My Oracle Support Banner

Security Alert For CVE-2021-44228,CVE-2021-45046 & CVE-2021-45105 Patch Availability Document for Oracle Enterprise Manager Cloud Control (Doc ID 2828296.1)

Last updated on JULY 25, 2022

Applies to:

Enterprise Manager Base Platform - Version 13.3.2.0.0 to 13.5.0.0.0 [Release 13c]
Information in this document applies to any platform.

Purpose

In response to Security Alert CVE-2021-44228, Oracle has released patches for Oracle Enterprise Manager Cloud Control and its underlying stack. The purpose of this document is to provide you information on how to obtain and apply these security updates. Please note that these patches address all vulnerabilities CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105.

Scope

This document applies to Oracle Enterprise Manager 13.5 ,13.4 & 13.3.2 and underlying Oracle Fusion Middleware 12.2.1.4 and 12.2.1.3 products using Log4j 2.X jars.
Any version of OEM which is using Log4j version >= 2.0 and <=2.16

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 Components impacted with Log4j version 2 jars based on EM version
 EM 13.5
 Patch/Mitigate FMW component on OMS Home
 Patch/Mitigate Agent Home 
 Patch/Mitigate DB Plug-in Home
 Mitigate Enterprise Manager Connectors and underlying stack
 EM 13.4
 Patch/Mitigate FMW component on OMS Home
 Mitigate DB Plugin Home
 Mitigate Enterprise Manager Connectors and underlying stack
 EM 13.3.2
 Components impacted due to log4j CVE
 Mitigate DB Plugin Home
 Mitigation plan for Repository Database configured with EMCC or RUEI
 Mitigation plan for Apache Log4j 1.x and 2.x Vulnerabilities related to SQL Developer
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.