My Oracle Support Banner

Apache Log4j Security Alert CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 on Mechanical Computer-Aided Design (MCAD) Connectors for Agile Engineering Collaboration (EC) 3.6.3 or later (Doc ID 2829118.1)

Last updated on JANUARY 13, 2022

Applies to:

Oracle Agile PLM MCAD Connector - Version 3.6 and later
Microsoft Windows x64 (64-bit)

Goal

This document provides mitigation steps to address the issues associated with CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 on affected XPLM MCAD connector versions integrated with Agile Product Lifecycle Management (PLM) systems. 

Scope

This document applies to all versions of XPLM MCAD connectors for Agile EC version 3.6.3.0 and later.

 

Note: Log4j 2.14 is used for logging within the MCAD connector client since version 3.6.3.0, so the following mitigation should be used to remove the vulnerability.

 

Note: Oracle recommends making a backup of your current MCAD environment before executing this procedure.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.