Impact of Apache Log4j Vulnerabilities on Solaris Cluster (CVE-2021-44228, CVE-2021-45046)
(Doc ID 2829429.1)
Last updated on AUGUST 09, 2023
Applies to:
Solaris Cluster - Version 4.4 to 4.4 [Release 4.4]Information in this document applies to any platform.
Purpose
This document provides mitigation steps to remove the possibility of any impact associated with CVE-2021-44228 and CVE-2021-45046 on Oracle Solaris Cluster Manager (WebLogic Server Instances).
Please refer to Apache Log4j vulnerabilities described in Security Alert Advisory - CVE-2021-44228 for more details.
Scope
There is no threat in Solaris Cluster Manager due to CVE-2021-44228 and CVE-2021-45046.
However Solaris Cluster 4.4.10.3.0 (SRU10) and 4.4.11.1.0 (SRU11) ship a private copy of WebLogic Server which contains vulnerable Log4j version 2 jars. Please be aware Apache Log4j version 2 is not used in default Solaris Cluster WebLogic Server installations or configurations.
For specific WebLogic Server details please see Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle WebLogic Server & Fusion Middleware (Doc ID 2827793.1)
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Purpose |
| Scope |
| Details |
| References |