Oracle Database Appliance (ODA) (MOSC)

MOSC Banner

High vulnerability (CVE-2021-44228) on the ODA

in Oracle Database Appliance (ODA) (MOSC) 5 commentsAnswered ✓

Hi Krisz,

It looks like the ODA has a high vulnerability according to a search for log4j files. We are currently on 19.12 but I suspect other versions may have the same issue. Here is a listing of files.

It appears that installing the latest AHF release from MOS will fix it but I saw on another post that you that ODA customers should not be update the TFA bundle from MOS. Any idea how to mitigate this vulnerability?

/u01/app/19.0.0.0/grid/suptools/tfa/release/tfa_home/jlib/log4j-api-2.9.1.jar

/u01/app/19.0.0.0/grid/suptools/tfa/release/tfa_home/jlib/log4j-core-2.9.1.jar

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center