Impact of December 2021 Apache Log4j Vulnerabilities on Oracle on-premises products (CVE-2021-44228, CVE-2021-45046)
(Doc ID 2830143.1)
Last updated on JUNE 30, 2022
Oracle Fusion Applications
JD Edwards EnterpriseOne
Oracle Database Products
Oracle E-Business Suite
Information in this document applies to any platform.
On December 10th, Oracle released Security Alert CVE-2021-44228 in response to the disclosure of a new vulnerability affecting Apache Log4j prior to version 2.15.
Subsequently, the Apache Software Foundation released Apache version 2.16 which addresses an additional vulnerability (CVE-2021-45046). Mitigation instructions from Apache for these issues also evolved over time.
This document details the Oracle Products and Versions affected by CVE-2021-45046 and CVE-2021-44228. This information supersedes the information previously published solely for vulnerability CVE-2021-44228 and archived as MOS Note 2828594.1.
This document provides information about the availability of patches or mitigation instructions for products physically located in customers’ on-premises locations (including traditionally licensed products and cloud on-premises components).
For information about Oracle cloud environments, customers should refer to “Impact of December 2021 Apache Log4j Vulnerabilities on Oracle cloud environments (CVE-2021-44228, CVE-2021-45046) (MOS Note ID 2830129.1).
If you do not find information about a given product in this MOS Note, you should look in the other MOS Note.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!