Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228 CVSS 10.0)
Download Description
ERROR DESCRIPTION:
Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228 CVSS 10.0)
PROBLEM SUMMARY:
Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228 CVSS 10.0)
PROBLEM CONCLUSION:
The fix for this APAR is currently targeted for inclusion in fix packs 8.5.5.21, 9.0.5.11.
For more information, see 'Recommended Updates for WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553
Note: WebSphere Application Server 7.0 and 8.0 reached End of Support on April 30, 2018 and the embedded IBM Java SDK is no longer receiving security updates. Current information is that the version of log4j included in WebSphere Application Server 7.0 and 8.0 is not impacted by CVE-2021-44228. IBM recommends all users running 7.0 and 8.0 upgrade to 8.5.5, 9.0 or WebSphere Liberty.
Prerequisites
Installation Instructions
CRITICAL: Review the readme.txt for detailed installation instructions. This interim fix has special requirements.
URL | SIZE(Bytes) |
---|---|
V85 readme | 2458 |
V90 readme | 2600 |
Download Package
IMPORTANT NOTE:
|
WebSphere Application Server fix access requires S&S Entitlement in 2021. Use properly registered IDs to download the fixes in this table.
|
DOWNLOAD | RELEASE DATE | SIZE(Bytes) | APPLICABLE FIX PACKS |
DOWNLOAD Options |
---|---|---|---|---|
9.0.5.3-WS-WASProd-IFPH42728 | 12 December 2021 | 11345798 | 9.0.5.3 through 9.0.5.10 | FC |
8.5.5.11-WS-WASProd-IFPH42728 | 12 December 2021 | 9020471 | 8.5.5.11 through 8.5.5.20 | FC |
Problems Solved
PH42728, PH37034
Technical Support
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
02 March 2022
UID
ibm16525672