The affected versions as stated by IBM are V10 and V9R2 but whether this means V9R1 isn't affected, or just that as it's no longer supported they aren't checking it, I don't know.
I'm stuck with some older CR8 models for the moment, so an EFIX for V9R1 would be nice (if required), or at the very least a confirmation if it is affected or not.
At worst some commands to run via pesh access would do.
------------------------------
Matt Dulson
------------------------------
Original Message:
Sent: Wed December 15, 2021 11:47 AM
From: Robert Wood
Subject: Log4j fix for HMC V9R1 M942?
And if not, is there any workaround for this vulnerability? Something that can be done on the internal firewall of the HMC? Or shut down the web UI for now and just use ssh and the command line?
------------------------------
Robert Wood
Original Message:
Sent: Wed December 15, 2021 09:27 AM
From: Robert Wood
Subject: Log4j fix for HMC V9R1 M942?
We've still got a 7042-OE1 HMC that does not appear to be upgradeable to V9R2, so we're stuck at V9R1 until early next year when we get replacement HMCs. Is there any change a log4j fix will be made available for V9R1?
------------------------------
Robert Wood
------------------------------