Dear Cubeware Customers and Partners,
We are aware of the Log4j vulnerability (CVE-2021-44228) that was announced on December 9th, 2021. The latest details regarding the vulnerability — as well as the security patches and software updates — can be found here. The Cubeware Solutions Platform (CSP8) does not use Log4j in any way or in any part of the platform or source code, so please be assured that users of CSP8 remain unaffected by this vulnerability.
However, if you are using products aside from CSP8, such as IBM TM1, you may be affected. We recommend you to follow the latest guidance from your respective vendors for your next steps.
For further information on any IBM related updates please see the following link: IBM PSIRT Blog