Flashes (Alerts)
Abstract
I am using IBM Content Management Interoperability Services (IBM CMIS), what is the impact of CVE-2021-44228?
Content
CVE-2021-44228 describes a vulnerability in the Apache Log4j 2.X Java library dubbed Log4Shell.
In IBM Content Management Interoperability Services (IBM CMIS) 3.0.6 onwards, log4j file is not used. Therefore, IBM CMIS is not vulnerable to this vulnerability.
In IBM Content Management Interoperability Services (IBM CMIS) 3.0.6 onwards, log4j file is not used. Therefore, IBM CMIS is not vulnerable to this vulnerability.
IBM CMIS includes IBM FileNet CMIS (FNCMIS), IBM Content Manager CMIS (CMCMIS) and IBM Content Manager OnDemand(CMOD)
Version releases older than IBM CMIS 3.0.6, use Log4j 1.x version which is not vulnerable to this vulnerability.
For an IBM perspective on this vulnerability, review the information from IBM at:
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
NOTE:- Any log4j jar files found under CMIS folder can be deleted manually for CMIS 3.0.6 and above. This wont have any impact of CMIS functionality.
These are the list of files which can be deleted without any impact to CMIS functionality.
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVNV","label":"FileNet Content Manager"},"ARM Category":[{"code":"a8m50000000ChyqAAC","label":"CMIS"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
18 March 2022
UID
ibm16527958