Log4j Library Security Vulnerability – Your ILMT Could Be Affected
IBM has addressed the recently discovered Apache Log4j 2 Java library security vulnerability and ensured customers that they are working on preparing a fix for all parts of the business.
This vulnerability has been classed as ‘critical’ severity by IBM.
IBM License Metric Tool is one of the products affected by this vulnerability and IBM has now released information about potential fixes. The affected component is the VM Manager Tool in versions 18.104.22.168 – 22.214.171.124.
The official fix from IBM addressing this issue is delivered in the most recent ILMT 126.96.36.199 upgrade. By deploying the 188.8.131.52 upgrade the Log4j 1.x library will be removed from the server. This is the preferred way to mitigate the vulnerability.
If upgrading your ILMT isn’t an option right now, IBM also suggested two workarounds:
- Manually upgrade Log4j library
- Configuration change for the current version of the Log4j library
You can find more information about the preferred fix and both workarounds here: https://www.ibm.com/support/pages/node/6525762
All FisherITS ILMT365 cloud managed service customers can be assured that their instance of ILMT has been updated.
If you need to discuss this critical vulnerability issue with an ILMT expert, please contact FisherITS to arrange a free of charge thirty-minute call.