skip to Main Content
Log4j_security_vulnerability_breach_troubleshoot_ibm_maximo_websphere_update_support_compliance_

Log4J Security Vulnerability System Patching for WebSphere

At the end of 2021, many companies were faced with the log4j security vulnerabilities. This was a worldwide security that has caused a lot of problems. For users of IBM Maximo, their Maximo environments were not affected, however WebSphere was impacted. The vulnerability caused Apache Log4j to allow a remote attacker to execute arbitrary code on the system. If an attacker were to access the system they would be able to write access to the Log4j configuration and de-serialize untrusted data. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM has released a fixed for this issue in which the update removes the Apache Log4j from Admin Console and UDDI Registry application. The Log4j security vulnerability is resolved by upgrading WebSphere to 9.0.5.10 or newer versions. If you are running on any 8.0 version of WebSphere then upgrading to 8.5.5.20 or newer version will remedy the issue as well.

 

How to update WebSphere to the current version.

  1. Log into Maximo and go to System Information. Observe the WebSphere version.

ibm maximo system information websphere log4j security vulnerability blog

  1. Next, open the Services application and stop the following WebSphere services: IBM HTTP Server V9.0, IBM WebSphere Application Server V9.0-ctgCellManager01, IBM WebSphere Application Server V9.0-ctgNode01.

ibm maximo security patch log4j update fix

  1. Open the application, “IBM Installation Manager”.

a3j group troubleshooting ibm maximo blog log4j issue update

  1. After IBM Installation Manager opens, Click on “Update”

ibm installation manager update ibm maximo websphere log4j issue

5. Observe to see all of the packages that are available for an update. Click on the checkbox, “Update all packages with recommended updates and recommended fixes”

troubleshoot ibm maximo update websphere log4j issue a3j group

6. Log into your IBM account to download the recommended updates and fixes, then click “Next” after it finishes searching for the updates.

a3j group blog ibm maximo issue fix log4j websphere update

7. Accept the terms in the license agreements to proceed with the update.

ibm maximo patch log4j issue websphere update system

  1. In this view you can observe all of the updates that are going to occur before you click on the “Update” button. Then, click on Update.

a3j group blog patch ibm maximo log4j security vulnerability websphere update

  1. At this point, we have successfully updated WebSphere with all the recommended fixes and updates. Click “Finish”

ibm maximo blog a3j group websphere fix log4j security update

  1. Open the Services application, Start WebSphere back up by starting the following services: IBM HTTP Server V9.0, IBM WebSphere Application Server V9.0-ctgCellManager01, IBM WebSphere Application Server V9.0-ctgNode01.

security patch ibm maximo websphere integration log4j update a3j group blog

  1. Log into Maximo and go to System Information. Observe the new WebSphere version.

ibm maximo websphere integration security patch log4j issue blog update a3j group

Once, you have confirmed that your WebSphere system has been updated, you can rest assured that your Log4J security vulnerability has been remedied. As humans become more involved with technology and dependent on systems to run daily business operations, it is increasingly important to stay mindful of these types of breach opportunities. Emphasizing monitoring and remaining informed on the latest security vulnerabilities is imperative if you want your systems to remain impenetrable. Hopefully, this guide served you well in patching the Log4J security vulnerability! If you would like to receive an email when we post a new blog, subscribe below.

 

 

 

close

Don’t miss our

tips & tricks!

We don’t spam! Read our privacy policy for more info.

Never Miss a Blog!

We don’t spam! Read more in our privacy policy

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top
×Close search
Search