Websphere Application Server – V8.5 & V9.0Ĭommon programs that appear to not be affected by the Log4j vulnerabilities:.Power Hardware Management Console (HMC) – V9.2.950.0 & V.0.Software products that are affected by Log4j 2.x version: Integrated Application Server (IAS) – IBM i 7.2 – V7.1 and V8.1.Integrated Web Services Server (IWS) – IBM i 7.4, 7.3, and 7.2-V2.6.IBM Navigator for i (heritage version only) – IBM i 7.4, 7.3, and 7.2.IBM i Access Client Solutions – 1.1.8.6 and earlier.Software products that are affected by Log4j 1.x version:
After combing multiple sites, working directly with many areas of IBM technical support to understand the breadth of the impact and helping multiple clients mitigate the vulnerability we’ve compiled the list below. Unfortunately, we have not been able to locate a single source listing of all IBM i products that have been affected by the Log4j 1.x and Log4j 2.x vulnerabilities. There are two versions of Log4j, (1) 1.x and (2) 2.x. The Log4j vulnerability makes it possible for an unauthenticated attacker to access a system remotely. It is a widely used open-source logging library for Java. Log4j refers to Apache’s Log4j Java Library (also known as Log4Shell).
You’ve probably already heard about Log4j but did you know that IBM i is also vulnerable? There are several steps that need to be taken to mitigate the Log4j vulnerability.
