Apache Log4j Security Alert CVE-2021-44228 also referencing CVE-2021-45046 Mitigation on Oracle Data Relationship Management Analytics (DRMA) (Doc ID 2828248.1)

Last updated on JULY 18, 2023

Applies to:

Purpose

CVE-2021-45046 has been determined to impact Oracle Data Relationship Management Analytics (DRMA) Component [Product ID 4375] via the Apache Log4j open source component it ships.

This supersedes earlier comments around CVE-2021-44228 based on updated guidance by the National Vulnerability Database (NVD) and Apache.

The Apache Software Foundation has published a number of mitigation steps in response to the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046. These mitigations are published at https://logging.apache.org/log4j/2.x/security.html. The purpose of this document is to assist you in implementing the recommended Apache mitigations in Data Relationship Management Analytics component. This MOS Note will be updated to reflect the availability of patches from Oracle. Oracle recommends that you apply all necessary patches as soon as they are available to permanently address these vulnerabilities.

Scope

This document provides mitigation steps to alleviate the impact associated with CVE-2021-45046 (and the original CVE-2021-44228) for the Oracle Data Relationship Management Analytics (DRMA) Component.

Details

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.