RSS Feed
News
Dec
15
Apache Log4j Security Alert CVE-2021-44228 Information
Posted by Johan Nel on 15 December 2021 10:33 AM

Open Spatial products Munsys, enlighten and ACDC are not affected by this vulnerability as neither apache or log4j are used in the products or components

Underlying Oracle database vulnerabilities:

From the Oracle Advisory

Apache Log4j Security Alert CVE-2021-44228 Products and Versions (Doc ID 2827611.1)

5.0 Oracle products not requiring patches

At this point in time, Oracle doesn’t believe the following products to be affected by vulnerability CVE-2021-44228:

  • Oracle Big Data Spatial and Graph [Product ID 11528]

From a database perspective no action is necessary.  It the database support only open spatial products the log4j.jar component may be renamed or deleted

If you are using SQL Developer there may be a vulnerability

Patch SQL Developer

Oracle SQL Developer

21.4

CVE-2021-44228

To address CVE-2021-44228, update to full release 21.4, which is available at the normal download page. For more information on CVE-2021-44228, see Note 2827611.1


Comments (0)