Log4j Security Alert (CVE-2021-44228 / CVE-2021-45046) for Oracle Data Integration Platform Cloud Classic (Customer managed)
(Doc ID 2828896.1)
Last updated on MARCH 27, 2023
Applies to:
Data Integration Platform Cloud Classic - Version 17.3.5 and laterInformation in this document applies to any platform.
This also applies to Data Integration Platform Cloud (DIPC) deployments in Gen1 Cloud@Customer environments.
Purpose
The Apache Software Foundation has published a number of mitigation steps in response to the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046. These mitigations are published at https://logging.apache.org/log4j/2.x/security.html.
The purpose of this document is to assist you in implementing the recommended Apache mitigations in Data Integration Platform Cloud Service.
This MOS Note will be updated to reflect the availability of patches from Oracle. Oracle recommends that you apply all necessary patches as soon as they are available to permanently address these vulnerabilities.
To be notified when this document changes: Mark this article as a Favorite, and follow the instructions for Email Notification in Document 793436.2.
Scope
This mitigation addresses any jndiLookup.class vulnerability, in Data Integration Platform Cloud service (customer managed) - Version 17.3.5 and later. This also applies to Data Integration Platform Cloud classic service in Gen1 Cloud@Customer environments.
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Purpose |
Scope |
Details |
WebLogic Server (WLS) Log4j Vulnerability Mitigation Instructions |
GoldenGate Big Data Adapters Log4J Vulnerability Mitigation Instructions |
If you have downloaded the remote DICloud agent along with GG bigdata adapters, use the following steps to mitigate JndiLookup.class vulnerability on GG Bigdata adapters |
References |