Mitigate the Apache Log4j vulnerability (CVE-2021-44228) in Cognos Analytics
This document provides steps to mitigate the Apache Log4j vulnerability (CVE-2021-44228) in your IBM Cognos Analytics with Watson on-premises offering if you decide not to upgrade to the patched versions that are provided by IBM.
The log4jSafeAgent that is provided for Cognos Analytics modifies the class code to remove the vulnerable JNDI lookup functionality without any impact to the installed product. log4jSafeAgent effectively rewrites the org/apache/logging/log4j/core/lookup/JndiLookup class during Cognos Analytics startup.
The agent safeguards against the vulnerabilities that are described in CVE-2021-44228 as listed in the Apache website. The Log4j vulnerability affects the following versions of Cognos Analytics: 11.2.x, 11.1.x, and 11.0.6 to11.0.13 FP4.