Skip to Content
Dec 16, 2021 at 09:21 AM

DB2 LUW 11.5 log4j CVE-2021-44228

1195 Views Last edit Dec 16, 2021 at 09:25 AM 4 rev


SAP mentioned in note 3130882 - IBM Db2 log4j vulnerability log4j vulnerability CVE-2021-44228 in components for federation. And IBM in sec bulletin Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228) .

This probably is not using by standard SAP installation, but how can I check it?

Can I uninstall same not needed features and how?

Installed features I checked by this command db2ls -q -a -b $DB2DIR.
And in db2 software directory I found log4j-core-2.13.3.jar files.

cd $DB2DIR && find -iname "*log4j*"