General impact of Apache Log4j vulnerabilities on Oracle Products and Services
(Doc ID 2847142.1)
Last updated on OCTOBER 19, 2022
Applies to:
Support Tools > My Oracle Support > My Oracle SupportInformation in this document applies to any platform.
Purpose
A number of additional vulnerabilities affecting various versions of Apache Log4J have been disclosed after the publication of Oracle Security Alert CVE-2021-44228 related to the disclosure of vulnerabilities CVE-2021-44228 and subsequently CVE-2021-45046. For more information, see MOS Note ID 2827611.1.
In addition to vulnerabilities CVE-2021-44228 and CVE-2021-45046, the newly disclosed Apache Log4j vulnerabilities include:
- CVE-2022-23307 (published on January 18, 2022)
- CVE-2022-23305 (published on January 18, 2022)
- CVE-2022-23302 (published on January 18, 2022)
- CVE-2021-44832 (published on December 28, 2021)
- CVE-2021-45105 (published on December 18, 2021)
- CVE-2021-4104 (published on December 14, 2021)
The purpose of this document is to explain Oracle’s security vulnerability remediation practices in the context of these newly disclosed Apache Log4j vulnerabilities.
Scope
This document applies to all Oracle products and Oracle cloud services.
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |