OmniFind Archives - IT Jungle

IBM i PTF Guide, Volume 24, Number 12

March 23, 2022 Doug Bidwell

And the security vulnerabilities just keep on a-coming. This time, it is with the WebSphere Application Server. Check out Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038), which you can read all about here. The affected products are WebSphere Application Server Liberty, versions 17.0.0.3 through 22.0.0.2 and WebSphere Application Server versions 9.0 through 9.0.5.11.

Also, here some information: The default location of ACS is updated whenever there is a Cumulative update or upgrade to a OS level. (\\&SystemName\root\QIBM\ProdData\Access\ACS\Base). Here are fixes for this:
- IBM i 7.4: SI77377 – ACS 1.1.8.8
…
Read more
IBM i PTF Guide, Volume 24, Number 11

March 16, 2022 Doug Bidwell

This Log4j security vulnerability just keeps being more and more pesky. If you haven’t seen it yet, there is an update to a Security Bulletin called Due to use of Apache Log4j, OmniFind Text Search Server for DB2 for i is vulnerable to arbitrary code execution (CVE-2021-4104), which you can read all about at this link.

The patches for each release are described in full here:

OmniFind V1R5M0:
- SI78753
- SI78754
- SI78755
OmniFind V1R4M0
- SI78756
- SI78757
- SI78758
OmniFind V1R3M0
- SI78751
- SI78759
- SI78760
- SI78761
To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion …
Read more
Log4j Security Hole Found In OmniFind Text Search Server

March 14, 2022 Timothy Prickett Morgan

Who would have thought that a logging utility written in Java and available for more than two decades could cause so much trouble? But that is the nature of the Log4j security vulnerability, which has been installed in all kinds of systems software and which had a Log4Shell vulnerability that was discovered by Chinese computing giant Alibaba on November 24 last year and that was revealed to the world on December 9 as a zero-day vulnerability.

There are several areas of the IBM i software stack that use the Log4j logging utility, which is one of the many Apache open …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

IBM i PTF Guide, Volume 24, Number 12

IBM i PTF Guide, Volume 24, Number 11

Log4j Security Hole Found In OmniFind Text Search Server

Content archive

Recent Posts

Subscribe

Pages

Search