My Oracle Support Banner

Exalogic: Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle Exalogic Infrastructure (Doc ID 2829536.1)

Last updated on JUNE 29, 2023

Applies to:

Oracle Exalogic Elastic Cloud Software - Version and later
Linux x86-64
Oracle Virtual Server x86-64
Exalogic Virtual Releases (July 2018 PSU) and higher versions
Exalogic Virtual Releases and higher versions


In response to Security Alert CVE-2021-44228, Oracle has released patches for Oracle Exalogic Infrastructure. The purpose of this document is to provide you information on how to obtain and apply these security updates. Please note that these patches address both vulnerabilities CVE-2021-44228 and CVE-2021-45046.


To be notified when this document changes, mark this article as a favorite, and follow instructions for email notification in following Note:

Subscribing to Hot Topic E-Mails - [VIDEO] (Doc ID 793436.2)


This document applies to Oracle Exalogic Infrastructure in a virtualized configuration running (July 2018 PSU) or higher versions, including

Note that the vulnerabilities in Exalogic Infrastructure are limited to the control stack on Virtual. The compute nodes (dom0) and guest domU instances do not include vulnerable versions of the log4j libraries by default.


Review the following to determine the impact and considerations for all Oracle products which may be deployed on Exalogic and use these or different Log4j jar files:

Impact of December 2021 Apache Log4j Vulnerabilities on Oracle Products and Services (CVE-2021-44228, CVE-2021-45046) (Doc ID 2827611.1)



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.