Within IBM Planning Analytics 2.0, only the IBM Planning Analytics Workspace component of IBM Planning Analytics is affected by a security vulnerability. Apache Log4j is used by IBM Planning Analytics Workspace as part of its logging infrastructure.
Where to get an Updated version of PAW
Please go to IBM’s Fix Central here and download PAW version 2.0.71, which contains the fix.
Synchronization with Planning Analytics Software
Please also note that if you are upgrading PAW from more than a couple of versions, you will need to upgrade TM1 (PA) Server, Planning Analytics for Excel (PAfE) and Planning Analytics Spreadsheet Services (PASS). The upgrades for these are also available at Fix Central.
This bulletin addresses the exposure to the Apache Log4j (CVE-2021-44228) vulnerability.
CVE(s): CVE-2021-44228
Affected product(s) and affected version(s):
IBM Planning Analytics Workspace 2.0.57 and higher
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6525700