The list will continue to be updated.Ī list of IBM Cloud Services that have been remediated for Log4j 2. AEM as a Cloud Service logs for cloud services can be accessed either by downloading through the Cloud Manager interface or by tailing logs at the command line using the using the Adobe I/O command line interface. The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 has been updated. The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 and the list of IBM Cloud Services that have been remediated for Log4j 2.x CVE-2021-44228 has been updated. The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 has been updated to distinguish between IBM Cloud Services and other products.Ī list of published Security Bulletins for Log4j 2.x CVE-2021-44228 has also been added to the Remediated Products section. The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 and the list of products that have been remediated for Log4j The CVE-2021-44228 mitigation from Apache referenced below has been updated to reflect the latest guidance on Apache’s advisory page. The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 and the list of products that have been remediated for Log4j 2.x CVE-2021-44228 has been updated. The reference list of security bulletins for remediated products has been updated with links to help better find the Log4j-related bulletins published for that product. The list of products that have been remediated for Log4j 2.x CVE-2021-44228 has been updated.Ī link to the IBM Cloud Security Bulletins page been added for IBM Cloud Services updates on more recent Log4j 2.x vulnerabilities. The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 and the list of products that have been remediated for Log4j 2.x CVE-2021-44228 have been updated.
We are actively assessing the latest Log4j developments and will share updates accordingly. With so much active industry research on Log4j, mitigation and remediation recommendations will evolve. Work continues to mitigate or remediate these vulnerabilities in products and services that already have released a remediation based on Log4j 2.15. IBM is aware of additional, recently disclosed vulnerabilities in Apache Log4j, tracked under CVE-2021-45105 and CVE-2021-45046. Where possible, the dependency on Log4j is removed entirely. Product teams are releasing remediations for Log4j 2.x CVE-2021-44228 as fast as possible, moving to the latest version that’s available when they are developing a fix. IBM’s top priority remains the security of our clients and products.