My Oracle Support Banner

Is Messaging Server 7.x vulnerable to Log4Shell - CVE-2021-44228 ? (Doc ID 2828526.1)

Last updated on MARCH 16, 2023

Applies to:

Oracle Communications Messaging Server - Version 7.0.0 to 7.0.5 [Release 7.0.0]
Information in this document applies to any platform.


Is Messaging Server 7.x vulnerable to CVE-2021-44228 which deals with the Log4Shell?  And if so, what can be done to mitigate it?

The "Apache Log4j Security Alert CVE-2021-44228 Products and Versions (Doc ID 2827611.1)" KM document points to the following additional KM document:

Oracle Communications Instant Messaging Server, Oracle Communications Messaging Server, Oracle Communications Convergence - Security Alert and Mitigation For Apache Log4j CVE-2021-44228 (Doc ID 2827846.1)

The above KM document indicates the JVM flag mitigation for the Messaging Server 8 and Convergence 3.  Our team is running Messaging Server 7.  Is the same mitigation applicable?  


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.