top of page
Search

Log4j affects some features of IBM Db2 | Check Db2 federation| IBM released FIXes (CVE-2021-44228)

  • Writer: Jha Chandan
    Jha Chandan
  • Dec 19, 2021
  • 2 min read

IBM has confirmed several of its major enterprise products are affected by the Log4j bug. The company confirmed that the IBM Db2 Warehouse, which uses Log4j, allowed a remote attacker to execute arbitrary code on the system. Well Log4j is used in the Db2 Federation feature (detected and vulnerable in Db2 version 11.5; IBM Db2 V9.7, V10.1, V10.5 and V11.1 are not affected).

ree

IBM has released a special fix pack and mitigation notes for Db2 version 11.5 systems that are vulnerable if certain Federation features are configured. Below are the IBM Links for more details, workarounds, mitigation and download the special build for Log4j bug fix.


Check Federation status.

To determine if Federation is enabled, issue the following:

db2 get dbm cfg | grep FEDERATED
ree

If a value of NO is returned, you are not vulnerable.


If you have Db2 Federation enabled then you can either remove this via db2setup or set the parameter as detailed by IBM. There are some details specific to Db2 11.5:


Fix pack levels of IBM Db2 V11.5 for all editions on all platforms are affected only if the following features are configured:

Federation:

  • DVM JDBC wrapper driver,

  • NoSQL wrapper driver (for Hadoop),

  • Blockchain wrapper driver (for Hyperledger Fabric, Linux 64-bit, x86-64 only)

Now check if you have these wrappers in use.


1) To determine if the DVM JDBC wrapper is in use, issue the following statement:

db2 "select servername from syscat.serveroptions where option = 'DRIVER_CLASS' and setting = 'com.rs.jdbc.dv.DvDriver'"
ree

If a servername is returned, then you are using the DVM JDBC wrapper via the DvDriver class.

2) To determine if the NoSQL hadoop wrapper is in use, issue the following statement:

db2 "select * from syscat.servers where servertype = 'HDFSPARQUET'"
ree

If 1 or more rows are returned, then NoSQL hadoop wrapper is in use.


3) To determine if the NoSQL Blockchain wrapper is in use, issue the following statement:

db2 "select * from syscat.serveroptions where option='PEER_URL'"
ree

If 1 or more rows are returned, then NoSQL Blockchain wrapper is in use.


If you are running Db2 11.5 and have any of these wrappers in use then a Special Build can be provided by Development Support via a case. Check IBM links mentioned in starting of the Blog.


That's all in this post. If you liked this blog and interested in knowing more about IBM Db2. Please Like, Follow, Share & Subscribe to www.ImJhaChandan.com.

Comments

jc_logo.png

Hi, thanks for stopping by!

Welcome to my “Muse & Learn” blog!
Muse a little, learn a lot.✌️
 

Here you’ll find practical SQL queries, troubleshooting tips with fixes, and step-by-step guidance for common database activities. And of course, don’t forget to pause and muse with us along the way. 🙂
 

I share insights on:​​

  • Db2

  • MySQL

  • SQL Server

  • Linux/UNIX/AIX

  • HTML …and more to come!
     

Whether you’re just starting out or looking to sharpen your DBA skills, there’s something here for you.

Let the posts
come to you.

Thanks for submitting!

  • Instagram
  • Facebook
  • X
2020-2025 © TechWithJC

Subscribe to Our Newsletter

Thanks for submitting!

  • Facebook
  • Instagram
  • X

2020-2025 © TechWithJC

bottom of page