My Oracle Support Banner

Apache Log4j Security Alert CVE-2021-44228 also referencing CVE-2021-45046 Mitigation on Oracle Enterprise Performance Management (Doc ID 2828262.1)

Last updated on JUNE 23, 2023

Applies to:

Oracle Hyperion Tax Provision - Version 11.2.0.0.000 and later
Hyperion Profitability and Cost Management - Version 11.2.0.0.000 and later
Hyperion Financial Data Quality Management, Enterprise Edition - Version 11.2.0.0.000 and later
Hyperion Financial Management - Version 11.2.0.0.000 and later
Hyperion Financial Close Management - Version 11.2.0.0.000 and later
Information in this document applies to any platform.

Purpose

CVE-2021-45046 has been determined to impact Oracle Enterprise Performance Management [Product ID 4392] via the Apache Log4j open source component it ships.

This supersedes earlier comments around CVE-2021-44228 based on updated guidance by the National Vulnerability Database (NVD) and Apache.

Scope

This document provides mitigation steps to alleviate the impact associated with CVE-2021-45046 (and the original CVE-2021-44228) for Oracle Enterprise Performance Management.

Note: Version 11.1.2.4 of the above products are not impacted by these CVEs. 

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.