Dec 21 2021
Apache, the author of the Log4j logging software has released two security patches (for Log4j versions 2.15 and 2.16) over the past six (6) days. Unfortunately, these patches did not completely resolve the potential vulnerability.
...
ProcessMAP’s Cyber Team remains in constant communication with IBM and the IBM Cognos Community while they work on Cognos Analytics patch to resolve the vulnerability CVE-2021-45105 that requires using Log4j 2.17.
IBM security updates are available at their Product Security Incident Response (PSIRT) Blog.
...