Summary

A vulnerability has been discovered involving Apache Log4j (CVE-2021-44228). Apache Log4j is used by IBM Planning Analytics Workspace as part of its logging infrastructure.  This may have a significant impact on your existing models.

Details

This issue impacts all users currently on IBM Planning Analytics Workspace 2.0.57 and higher.  IBM has released a fix via PAW release 71.  More information can be found directly on IBM’s site via the following links:

• Overall IBM: https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
• Planning Analytics Specific: https://www.ibm.com/support/pages/node/6525700

Recommended next steps:

It is strongly recommended that you apply the most recent security update:

• If you are on PA Local (the on-premise version) we recommend updating to PAW 2.0.71 immediately
• If you are on PA Cloud (SaaS), the patch has already been applied

You can download release 71 via the following link:

• https://www.ibm.com/support/pages/node/6525316

If you have any questions or concerns, please contact John Pra Sisto.