The holiday season is shaping up to be busy for those patching systems affected by the critical flaw in the Log4j Java application error logging library.
IBM has confirmed several of its major enterprise products are affected by the Log4j bug. On Thursday, the company confirmed that the IBM Db2 Warehouse, which uses Log4j, allowed a remote attacker to execute arbitrary code on the system. Log4j is used in the Db2 Federation feature. IBM has released a special fix pack and mitigation notes for Db2 version 11.5 systems that are vulnerable if certain Federation features are configured.
Since Wednesday, IBM has released Log4j fixes for over a dozen cloud products, spanning security and identity, analytics, databases, managed VMware services, and Watson AI products. It has also released fixes for 20 on-premises IBM products for Cognos business intelligence, Power hardware, WebSphere, Watson, and more.
LOG4J FLAW COVERAGE – WHAT YOU NEED TO KNOW NOW
IBM is continually updating the list of products affected by the flaw and those it has confirmed are not impacted.
Dozens of Cisco products are affected by Log4j, too. On Friday, Cisco will release numerous firmware and hotfix updates that address the flaw, followed by more updates scheduled over the weekend and over the following week