Apache Log4j Security Alert - CVE-2021-44228 / CVE-2021-45046 for Oracle Siebel CRM
(Doc ID 2828323.1)
Last updated on JANUARY 07, 2022
Applies to:
Support Tools > My Oracle Support > My Oracle SupportInformation in this document applies to any platform.
Purpose
This document provides patches or mitigation steps to alleviate the impact associated with CVE-2021-44228 and CVE-2021-45046 on Oracle Siebel CRM Core Products. Refer to Apache Log4j 2 vulnerability described in Security Alert CVE-2021-44228 for more details.
Scope
Siebel Innovation Pack 16.x and Siebel CRM 18.9 and above are impacted by this vulnerability for the following components:
- Siebel CRM Innovation Pack 16.x: Siebel Server
- Siebel CRM 18.9-21.11 and Siebel Approval Manager (SAM) update 2.17.5-2.20.12, 21.1-21.11:
- Enterprise Application Interface/Cloud Gateway /Application Server/Migration Server update,
- Siebel Email Marketing Server 2.18.8-2.19.9,19.7,19.8, 20.7, 21.0-21.11
Note:
Apache reported that CVE-2021-44228 applies only to Log4j versions 2.0-2.14.1, and does not apply to Log4j versions 1.x.
Apache reported that CVE-2021-45046 applies only to Log4j versions 2.0-2.15, and does not apply to Log4j versions 1.x
Please continue to monitor this article for possible future updates. Please review the MOS article “last update” date stamp to verify you have the most current information.
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |