My Oracle Support Banner

CVE-2021-44228 / CVE-2021-45046 Impact On Oracle WebCenter Sites (Doc ID 2828507.1)

Last updated on NOVEMBER 01, 2022

Applies to:

Oracle WebCenter Sites - Version to [Release FatWire]
Information in this document applies to any platform.


In response to Security Alert CVE-2021-44228, Oracle has released patches for Oracle WebCenter Sites. The purpose of this document is to provide you information on how to obtain and apply these security updates. Please note that these patches address both vulnerabilities CVE-2021-44228 and CVE-2021-45046.


 This document applies to Oracle WebCenter Sites and

Note: For WebCenter Sites 11g, as the out-of-the-box included log4j libraries are 1.x, it is not impacted by CVE-2021-44228 / CVE-2021-45046
  - Apache reported that CVE-2021-44228 / CVE-2021-45046 mitigation applies to Log4j v2 prior to 2.16.0, including 2.15, and does not apply to Log4j versions 1.x.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.