Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.
Hello
I have WAS ND version 9.0.0.8 installed on distributed platforms
Could you tell me which iFix I have to apply?
The one indicated on the IBM support page is not correct:
https://www.ibm.com/support/pages/node/6525672
Thanks
Hello Leandro,
We have published a new security bulletin along with an updated FAQ which is addressing other vulnerabilities related to Log4J other versions. Please review and plan to apply this ifix asap (or) use remediate steps. This new ifix will simply remove both V1.x and V2.x versions of Log4J from WAS product without losing any functionality. This new ifix completely supersedes the previous bulletin and fix. If you have not already installed PH42728 only need to install PH42762. If you did install PH42728 still you need to apply this new one PH42762.
Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server and IBM WebSphere Application Server Liberty (CVE-2021-4104, CVE-2021-45046) https://www.ibm.com/support/pages/node/6526750 Also please check following FAQ: https://www.ibm.com/support/pages/node/6525860
To apply this ifix PH42762, your WAS version must be at least at 9.0.5.3 level.
If you can't apply the ifix now you can follow workaround steps as documented in the above link.
I hope this helps.
Thank you
Vikram