General impact of Apache Log4j vulnerabilities on Oracle Products and Services (Doc ID 2847142.1)

Last updated on OCTOBER 19, 2022

Applies to:

Support Tools > My Oracle Support > My Oracle Support
Information in this document applies to any platform.

Purpose

A number of additional vulnerabilities affecting various versions of Apache Log4J have been disclosed after the publication of Oracle Security Alert CVE-2021-44228 related to the disclosure of vulnerabilities CVE-2021-44228 and subsequently CVE-2021-45046. For more information, see MOS Note ID 2827611.1.

In addition to vulnerabilities CVE-2021-44228 and CVE-2021-45046, the newly disclosed Apache Log4j vulnerabilities include:

CVE-2022-23307 (published on January 18, 2022)
CVE-2022-23305 (published on January 18, 2022)
CVE-2022-23302 (published on January 18, 2022)
CVE-2021-44832 (published on December 28, 2021)
CVE-2021-45105 (published on December 18, 2021)
CVE-2021-4104 (published on December 14, 2021)

The purpose of this document is to explain Oracle’s security vulnerability remediation practices in the context of these newly disclosed Apache Log4j vulnerabilities.

Scope

This document applies to all Oracle products and Oracle cloud services.

Details

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

General impact of Apache Log4j vulnerabilities on Oracle Products and Services (Doc ID 2847142.1)

Applies to:

Purpose

Scope

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!