IBM i Global

IBM i Global

Connect, learn, share, and engage with IBM Power.

 View Only

  • 1.  IBM I and Log4j vulnerability.

    Posted Wed December 15, 2021 08:45 AM
    Hello everybody,
    I kindly ask you if someone know a possible vulnerability under IBM I in my case the customer have V7R4M0 - TL21091.
    If yes, customer ask me when PTF will be available.
    Thx in advance for your help.

    Best Regards
    Tiziano

    ------------------------------
    Tiziano Marchese
    ------------------------------

    ------------------------------
    Tiziano Marchese
    ------------------------------


  • 2.  RE: IBM I and Log4j vulnerability.

    Posted Wed December 15, 2021 12:28 PM
    On 12/15/21 6:44 AM, Tiziano Marchese via IBM Community wrote:


    Here is one link:
    https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products

    > Hello everybody,
    > I kindly ask you if someone know a possible vulnerability under IBM I in my case the customer have V7R4M0 - TL21091.

    --
    Jack J. Woehr # Ideology is a prosthesis for people who lack ideas, and
    www.well.com/~jax # methodology is a prosthesis for people who lack method.
    www.softwoehr.com # - Yours truly


    Original Message


  • 3.  RE: IBM I and Log4j vulnerability.

    Posted Wed December 15, 2021 04:32 PM

    Hello,
    I don't normally jump into software discussions but I thought I'd make an exception on this one to help keep folks up to date.

    For those within the community that do not follow Scott Forstie on Twitter or maybe you missed his post on Monday please have a look at the following.  He has provided an SQL to help find objects that have the string "log4j" in their name.
    Use this query within the new nav while you are at it, I'm sure it would make Tim Rowe a happy person.
    https://twitter.com/Forstie_IBMi/status/1470429621028110352

    Here is a direct link to the SQL he has provided in GitHub.
    https://gist.github.com/forstie/9662d4c302f5224c66b7a4c409141a2c

    In addition to the above please also review the IBM link regarding this vulnerability.
    https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/

    Regards,
    Douglas


    Douglas Gibbs
    IO Product Manager, IBM Cognitive Systems
    IBM Canada Ltd.
    905-413-5334

    "Jack Woehr via IBM Community" ---12/15/2021 12:28:24 PM---On 12/15/21 6:44 AM, Tiziano Marchese via IBM Community wrote: Here is one link:




    Original Message


  • 4.  RE: IBM I and Log4j vulnerability.

    Posted Thu December 16, 2021 06:47 AM
    The link to Scott Forstie's posting was very informative and helped determine if there were any vulnerabilities. It was a perfect opportunity to learn how to use the new Run SQL Scripts in ACS which saved alot of time as using the green screen SQL was painful at best.  It was time replace the old ways.

    ------------------------------
    Michael Garczynski
    Director - SAP Architecture
    DAP Products
    ------------------------------

    Original Message


  • 5.  RE: IBM I and Log4j vulnerability.

    Posted Thu December 16, 2021 08:41 AM
    Here is a helpful article on the topic.
    https://www.itjungle.com/2021/12/15/critical-log4j-vulnerability-hits-everything-including-the-ibm-i-server/

    ------------------------------
    Matt Seeberger
    Power i Engineer
    CMA Technology Solutions
    ------------------------------

    Original Message


  • 6.  RE: IBM I and Log4j vulnerability.

    Posted Thu December 16, 2021 10:48 AM
    Suggest to follow this page -> https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products

    ------------------------------
    Markus Neuhold
    ------------------------------

    Original Message


  • 7.  RE: IBM I and Log4j vulnerability.

    Posted Tue January 04, 2022 02:37 PM
    Tiziano,
    I have been compiling a list of resources for this. Check out this link: https://gist.github.com/thebeardedgeek/284e627d2d67ecb917fda48ac7056aaf

    ------------------------------
    Matt Seeberger
    Power i Engineer
    CMA Technology Solutions
    ------------------------------

    Original Message