The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 has been updated. We are actively assessing the latest Log4j developments and will share updates accordingly. With so much active industry research on Log4j, mitigation and remediation recommendations will evolve. Work continues to mitigate or remediate these vulnerabilities in products and services that already have released a remediation based on Log4j 2.15. IBM is aware of additional, recently disclosed vulnerabilities in Apache Log4j, tracked under CVE-2021-45105 and CVE-2021-45046. Where possible, the dependency on Log4j is removed entirely.
Product teams are releasing remediations for Log4j 2.x CVE-2021-44228 as fast as possible, moving to the latest version that’s available when they are developing a fix. IBM’s top priority remains the security of our clients and products.
0 kommentar(er)
