Impact of December 2021 Apache Log4j Vulnerabilities on Oracle Products and Services (CVE-2021-44228, CVE-2021-45046)
(Doc ID 2827611.1)
Last updated on DECEMBER 18, 2023
Applies to:
Oracle CRM On DemandEnterprise Manager Ops Center - Version 12.4.0 to 12.4.0 [Release 12.0]
Oracle WebCenter Portal - Version 12.2.1.0.0 to 12.2.1.0.0
Oracle Cloud Infrastructure - Database Service
Business Intelligence Server Enterprise Edition - Version 12.2.1.4.210915 to 12.2.1.4.210915 [Release 12g]
Information in this document applies to any platform.
Purpose
On December 10th, Oracle released Security Alert CVE-2021-44228 in response to the disclosure of a new vulnerability affecting Apache Log4j prior to version 2.15.
Subsequently, the Apache Software Foundation released Apache version 2.16 which addresses an additional vulnerability (CVE-2021-45046). Mitigation instructions from Apache for these issues also evolved over time.
This document details the Oracle Products and Versions affected by CVE-2021-45046 and CVE-2021-44228. This information supersedes the information previously published solely for vulnerability CVE-2021-44228 and archived as MOS Note 2828594.1.
Note: A number of additional vulnerabilities affecting various versions of Apache Log4J were disclosed after the publication of CVE-2021-45046 and CVE-2021-44228. For more information about these vulnerabilities, see “General impact of Apache Log4j vulnerabilities on Oracle Products and Services” MOS Note 2847142.1.
Scope
This document applies to all Oracle products and Oracle cloud services.
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Purpose |
| Scope |
| Details |
| References |