• Log4j Hits Heritage Version of Navigator for i – No Patch Coming

  January 12, 2022 Alex Woodie

  IBM i shops running the old version of the Navigator for i client should be aware that the software is vulnerable to the Log4j security vulnerability, and there will be no patch to fix it, IBM says in a new security bulletin. There will, however, be fixes coming to other vulnerable components, including IWS, IAS, and IBM i Access Client Solutions (ACS), IBM says.

  Just before we hit the holiday break, the extremely severe Apache Log4j security vulnerability was disclosed to the world, resulting in a frantic effort to patch servers, desktops, refrigerators – just about anything with a …

  Read more

• IBM i Community Predictions for 2022, Part 2

  January 12, 2022 Alex Woodie

  The new year is upon us, which means it’s time for predictions. We continue where we left off on Monday with our second installment of predictions from the IBM i community.

  The way Fresche Solutions Chief Product Officer Marcel Sarrasin sees it, 2022 will be a period of heightened competition in the business jungle.

  “Technology advancements and changing markets will drive new competitive threats in 2022, creating the urgent need for new digital solutions to help companies thrive, survive and grow,” Sarrasin says. “Focus will be on new IT products and applications that will deliver improved business processes, pave the …

  Read more

• IBM i PTF Guide, Volume 24, Number 2

  January 12, 2022 Doug Bidwell

  The Log4j and Log4Shell saga continues here in the second edition of the IBM i PTF Guide in 2022, which is a fast follower to the one we published just two days ago. IBM has issued a new Security Bulletin, explaining that IBM i components are affected by CVE-2021-4104 (Log4j version 1.X), and the full details about the security exposure and mitigation techniques can be found at this link.

  Here are the affected products and their versions:

  • IBM Navigator for i (heritage version only): IBM i 7.4, 7.3, and 7.2 – the heritage version
  • Integrated Web Services Server (IWS):

  …

  Read more

• IBM i PTF Guide, Volume 24, Number 1

  January 10, 2022 Doug Bidwell

  While we were away on holiday, the Log4J and Log4Shell vulnerabilities hit the enterprise systems of the world, including the IBM i platform. So right off the bat here with the first edition of The IBM i PTF Guide in 2022, we want to point you to Big Blue’s Log4j/Log4Shell on IBM i update, which will help you figure out if you are vulnerable. See more at this link.

  Here are the Security Bulletins for this:

  Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC V9

  Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC V8

  Security …

  Read more

• Critical Log4j Vulnerability Hits Everything, Including the IBM i Server

  December 15, 2021 Alex Woodie

  Hackers gave themselves an early Christmas present this year with a critical security flaw in Log4j, a popular logging framework that is used across many programs, including some that run on IBM i. IBM i shops are encouraged to take this flaw very seriously, as the vulnerability already is being actively exploited in the wild. However, finding where Log4j exists in your stack is not always simple, which makes this particular flaw particularly nasty.

  The Log4j zero-day vulnerability, which was disclosed last week by security researchers with CERT New Zealand, was logged into the National Vulnerability Database as CVE-2021-44228 …

  Read more

Next Articles