My Oracle Support Banner

Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle Cloud at Customer (OCC) and Exadata Cloud at Customer (ExaCC) Gen1 (Doc ID 2829889.1)

Last updated on JULY 09, 2023

Applies to:

Gen 1 Exadata Cloud at Customer (Oracle Exadata Database Cloud Machine) - Version N/A and later
Oracle Cloud > Oracle Infrastructure Cloud > Oracle Cloud at Customer
Oracle Cloud at Customer (OCC) - SaaS Service
Information in this document applies to any platform.

Purpose

Mitigation and Patch PURPOSE

In response to Security Alert CVE-2021-44228, Oracle has released updates for OCC/ExaCC Gen1. This document provides you information on how to obtain and apply these security updates.  Please note that these updates address both Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046.

Additionally, the Apache Software Foundation has published a number of mitigation steps in response to the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046. These mitigations are published at https://logging.apache.org/log4j/2.x/security.html. This document provides information to assist you in implementing the recommended Apache Mitigations in OCC/ExaCC Gen1. However, Oracle recommends that you apply the necessary updates as soon as possible to permanently address these vulnerabilities.

This document applies to the following:

NOTE:

To be notified when this document changes, mark this article as a favorite, and follow instructions for email notification in Doc ID 793436.2

Scope

This document applies to the following:

NOTE: 

IaaS service instances on OCC do not include log4j files out of the box affected by these vulnerabilities.

IMPORTANT:

Review the following document to determine the impact and considerations for all Oracle products which may be deployed within your IaaS and PaaS service instances that use vulnerable Log4j jar files:

Impact of December 2021 Apache Log4j Vulnerabilities on Oracle on-premises products (CVE-2021-44228, CVE-2021-45046) (Doc ID 2830143.1)

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 PaaS Instances on OCC
 Database Cloud Service (DBCS)
 Golden Gate Cloud Service (GGCS)
 Java Cloud Service (JCS)
 Data Integrator Cloud Service (DICS)
 SOA Cloud Service (SOACS)
 Database instances (domU) on Exadata Cloud at Customer (ExaCC) Gen1
 Autonomous Health Framework / Trace File Analyzer
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.