Security Alert CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 Mitigation for OEMM
(Doc ID 2828359.1)
Last updated on MARCH 14, 2023
Applies to:
Oracle Enterprise Metadata Management - Version 12.2.1.2 to 12.2.1.4Information in this document applies to any platform.
Only OEMM versions with a build date of 2021-12-10 or newer will be supported.
Purpose
This document provides mitigation steps to alleviate the impact associated with CVE-2021-44228 on Oracle Enterprise Metadata Management (OEMM). Refer to Apache Log4j 2 vulnerability described in Security Alerts CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 for more details.
OEMM is not and has never been affected by this vulnerability (by design because of our usage of Log4J). Any use of the Log4J has always been disabled in OEMM.
Nonetheless many desire a fix instead of the disclaimer, therefore OEMM has been upgraded to use and bundle Apache Log4J to the latest version, 2.17.0, fixing CVE-2021-22448, CVE-2021-45046 and CVE-2021-45105.
OEMM releases impacted are covered.
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |