Multiple vulnerabilities were identified in the Apache log4j library used by IBM WebSphere Application Server and WebSphere Application Server Liberty. A remote attacker could exploit these vulnerabilities to trigger remote code execution and SQL injection on the targeted system. Vulnerabilities (CVE-2022-23302, CVE-2022-23307, CVE-2022-23305) affect WebSphere Application Server versions 9.0, 8.5, 8.0, 7.0 and WebSphere Application Server Liberty versions 17.0.0.3 through 21.0.0.12.

More information on vulnerabilities and updates is available in IBM Security Bulletin – ibm.com.