Fix (APAR): PH42728 Status: Fix Release: 9.0.5.10,9.0.5.9,9.0.5.8,9.0.5.7,9.0.5.6,9.0.5.5,9.0.5.4,9.0.5.3 Operating System: AIX,HP-UX,IBM i,Linux,Solaris,Windows,z/OS Supersedes Fixes: PH37034 CMVC Defect: xxxxxx Byte size of APAR: 11345798 Date: 2021-12-12 Abstract: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228 CVSS 9.8) Description/symptom of problem: PH42728 resolves the following problem: ERROR DESCRIPTION: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228 CVSS 9.8) PROBLEM SUMMARY: Confidential for CVE-2021-44228 CVSS 9.8. PROBLEM CONCLUSION: Confidential for CVE-2021-44228 CVSS 9.8. Directions to apply fix: Install Fix to all WebSphere installations unless special instructions are included below. Special Instructions: IMPORTANT If a copy of "kc.war" has been installed from the installableApps/ directory it must be uninstalled. The "kc.war" will be removed from the installableApps/ directory by the interim fix PH42728. If the UDDI Registry Application is running on the WebSphere Application Server, then after applying the Interim Fix PH42728, redeploy the UDDI Registry Application. NOTE: The user must: * Logged in with the same authority level when unpacking a fix, fix pack or refresh pack. * Be at V1.8.5 or newer of the Installation Manager. Certain iFixes may require a newer version of the Installation Manager and the Installation Manager will inform you during the installation process if a newer version is required. The IBM Information Center can provide details, if needed, on the use of the Installation Manager to apply the iFixes. http://www.ibm.com/support/knowledgecenter/SSDV2W_1.8.5/com.ibm.cic.agent.ui.doc/helpindex_imic.html. Shutdown WebSphere Application Server before applying the iFixes. Restart WebSphere Application Server after applying the iFixes. Directions to remove fix: The IBM Information Center can provide details, if needed, on the use of the Installation Manager to remove the iFixes. http://www.ibm.com/support/knowledgecenter/SSDV2W_1.8.5/com.ibm.cic.agent.ui.doc/helpindex_imic.html. Shutdown WebSphere Application Server before removing the iFixes. Restart WebSphere Application Server after removing the iFixes. Directions to re-apply fix: 1) Shutdown WebSphere Application Server. 2) Follow the Fix instructions to apply the fix. 3) Restart WebSphere Application Server. Additional Information: