Database - RAC/Scalability (MOSC)

MOSC Banner

Security Alert CVE-2021-44228 - Log4Shell: RCE 0-day exploit found in log4j

in Database - RAC/Scalability (MOSC) 7 commentsAnswered ✓

Hello,

I am trying to identify and patch the CVE-2021-44228 vulnerability asap. We have numerous environments running oracle 19.8 and a cloud control 13.5. We also have the latest version of Oracle AHF 21.3 (automated health framework) installed.

Apache Log4j Security Alert CVE-2021-44228 Products and Versions (Doc ID 2827611.1) mentions that Log4j versions 2.0 to 2.14.1 are affected. I have scanned our oracle 19.8 and cloud control 13.5 environments and have found numerous vulnerable Log4j versions in the $ORACLE_HOME/md folder, in the /u01/app/19.0.0/grid/tfa folders, in /opt/oracle.ahf, and as part of the oracle cloud control agents.

The issue I have is that I do not see patches in the

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center