Is CVE-2019-17571 vulnerability impacting IBM Log Analysis?

Question & Answer

Question

Answer

log4j v1.2.16 used by IBM Log Analysis (LA) is an affected version mentioned in CVE-2019-17571 vulnerability description. However the log4j capability to access remote logs thru its SocketServer class (where the vulnerability exist) is not enable or use in Log Analysis. log4j is use for basic logging within LA.

Therefore Log Analysis is not impacted by CVE-2019-17571.

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSPFMY","label":"IBM Operations Analytics - Log Analysis"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"1.3.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Tips

Is CVE-2019-17571 vulnerability impacting IBM Log Analysis?

Question & Answer

Question

Answer

Product Synonym

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?

Tips

Is CVE-2019-17571​ vulnerability impacting IBM Log Analysis?

Question & Answer

Question

Answer

Product Synonym

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?

Is CVE-2019-17571 vulnerability impacting IBM Log Analysis?