Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle Cloud at Customer (OCC) and Exadata Cloud at Customer (ExaCC) Gen1
(Doc ID 2829889.1)
Last updated on JULY 09, 2023
Applies to:
Gen 1 Exadata Cloud at Customer (Oracle Exadata Database Cloud Machine) - Version N/A and laterOracle Cloud > Oracle Infrastructure Cloud > Oracle Cloud at Customer
Oracle Cloud at Customer (OCC) - SaaS Service
Information in this document applies to any platform.
Purpose
Mitigation and Patch PURPOSE
In response to Security Alert CVE-2021-44228, Oracle has released updates for OCC/ExaCC Gen1. This document provides you information on how to obtain and apply these security updates. Please note that these updates address both Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046.
Additionally, the Apache Software Foundation has published a number of mitigation steps in response to the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046. These mitigations are published at https://logging.apache.org/log4j/2.x/security.html. This document provides information to assist you in implementing the recommended Apache Mitigations in OCC/ExaCC Gen1. However, Oracle recommends that you apply the necessary updates as soon as possible to permanently address these vulnerabilities.
This document applies to the following:
- Customer's PaaS service instances hosted on Oracle Cloud at Customer (OCC) Gen1
- Customer's database service instances (domU) on Exadata Cloud at Customer (ExaCC) Gen1
NOTE:
To be notified when this document changes, mark this article as a favorite, and follow instructions for email notification in Doc ID 793436.2.
Scope
This document applies to the following:
- Customer's PaaS service instances hosted on Oracle Cloud at Customer (OCC) Gen1
- Customer's database service instances (domU) on Exadata Cloud at Customer (ExaCC) Gen1
NOTE:
IaaS service instances on OCC do not include log4j files out of the box affected by these vulnerabilities.
IMPORTANT:
Review the following document to determine the impact and considerations for all Oracle products which may be deployed within your IaaS and PaaS service instances that use vulnerable Log4j jar files:
Impact of December 2021 Apache Log4j Vulnerabilities on Oracle on-premises products (CVE-2021-44228, CVE-2021-45046) (Doc ID 2830143.1)
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Purpose |
Scope |
Details |
PaaS Instances on OCC |
Database Cloud Service (DBCS) |
Golden Gate Cloud Service (GGCS) |
Java Cloud Service (JCS) |
Data Integrator Cloud Service (DICS) |
SOA Cloud Service (SOACS) |
Database instances (domU) on Exadata Cloud at Customer (ExaCC) Gen1 |
Autonomous Health Framework / Trace File Analyzer |
References |