Update on the Insight Reporting Tool
- Rajesh Hota
- Rohith Natram
Dec 21 2021
Apache, the author of the Log4j logging software has released two security patches (for Log4j versions 2.15 and 2.16) over the past six (6) days. Unfortunately, these patches did not completely resolve the potential vulnerability.
At ProcessMAP, we work to ensure 100% protection of our customers’ data and will not take any risk of exposing the Insight Reporting Tool environment to a known or potential vulnerability. Hence, while IBM is working on the Cognos Analytics patch, we are taking the following actions:
Upgrading the Cognos environment with the fix released for CVE-2021-45046 on Dec 21, 2021 to run the vulnerability tests;
Maintaining the subscriptions, schedules and jobs running while access to the Insight Reporting Tool is disabled to ensure that our users keep receiving the outputs they periodically generate through these actions (subscriptions, schedules and jobs); and
Meeting customer requests on data and providing them the requested information in a timely manner.
ProcessMAP’s Cyber Team remains in constant communication with IBM and the IBM Cognos Community while they work on Cognos Analytics patch to resolve the vulnerability CVE-2021-45105 that requires using Log4j 2.17.
IBM security updates are available at their Product Security Incident Response (PSIRT) Blog.
© 2018 ProcessMAP Corporation, All Rights Reserved Confidential, may not be disclosed without the express permission of ProcessMAP Corporation