Multiple vulnerabilities were identified in the Apache log4j library used by IBM WebSphere Application Server. A remote attacker could exploit these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system. Vulnerabilities (CVE-2021-44832, CVE-2021-45105) affect WebSphere Application Server versions 9.0.0.0 through 9.0.5.10 and 8.5.0.0 through 8.5.5.20.

Source: ibm.com