iACS Log4J vulnerability - RDi version? - Code400 -The Support Alternative

Vectorspace

Experienced Forum Member

Join Date: Sep 2015

Posts: 720
- Share
- Tweet
#1

iACS Log4J vulnerability - RDi version?

January 14, 2022, 02:26 AM

So I just noticed that iACS versions up to v1.1.8.6 are (technically) vulnerable to Log4J, 1.1.8.8 is the latest

And I know that iACS is included in RDi. We just updated RDi to 9.6.0.10 (just before 9.6.0.11 landed), and I checked and it incuides iACS 1.1.8.3.
Soes anyone who has the latest version of RDi know what version of iACS it includes?
Tags: None
Vectorspace

Experienced Forum Member

Join Date: Sep 2015

Posts: 720
- Share
- Tweet
#2

January 14, 2022, 02:56 AM

The RDi change log does not list a version update for iACS in RDi 9.6.0.11: https://www.ibm.com/support/pages/node/603339

But the security bulliten does not mention the impact from having it bundled with RDi, or a need for a future RDi patch to fix the bundled RDi: https://www.ibm.com/support/pages/no...ers-_-NULL-_-E

Or the need to install PTFs to update the iACS version bundled on the IBMi on the IFS (Unless the PTFs to fix the vulnerability in Integrated Web Services Server (IWS) V2.6 include a bundled iACS update)
Comment

Announcement