A vulnerability has been discovered involving Apache Log4j (CVE-2021-44228). Apache Log4j is used by IBM Planning Analytics Workspace as part of its logging infrastructure. This may have a significant impact on your existing models.
This issue impacts all users currently on IBM Planning Analytics Workspace 2.0.57 and higher. IBM has released a fix via PAW release 71. More information can be found directly on IBM’s site via the following links:
- Overall IBM: https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
- Planning Analytics Specific: https://www.ibm.com/support/pages/node/6525700
Recommended next steps:
It is strongly recommended that you apply the most recent security update:
- If you are on PA Local (the on-premise version) we recommend updating to PAW 2.0.71 immediately
- If you are on PA Cloud (SaaS), the patch has already been applied
You can download release 71 via the following link:
If you have any questions or concerns, please contact John Pra Sisto.