Questions about the CVE-2021-44228 vulnerability

View Only

Expand all | Collapse all

Questions about the CVE-2021-44228 vulnerability

1. Questions about the CVE-2021-44228 vulnerability

0 Like
SangGyu Jeong
Posted Mon December 13, 2021 12:40 AM

Reply Reply Privately
Hello All,
I have a question about a vulnerability related to Log4j.

The document below is an update on the vulnerabilities of Log4j-related classes.
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/

The files informixhq-agent.jar and informixhq-server.jar contain the Log4j class.
How can I check if this class is the version where the vulnerability exists?

Thanks,
SangGyu Jeong

------------------------------
SangGyu Jeong
Software Engineer
Infrasoft
Seoul Korea, Republic of
------------------------------
2. RE: Questions about the CVE-2021-44228 vulnerability

0 Like
Markus Holzbauer
Posted Mon December 13, 2021 04:38 AM

Reply Reply Privately
I would say, I would not use informixhq with the latest Informix Server versions..

Cheers,

Markus

------------------------------
Markus Holzbauer
------------------------------

Original Message
3. RE: Questions about the CVE-2021-44228 vulnerability

0 Like
Markus Holzbauer
Posted Mon December 13, 2021 05:25 AM

Reply Reply Privately
You can verify if your Version is affected with:

$ cd $INFORMIXDIR/hq

$ unzip -l informixhq-agent.jar|grep log4j/core/lookup/JndiLookup.class >/dev/null 2>&1 && echo "fix needed"

Cheers,

Markus

------------------------------
Markus Holzbauer
------------------------------

Original Message
4. RE: Questions about the CVE-2021-44228 vulnerability

0 Like
Paul Watson
Posted Mon December 13, 2021 07:21 AM

Reply Reply Privately
The recommendation I got from IBM via a PMR was not to use HQ until the dev team have investigated further

Cheers
Paul

Paul Watson
Oninit LLC
+1-913-387-7529
www.oninit.com
Oninit®️ is a registered trademark of Oninit LLC

Original Message

Informix

Questions about the CVE-2021-44228 vulnerability

SangGyu JeongMon December 13, 2021 12:40 AM

Markus HolzbauerMon December 13, 2021 04:38 AM

Markus HolzbauerMon December 13, 2021 05:25 AM

Paul WatsonMon December 13, 2021 07:21 AM

SangGyu JeongMon December 13, 2021 07:42 AM

Scott PickettMon December 13, 2021 09:01 AM

Kate TomchikMon December 13, 2021 03:09 PM

Andreas LegnerTue December 14, 2021 06:47 AM

Brian HughesTue December 14, 2021 09:42 AM

Ramon ReyTue December 14, 2021 10:49 AM

Doug LawryMon December 13, 2021 06:45 PM

Scott PickettMon December 13, 2021 06:59 PM

Snorri BergmannTue December 14, 2021 09:31 AM

Paul WatsonTue December 14, 2021 11:40 AM

Paul WatsonTue December 14, 2021 12:35 PM

Marc DemhartnerWed December 15, 2021 05:03 AM

1. Questions about the CVE-2021-44228 vulnerability

2. RE: Questions about the CVE-2021-44228 vulnerability

3. RE: Questions about the CVE-2021-44228 vulnerability

4. RE: Questions about the CVE-2021-44228 vulnerability