My Oracle Support Banner

Impact of Apache Log4j Vulnerabilities on Solaris Cluster (CVE-2021-44228, CVE-2021-45046) (Doc ID 2829429.1)

Last updated on AUGUST 09, 2023

Applies to:

Solaris Cluster - Version 4.4 to 4.4 [Release 4.4]
Information in this document applies to any platform.


This document provides mitigation steps to remove the possibility of any impact associated with CVE-2021-44228 and CVE-2021-45046 on Oracle Solaris Cluster Manager (WebLogic Server Instances).

Please refer to Apache Log4j vulnerabilities described in Security Alert Advisory - CVE-2021-44228 for more details.


There is no threat in Solaris Cluster Manager due to CVE-2021-44228 and CVE-2021-45046.

However Solaris Cluster (SRU10) and (SRU11) ship a private copy of WebLogic Server which contains vulnerable Log4j version 2 jars. Please be aware Apache Log4j version 2 is not used in default Solaris Cluster WebLogic Server installations or configurations.


For specific WebLogic Server details please see Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle WebLogic Server & Fusion Middleware (Doc ID 2827793.1)



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.