News
Abstract
Is Sterling Order Management affected by CVE-2021-44228?
Content
Components
|
Current log4j Version
|
Impacted by CVE-2021-44228 ?
|
Immediate Mitigation Plan
|
Latest Status
|
Sterling Order Management SaaS, On-prem and Certified Containers (including Store Engagement & Call Center)
|
v1.x
|
No (The previous version in use was not impacted)
|
Upgraded to v2.17.1 on Mar 31st, 2022 (both SaaS and On-prem)
|
Sterling Order Management SaaS: Upgraded to v2.17.1 as part of 22.1 Minor Update 1
Sterling Order Management On-prem: Upgraded to v.2.17.1 as part of Fix Pack 30 |
Inventory Visibility
Microservice
|
v2.14.0
|
Yes
|
Upgraded to v2.15.0 on Dec 13th, 2021
|
Upgraded to v2.17.0 on Jan 13th, 2022.
|
Promising
Microservice
|
v2.13.3
|
Yes
|
Upgraded to v2.15.0 on Dec 13th, 2021
|
Upgraded to v2.17.0 on Jan 13th, 2022.
|
OMS Data Exchange Service
|
v2.11.1
|
Yes
|
Upgraded to v2.15.0 on Dec 13th, 2021
|
Upgraded to v2.17.0 on Jan 12th, 2022.
|
Store Inventory Management
Microservice
|
v2.13.1
|
Yes
|
Upgraded to v2.15.0 on Dec 14th, 2021
|
Upgraded to v2.17.0 on Jan 12th, 2022.
|
Order Hub
|
v2.13.1
|
Yes
|
Upgraded to v2.15.0 on Dec 14th, 2021
|
Upgraded to v2.17.0 on Jan 13th, 2022.
|
Sterling Fulfillment Optimizer ( SFO)
|
v2.14.0
|
Yes
|
Upgraded to v2.15.0 on Dec 14th, 2021
|
Upgraded to v2.17.0 on Jan 13th, 2022.
|
CPQ: Omni- Configurator and VM
|
v2.14.0 (v10)
v1.x (v9.5)
|
v10 - Yes
v9.5 - No
|
Upgraded to v2.15.0 as part of VMOC FP23 released on Dec 15th, 2021.
|
Upgraded to v2.17.0 as part of VMOC FP24 released on Jan 7th, 2022.
|
CPQ: Field Sales Application
|
v1.x
|
No (The current version in use is not impacted)
|
NA
|
As a part of the standard stack upkeep policy, IBM will upgrade the log4j version to v2.17.0 (or higher) by 1H 2022.
NOTE: The latest Fix Pack will be required to obtain this upgrade. |
Related Information
CVE-2021-44228 - National Vulnerability Database
CVE-2021-44228 - GitHub Advisory Database
Comments on the CVE-2021-44228 vulnerability
Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application …
Does IBM MQ ship Apache Log4J?
Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to an i…
Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® …
Security Bulletin: IBM Cognos Analytics: Apache log4j Vulnerability (CVE-2021-4…
Was this topic helpful?
Document Information
Modified date:
23 May 2022
UID
ibm16525544