Impact of Apache Log4j Vulnerabilities on Solaris Cluster (CVE-2021-44228, CVE-2021-45046)
(Doc ID 2829429.1)
Last updated on MARCH 09, 2022
Applies to:Solaris Cluster - Version 4.4 to 4.4 [Release 4.4]
Information in this document applies to any platform.
This document provides mitigation steps to remove the possibility of any impact associated with CVE-2021-44228 and CVE-2021-45046 on Oracle Solaris Cluster Manager (WebLogic Server Instances).
Please refer to Apache Log4j vulnerabilities described in Security Alert Advisory - CVE-2021-44228 for more details.
There is no threat in Solaris Cluster Manager due to CVE-2021-44228 and CVE-2021-45046.
However Solaris Cluster 18.104.22.168.0 (SRU10) and 22.214.171.124.0 (SRU11) ship a private copy of WebLogic Server which contains vulnerable Log4j version 2 jars. Please be aware Apache Log4j version 2 is not used in default Solaris Cluster WebLogic Server installations or configurations.
For specific WebLogic Server details please see Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle WebLogic Server & Fusion Middleware (Doc ID 2827793.1)
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document