We are still running CCS R14.1 on some LPARs, even though it went EOS back on December 30, 2020

Does the LOG4J issue affect CCS R15.0 only or does it affect R14.1 also.

Release : 14.1

Component : EXTERNAL MICROSERVICE (ESM)

In regards to this log4j vulnerability, the only component of Common Services that has been found to be affected is the ESM microservice.

Back at the CCS 14.1 release level, the ESM service was introduced with a couple of  PTFs.

RO95587 - OPS/MVS INTEGRATION SERVICE
RO96371 - DELIVER ESM MICROSERVICE TO USS FILE SYSTEM

At the CCS 15.0 release level, ESM is delivered as part of FMID CFF6F00 (CCS J2Z Services).

The following products use ESM Microservice and are impacted by this vulnerability:

• OPS/MVS MTC-A
• Database Management Solutions for DB2 for z/OS (MTC-DBM and DBM Data Service only)
• Vantage Storage Resource Manager - Rest API component 14.0, 14.1

So, unless you installed and implemented the ESM microservice, you have nothing to be concerned with. There is an ESMPROC that would need to be running if the ESM microservice were being utilized.