Difference between revisions of "Apache Log4j & CMOD ODWEK ICN"

Jump to navigation Jump to search

Apache Log4j & CMOD ODWEK ICN (view source)

Revision as of 14:02, 14 December 2021

572 bytes added ,  14:02, 14 December 2021
Updated with IBM Technote on CMOD log4j - reformatted table and added Comment Field.
m (One last edit.)
(Updated with IBM Technote on CMOD log4j - reformatted table and added Comment Field.)
Line 4: Line 4:
This issue has been assigned the following designation:  CVE-2021-44228 and scores a 10 out of 10 on the Common Vulnerability Scoring System (CVSS)
This issue has been assigned the following designation:  CVE-2021-44228 and scores a 10 out of 10 on the Common Vulnerability Scoring System (CVSS)


There is now an official technote from IBM on the CMOD / Log4j issue: https://www.ibm.com/support/pages/node/6525888
There are now official TechNotes from IBM on the CMOD / Log4j issue:
 
[https://www.ibm.com/support/pages/node/6525888 Is IBM Content Manager OnDemand (CMOD) Version 10.5 impacted by the log4j security vulnerabilities related to CVE-2021-44228?]
 
[https://www.ibm.com/support/pages/node/6525892 Is IBM Content Manager OnDemand (CMOD) Version 10.1 impacted by the log4j security vulnerabilities related to CVE-2021-44228?]


== Announcements ==
== Announcements ==
Line 25: Line 29:
== Versions Shipped with CMOD ==
== Versions Shipped with CMOD ==
{| class="mw-collapsible wikitable" style="text-align: center;
{| class="mw-collapsible wikitable" style="text-align: center;
!CMOD Version||Apache Log4j version(s)||Vulnerable version?   
!CMOD Version||Apache Log4j version(s)||Vulnerable version? ||Comment
|-
|-
|CMOD & ODWEK v9.0|| N/A || <span style="color: green;>NO</span>
|CMOD & ODWEK v9.0|| N/A || N/A
|style="text-align: left;|Log4j isn't used in CMOD v9.
|-
|-
|CMOD & ODWEK v9.5|| N/A || <span style="color: green;>NO</span>
|CMOD & ODWEK v9.5|| N/A || N/A
|style="text-align: left;|Log4j isn't used in CMOD v9.
|-
|-
|CMOD & ODWEK v10.1|| v2.6.x || <span style="color: red;>YES</span>
|CMOD & ODWEK v10.1|| v2.6.x || <span style="color: red;>YES</span>
|style="text-align: left;|Log4j is only included with CMOD v10.1 FP6 and higher.</span>
|-
|-
|CMOD & ODWEK v10.5|| v2.13.x|| <span style="color: red;>YES</span>
|CMOD & ODWEK v10.5|| v2.13.x|| <span style="color: red;>YES</span>
|style="text-align: left;|Log4j is included in the base level and all Fixpacks of CMOD v10.5.</span>
|-
|-
|ICN v2.0.3 || TBD || TBD
|ICN v2.0.3 || TBD || TBD
|-
|-
|ICN v3|| v1.2.x || <span style="color: green;>NO</span>
|ICN v3|| v1.2.x || <span style="color: green;>NO</span>
|style="text-align: left;|ICN v3 is not vulnerable in the default configuration, but sites that have enabled the JMSAppender feature could be exploited.
|}
|}


ICN v3 is not vulnerable in the default configuration, but sites that have enabled the JMSAppender feature could be exploited.
 


== Impact ==
== Impact ==
Retrieved from "https://CMOD.wiki/index.php?title=Special:MobileDiff/1046"

Navigation menu