Note that patching and mitigation activities in these environments have been ongoing since the initial release of the Alert, and some customers may have already received notifications of mandatory maintenance (if the maintenance resulted in a noticeable impact such as service interruption). This MOS note will be updated to provide information about the remedial status of all Oracle cloud environments (e.g., Oracle Applications, Oracle NetSuite, Oracle Cloud Infrastructure, Oracle Industry Clouds, etc.). Oracle will perform the required remediation activities (patches and mitigations) in accordance with applicable change management processes. They are evaluating all relevant third-party fixes as they become available. The Oracle cloud operations and security teams are evaluating all information related to CVE-2021-45046 and CVE-2021-44228. Applicability of these vulnerabilities to Oracle cloud environments This page was last updated on: Decemat 11:53 PM PST. Oracle believes at the time of the publication of this document that product releases that are not listed in Tables 1-4 below are not affected by this vulnerability in their default product distribution.Apache reported that CVE-2021-45046 applies only to Log4j versions 2.0-2.15, and does not apply to Log4j versions 1.x.Apache reported that CVE-2021-44228 applies only to Log4j versions 2.0-2.14.1, and does not apply to Log4j versions 1.x.For the most recent Critical Patch Updates, see. Reminder: Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.Product releases that are not under Premier Support or Extended Support are not tested for the presence of this vulnerability.This obsolete note is archived as MOS Note ID 2828594.1 and will no longer be updated. The initial content for this note was limited to the impact of the Apache Log4j vulnerability CVE-2021-44228 on Oracle products, for releases and versions that are in Premier Support or Extended Support under the Oracle Lifetime Support Policy. This document applies to all Oracle products and Oracle cloud services. This information generally supersedes the information previously published for vulnerability CVE-2021-44228. This document details the Oracle Products and Versions affected by CVE-2021-45046. Mitigation instructions from Apache for these issues also evolved over time. Subsequently, the Apache Software Foundation released Apache version 2.16 which addresses an additional vulnerability (CVE-2021-45046). On December 10th, Oracle released Security Alert CVE-2021-44228 in response to the disclosure of a new vulnerability affecting Apache Log4j prior to version 2.15. 5.0 Oracle products not requiring patches.4.0 Oracle products with impacted underlying Oracle components.3.0 Oracle products under investigation.2.0 Oracle products with patches pending.1.0 Oracle products with patches or mitigation available.Applicability of Security Alert CVE-2021-45046 to Oracle on-premises products.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |