Hello,
IBM release Workarounds for several ISP components
IBM Spectrum Protect Client web user interface
Affected versions:
8.1.7.0-8.1.13.0 (Linux and Windows)
8.1.9.0-8.1.13.0 (AIX)
https://www.ibm.com/support/pages/node/6527080?myns=swgtiv&mynp=OCSSEQVQ&mync=E&cm_sp=swgtiv-_-OCS
Hello,
Currently this is the safest way to fix that problem (in my opinion):
zip -q -d log4j-core-2.nn.n.jar
org/apache/logging/log4j/core/lookup/JndiLookup.class
The Log4J v1.x does also have a problem:
CVE-2019-17571 and CVE-2017-5645
The CVE-2019-17571 issue is also fixed by the fix for
It's a moving target. They just announced a second vulnerability and have
released 2.16. I would not be surprised they find more!
https://www.zdnet.com/article/second-log4j-vulnerability-found-apache-log4j-2-16-0-released/
On Wed, Dec 15, 2021 at 5:28 AM Alexander Heindl <
alexander.hei...@gene
that's correct.
for me it's just a workaround until IBM provides a fix for it.
8.1.12 and 8.1.13: both use 2.13.3.
Regards,
Alex Heindl
Von:"Rainer Tammer"
An: ADSM-L@VM.MARIST.EDU
Datum: 15.12.2021 11:20
Betreff:[EXTERNAL] Re: [ADSM-L] Antwort: Re: [ADSM-L] Any impact
on S
Hello,
You have to be careful with that. The switch does only work if Log4J is
2.10 or higher.
Bye
Rainer
On 15.12.2021 10:29, Alexander Heindl wrote:
What I did on Windows with ISP Client 8.1.12, Webrestore installed and
running:
add the last line (-Dlog4j2.formatMsgNoLookups=true) in
C:\
What I did on Windows with ISP Client 8.1.12, Webrestore installed and
running:
add the last line (-Dlog4j2.formatMsgNoLookups=true) in
C:\IBM\SpectrumProtect\webserver\usr\servers\veProfile\jvm.options, so
that it looks like this:
--8<--
#Thu Oct 30 15:00:5