My Oracle Support Banner

Impact of Apache Log4j Vulnerabilities on Solaris Cluster (CVE-2021-44228, CVE-2021-45046) (Doc ID 2829429.1)

Last updated on MARCH 09, 2022

Applies to:

Solaris Cluster - Version 4.4 to 4.4 [Release 4.4]
Information in this document applies to any platform.

Purpose

This document provides mitigation steps to remove the possibility of any impact associated with CVE-2021-44228 and CVE-2021-45046 on Oracle Solaris Cluster Manager (WebLogic Server Instances).

Please refer to Apache Log4j vulnerabilities described in Security Alert Advisory - CVE-2021-44228 for more details.

Scope

There is no threat in Solaris Cluster Manager due to CVE-2021-44228 and CVE-2021-45046.

However Solaris Cluster 4.4.10.3.0 (SRU10) and 4.4.11.1.0 (SRU11) ship a private copy of WebLogic Server which contains vulnerable Log4j version 2 jars. Please be aware Apache Log4j version 2 is not used in default Solaris Cluster WebLogic Server installations or configurations.

 

For specific WebLogic Server details please see Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle WebLogic Server & Fusion Middleware (Doc ID 2827793.1)

 

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.