerability only applies to log4j versions greater than v2.0 and <= v2.14.1.

    MDM Standard and Advanced Editions do NOT use log4j version 2.x, we are currently on version 1.x. Therefore this vulnerability does not apply to MDM.





    #DataManagementGlobal
    #MasterDataManagement
    #Support
    #SupportMigration


  • 2.  RE: Is MDM susceptible to the CVE-2021-44228 (LOG4J) vulnerability? (OFFICIAL IBM RESPONSE)

    Posted Wed December 15, 2021 12:29 AM

    Updated information:

    ---

    We are continuing to investigate the impact and potential resolution of the Log4J vulnerability.

    At this moment we do not have a specific statement apart from:

    https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/

    As soon as we have a document/steps we will make it public and share it with our customers who have enquired about the issue.





    #DataManagementGlobal
    #MasterDataManagement
    #Support
    #SupportMigration