CVE-2021-44228 / CVE-2021-45046 Impact On Oracle WebCenter Sites
(Doc ID 2828507.1)
Last updated on NOVEMBER 01, 2022
Applies to:Oracle WebCenter Sites - Version 18.104.22.168.0 to 22.214.171.124.0 [Release FatWire]
Information in this document applies to any platform.
In response to Security Alert CVE-2021-44228, Oracle has released patches for Oracle WebCenter Sites. The purpose of this document is to provide you information on how to obtain and apply these security updates. Please note that these patches address both vulnerabilities CVE-2021-44228 and CVE-2021-45046.
This document applies to Oracle WebCenter Sites 126.96.36.199.0 and 188.8.131.52.0
Note: For WebCenter Sites 11g, as the out-of-the-box included log4j libraries are 1.x, it is not impacted by CVE-2021-44228 / CVE-2021-45046
- Apache reported that CVE-2021-44228 / CVE-2021-45046 mitigation applies to Log4j v2 prior to 2.16.0, including 2.15, and does not apply to Log4j versions 1.x.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document