My Oracle Support Banner

CVE-2021-44228 / CVE-2021-45046 Impact On Oracle WebCenter Sites (Doc ID 2828507.1)

Last updated on NOVEMBER 01, 2022

Applies to:

Oracle WebCenter Sites - Version 12.2.1.3.0 to 12.2.1.4.0 [Release FatWire]
Information in this document applies to any platform.

Purpose

In response to Security Alert CVE-2021-44228, Oracle has released patches for Oracle WebCenter Sites. The purpose of this document is to provide you information on how to obtain and apply these security updates. Please note that these patches address both vulnerabilities CVE-2021-44228 and CVE-2021-45046.

Scope

 This document applies to Oracle WebCenter Sites 12.2.1.3.0 and 12.2.1.4.0

Note: For WebCenter Sites 11g, as the out-of-the-box included log4j libraries are 1.x, it is not impacted by CVE-2021-44228 / CVE-2021-45046
  - Apache reported that CVE-2021-44228 / CVE-2021-45046 mitigation applies to Log4j v2 prior to 2.16.0, including 2.15, and does not apply to Log4j versions 1.x.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.