Exalogic: Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle Exalogic Infrastructure
(Doc ID 2829536.1)
Last updated on JANUARY 14, 2022
Applies to:Oracle Exalogic Elastic Cloud Software - Version 220.127.116.11.180717 and later
Oracle Virtual Server x86-64
Exalogic Virtual Releases 18.104.22.168.180717 (July 2018 PSU) and higher versions
Exalogic Virtual Releases 22.214.171.124.0 and higher versions
In response to Security Alert CVE-2021-44228, Oracle has released patches for Oracle Exalogic Infrastructure. The purpose of this document is to provide you information on how to obtain and apply these security updates. Please note that these patches address both vulnerabilities CVE-2021-44228 and CVE-2021-45046.
To be notified when this document changes, mark this article as a favorite, and follow instructions for email notification in following Note:
Subscribing to Hot Topic E-Mails - [VIDEO] (Doc ID 793436.2)
This document applies to Oracle Exalogic Infrastructure in a virtualized configuration running 126.96.36.199.180717 (July 2018 PSU) or higher versions, including 188.8.131.52.x.
- In Exalogic Virtual releases earlier than July 2018 PSU, the Apache Log4j library included was version 1.x, which is reported as not having these vulnerabilities
- The Exalogic Infrastructure for Physical deployments does not include the vulnerable Apache Log4j libraries by default
Note that the vulnerabilities in Exalogic Infrastructure are limited to the control stack on Virtual. The compute nodes (dom0) and guest domU instances do not include vulnerable versions of the log4j libraries by default.
Review the following to determine the impact and considerations for all Oracle products which may be deployed on Exalogic and use these or different Log4j jar files:
Impact of December 2021 Apache Log4j Vulnerabilities on Oracle Products and Services (CVE-2021-44228, CVE-2021-45046) (Doc ID 2827611.1)
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document