Log4Shell Archives

Log4j Security Hole Found In OmniFind Text Search Server

March 14, 2022 Timothy Prickett Morgan

Who would have thought that a logging utility written in Java and available for more than two decades could cause so much trouble? But that is the nature of the Log4j security vulnerability, which has been installed in all kinds of systems software and which had a Log4Shell vulnerability that was discovered by Chinese computing giant Alibaba on November 24 last year and that was revealed to the world on December 9 as a zero-day vulnerability.

There are several areas of the IBM i software stack that use the Log4j logging utility, which is one of the many Apache open …
Read more
IBM i PTF Guide, Volume 24, Number 10

March 7, 2022 Doug Bidwell

This week, there are a bunch of security bulletins about yet more new vulnerabilities, this time in the HTTP Server and the Samba Windows file server clone that are embedded in the IBM i operating system. There is also a partial mitigation against Log4j/Log4Shell vulnerabilities, and you may get a laugh or a cry out of this one. Maybe both. OK, probably both. Let’s go through them all.

First, there is Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224, which you can read about here at this link. With this vulnerability, the Apache …
Read more
Log4j Hits Heritage Version of Navigator for i – No Patch Coming

January 12, 2022 Alex Woodie

IBM i shops running the old version of the Navigator for i client should be aware that the software is vulnerable to the Log4j security vulnerability, and there will be no patch to fix it, IBM says in a new security bulletin. There will, however, be fixes coming to other vulnerable components, including IWS, IAS, and IBM i Access Client Solutions (ACS), IBM says.

Just before we hit the holiday break, the extremely severe Apache Log4j security vulnerability was disclosed to the world, resulting in a frantic effort to patch servers, desktops, refrigerators – just about anything with a …
Read more
IBM i Community Predictions for 2022, Part 2

January 12, 2022 Alex Woodie

The new year is upon us, which means it’s time for predictions. We continue where we left off on Monday with our second installment of predictions from the IBM i community.

The way Fresche Solutions Chief Product Officer Marcel Sarrasin sees it, 2022 will be a period of heightened competition in the business jungle.

“Technology advancements and changing markets will drive new competitive threats in 2022, creating the urgent need for new digital solutions to help companies thrive, survive and grow,” Sarrasin says. “Focus will be on new IT products and applications that will deliver improved business processes, pave the …
Read more
IBM i PTF Guide, Volume 24, Number 2

January 12, 2022 Doug Bidwell

The Log4j and Log4Shell saga continues here in the second edition of the IBM i PTF Guide in 2022, which is a fast follower to the one we published just two days ago. IBM has issued a new Security Bulletin, explaining that IBM i components are affected by CVE-2021-4104 (Log4j version 1.X), and the full details about the security exposure and mitigation techniques can be found at this link.

Here are the affected products and their versions:
- IBM Navigator for i (heritage version only): IBM i 7.4, 7.3, and 7.2 – the heritage version
- Integrated Web Services Server (IWS):
…
Read more
IBM i PTF Guide, Volume 24, Number 1

January 10, 2022 Doug Bidwell

While we were away on holiday, the Log4J and Log4Shell vulnerabilities hit the enterprise systems of the world, including the IBM i platform. So right off the bat here with the first edition of The IBM i PTF Guide in 2022, we want to point you to Big Blue’s Log4j/Log4Shell on IBM i update, which will help you figure out if you are vulnerable. See more at this link.

Here are the Security Bulletins for this:

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC V9

Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC V8

Security …
Read more
Critical Log4j Vulnerability Hits Everything, Including the IBM i Server

December 15, 2021 Alex Woodie

Hackers gave themselves an early Christmas present this year with a critical security flaw in Log4j, a popular logging framework that is used across many programs, including some that run on IBM i. IBM i shops are encouraged to take this flaw very seriously, as the vulnerability already is being actively exploited in the wild. However, finding where Log4j exists in your stack is not always simple, which makes this particular flaw particularly nasty.

The Log4j zero-day vulnerability, which was disclosed last week by security researchers with CERT New Zealand, was logged into the National Vulnerability Database as CVE-2021-44228 …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

Log4j Security Hole Found In OmniFind Text Search Server

IBM i PTF Guide, Volume 24, Number 10

Log4j Hits Heritage Version of Navigator for i – No Patch Coming

IBM i Community Predictions for 2022, Part 2

IBM i PTF Guide, Volume 24, Number 2

IBM i PTF Guide, Volume 24, Number 1

Critical Log4j Vulnerability Hits Everything, Including the IBM i Server

Content archive

Recent Posts

Subscribe

Pages

Search