The Apache Log4j Vulnerability

12Jan
Blog

You might have heard the terms “the Apache Log4j” or “the Log4Shell Vulnerability” a lot in the past few weeks. The flaw has the potential to affect millions of systems and their users through a relatively obscure piece of software called Log4j. 

Log4j records events such as error reports and relays diagnostic messages between systems, their administrators, and the end user. For example, when you try to log into a website that isn’t working correctly you get a 404 message. Log4j will record this failed attempt to load the website for the site’s server hosting the website. The use of Log4j isn’t however just limited to records and messages on websites, it can be found in a wide range of systems and applications in the digital world.

The vulnerability has occurred due to the fact that Log4j allows users to specify custom coding for formatting a log message. Unfortunately, this formatted code can be customised for much more than just formatting log messages, it could be used to steal sensitive information, take control of systems or slip malicious content onto a device.

 A major concern is that Log4j is used widely across the digital world, meaning millions could be affected. The systems predicted to be at risk including IBM Information Server and its Components. IBM therefore recommends that you address the issue without delay using the steps described in the Tech Bulletin below.

IBM has created an Information Server Tech bulletin that contains details of the problem and steps to mitigate the vulnerability, which can be found here.

https://www.ibm.com/support/pages/node/6527372

One of the steps requires a JVM option to be added to WebSphere, here is a link that shows you where to find the place to do this. NOTE you will need to apply the option in the Tech Bulletin not on the video.

We hope that this information is of value to ‘Information Server Users’ and if you need any professional consultancy services to help you resolve this element then please get in touch

Share this post

Related Posts

25Sep

Unveiling the ESG Buzz: How SmallNet Can Guide Businesses Towards Sustainable Success

In the ever-evolving landscape of modern business, one acronym has risen... read more

08Jun

Understanding Data Governance

What is Data Governance and what does it mean? There are many... read more

24Mar

What is Data Fabric?

Today, IBM is introducing an intelligent data fabric in the next... read more

24Mar

Small Net DATA Fabric

This blog is a HIGH-level viewpoint/discussion around ‘What is a Data... read more

Business Intelligence Modernisation
03Sep

Modernise Your BI Architecture to keep up with changing Demands

By Simon Fryett The world of Business Intelligence (BI) has been rapidly... read more

03Feb

What is Data Integration (DI) ?

What is Data integration? Typically this is described as the combination... read more

03Feb

Meet the team: Simon Fryett, MD, Smallnet

I established SmallNet at the turn of the Millennium with the... read more