ibmi-brunch-learn

Announcement

Collapse
No announcement yet.

Is IBMi IWS impacted due to log4J vulnerability

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Is IBMi IWS impacted due to log4J vulnerability

    Hi

    I could not find any information about IBM-I IWS vulnerability due to Log4J. We use IWS and wanted to know if it used apache Log4J logger and hence whether it is vulnerable. Appreciate any help.
    Tags: as400, iseries, java, log4j, rpg/rpgle
  • #2
    Simplest and most accurate answer will come from a Service call to IBM.

    I would expect to have seen warnings on IBM's web site if it were an issue but ...

    It wouldn't be a bad idea to dig out Scott Forstie's SQL query that digs into your IFS for any sign of the log4j code. You may have installed other things that use it that you are unaware of.
    • Likes 1

    Comment

    • #3
      IBM's official response to this is here: https://www.ibm.com/blogs/psirt/ they have a list of products that are affected/unaffected and are updating the list as they find others.
      • Likes 1

      Comment

      • #4
        Thank you very much for the responses. That helped. IBM-I http server is listed in their product list as not impacted.

        Comment

        Previous template Next
        Working...
        X