12/14/21, 9:56 AM Document 2827611.

1
Copyright (c) 2021, Oracle. All rights reserved. Oracle Confidential.

Apache Log4j Security Alert CVE-2021-44228 Products and Versions (Doc ID 2827611.1)

In this Document

Purpose
Scope
Details
1.0 Oracle products with patches or mitigation available
2.0 Oracle products with patches pending
3.0 Oracle products under investigation
4.0 Oracle products with impacted underlying Oracle components
5.0 Oracle products not requiring patches

PURPOSE

This document details the Oracle Products and Versions affected by CVE-2021-44228, an Apache Log4j 2 vulnerability
described in Security Alert CVE-2021-44228.

SCOPE

This document applies to all Oracle products.

DETAILS

The impact of the Apache Log4j vulnerability CVE-2021-44228 on Oracle products, for releases and versions that are in
Premier Support or Extended Support under the Oracle Lifetime Support Policy, is listed in the appropriate categories below.

Note:

Product releases that are not under Premier Support or Extended Support are not tested for the presence of this
vulnerability.
Apache reported that CVE-2021-44228 applies only to Log4j versions 2.0-2.14.1, and does not apply to Log4j versions
1.x.
Oracle believes at the time of the publication of this document that product releases that are not listed in
Tables 1-4 below are not affected by this vulnerability in their default product distribution.

This page was last updated on: December 13, 2021 at 11:00 PM PST.

Applicability of Security Alert CVE-2021-44228 to Oracle Cloud

The Oracle Cloud operations and security teams are evaluating this Security Alert as well as all relevant third-party fixes as
they become available. They will apply the relevant patches in accordance with applicable change management processes.
This MOS article will be updated to reflect the application of the required patches in the Oracle clouds.

Applicability of Security Alert CVE-2021-44228 to Oracle on-premises products

1.0 Oracle products with patches or mitigation available

https://urlisolation.com/browser?clickId=A0ECD476-DD5C-4207-9790-A49323A1AA1A&frameUrl=%2Fpage%3Furl%3D%26token%3Dkx689rgr-sjfh6… 1/7
12/14/21, 9:56 AM Document 2827611.1

Oracle has determined that the following Oracle products are vulnerable and have patches or mitigation available for CVE-
2021-44228. For patch and mitigation availability information refer to the individual Patch Availability Documents referenced in
the table below.

Patch availability information is provided only for product versions that are covered under the Premier Support or Extended
Support phases of the Lifetime Support Policy. Oracle recommends that customers remain on actively supported versions to
ensure that they continue to receive security fixes from Oracle.

Patch Availability Table

Affected Products Patch Availability
Agile Engineering Data Management [Product ID 4436] MOS note 2827823.1
Agile PLM Framework [Product ID 4461] MOS note 2827700.1
Autovue for Agile Product Lifecycle Management [Product ID 4434] MOS note 2827700.1
Communications Convergent Charging Controller [Product ID 12985] MOS note 2827826.1
Communications Instant Messaging Server [Product ID 8495] MOS note 2827846.1
Communications IP Service Activator [Product ID 2261] MOS note 2827897.1
Communications Messaging Server [Product ID 8496] MOS note 2827846.1
Communications Network Charging and Control [Product ID 4623] MOS note 2827826.1
Communications Offline Mediation Controller [Product ID 2269] MOS note 2827844.1
Communications Pricing Design Center [Product ID 9437] MOS note 2827844.1
Communications Unified Inventory Management [Product ID 4516] MOS note 2827890.1
Engineered Systems Utilities (Trace File Analyzer) [Product ID 10655] MOS patch 30166242
Health Insurance Claims Pricing [Product ID 10295] MOS note 2827966.1
Health Sciences Data Management Workbench [Product ID 9581] MOS note 2827966.1
Health Sciences Empirica Signal [Product ID 9646] MOS note 2828060.1
Health Sciences Information Manager [Product ID 9177] MOS note 2827979.1
Healthcare Foundation [Product ID 12950] MOS note 2828054.1
Instantis EnterpriseTrack [Product ID 10563] MOS note 2827904.1
Insurance Insbridge Rating and Underwriting [Product ID 5484] MOS note 2827731.1
Insurance Policy Administration J2EE [Product ID 5279] MOS note 2827731.1
Insurance Rules Palette [Product ID 5288] MOS note 2827731.1
MySQL Enterprise Monitor [Product ID 8480] MOS note 2827698.1
Oracle Agile Engineering Collaboration [Product ID 4439] MOS note 2827700.1
Oracle Agile PLM MCAD Connector [Product ID 4440] MOS note 2827700.1
Oracle Banking Deposits and Lines of Credit Servicing [Product ID 13928] MOS note 2828115.1
Oracle Banking Enterprise Collections [Product ID 13390] MOS note 2828115.1
Oracle Banking Loans Servicing [Product ID 13927] MOS note 2828115.1
Oracle Banking Party Management [Product ID 13929] MOS note 2828115.1
Oracle Banking Platform [Product ID 9178] MOS note 2828115.1
Oracle Communications ASAP [Product ID 2260] MOS note 2827910.1
Oracle Communications Billing and Revenue Management [Product ID 2136] MOS note 2827844.1
Oracle Communications BRM Elastic Charging Engine [Product ID 9742] MOS note 2827844.1
Oracle Communications Convergence [Product ID 8501] MOS note 2827846.1
Oracle Communications Service Broker [Product ID 8565] MOS note 2827833.1
Oracle Data Integrator (ODI) [Product ID 2196] MOS note 2827929.1
Oracle E-Business Suite [Product ID 1745] MOS note 2827804.1
Oracle EBS Extensions for Oracle Endeca - INSTALL [Product ID 10240] MOS note 2827804.1

https://urlisolation.com/browser?clickId=A0ECD476-DD5C-4207-9790-A49323A1AA1A&frameUrl=%2Fpage%3Furl%3D%26token%3Dkx689rgr-sjfh6… 2/7
12/14/21, 9:56 AM Document 2827611.1

Oracle Enterprise Repository [Product ID 5326] MOS note 2827793.1

Oracle Health Insurance Analytics [Product ID 9656] MOS note 2827793.1
Oracle Hospitality Labor Management [Product ID 11601] MOS note 2827908.1
Oracle Hospitality OPERA 5 [Product ID 12726] MOS note 2827653.1
Oracle Hospitality Reporting and Analytics [Product ID 11599] MOS note 2827908.1
Oracle Hospitality Token Proxy Service [Product ID 13387] MOS note 2827732.1
Oracle Insurance Data Gateway [Product ID 13628] MOS note 2827731.1
Oracle JDeveloper [Product ID 807] MOS note 2827793.1
Oracle Payment Interface [Product ID 13173] MOS note 2827654.1
Oracle Real Time Decision Server (RTD Server) [Product ID 2104] MOS note 2827793.1
Oracle Reports Developer [Product ID 159] MOS note 2827793.1
Oracle Unified Directory (OUD) [Product ID 9118] MOS note 2827793.1
Oracle WebCenter Sites [Product ID 9617] MOS note 2827793.1
PeopleSoft PeopleTools [Product ID 5085] MOS note 2828073.1
Primavera Analytics [Product ID 8577] MOS note 2827736.1
Primavera Gateway [Product ID 10605] MOS note 2827707.1
Primavera P6 Enterprise Project Portfolio Management [Product ID 5579] MOS note 2827712.1
Primavera P6 Professional Project Management [Product ID 5580] MOS note 2827712.1
Primavera Unifier [Product ID 10354] MOS note 2827713.1
SQL Developer and SQL Developer Data Modeler [Product ID 1875] MOS note 2828123.1
Utilities Network Management System [Product ID 2241] MOS note 2827974.1
WebCenter Portal [Product ID 1696] MOS note 2827977.1

2.0 Oracle products with patches pending

Oracle has determined that the following Oracle products are vulnerable and do not currently have patches available for CVE-
2021-44228:

Communications Application Session Controller [Product ID 10769]

Communications Evolved Communications Application Server [Product ID 10994]
Communications Interactive Session Recorder [Product ID 10765]
Communications Session Report Manager [Product ID 10770]
Communications Session Route Manager [Product ID 10771]
Currency Transaction Reporting [Product ID 9784]
Enterprise Manager for Peoplesoft [Product ID 2131]
Enterprise Metadata Management [Product ID 11264]
Financial Services Behavior Detection Platform [Product ID 9190]
Financial Services Economic Capital Advanced [Product ID 9475]
Financial Services Foreign Account Tax Compliance Act Management [Product ID 10308]
Financial Services Lending and Leasing [Product ID 10484]
Financial Services Personal Trading Approval [Product ID 10647]
Financial Services Regulatory Reporting [Product ID 9142]
Financial Services Revenue Management and Billing [Product ID 5322]
FLEXCUBE Core Banking [Product ID 9101]
FLEXCUBE Investor Servicing [Product ID 9099]
Hyperion Data Relationship Management [Product ID 4375]
Hyperion Enterprise Performance Management Architect [Product ID 4392]
Hyperion Essbase [Product ID 4379]
Identity Manager Connector [Product ID 1999]
https://urlisolation.com/browser?clickId=A0ECD476-DD5C-4207-9790-A49323A1AA1A&frameUrl=%2Fpage%3Furl%3D%26token%3Dkx689rgr-sjfh6… 3/7
12/14/21, 9:56 AM Document 2827611.1

Insurance Calculation Engine [Product ID 10837]

Managed File Transfer [Product ID 10198]
Oracle Access Manager / Webgates [Product ID 5565]
Oracle Access Manager [Product ID 5565]
Oracle Banking Cash Management [Product ID 14195]
Oracle Banking Corporate Lending [Product ID 12989]
Oracle Banking Corporate Lending Process Management [Product ID 13701]
Oracle Banking Credit Facilities Process Management [Product ID 13703]
Oracle Banking Extensibility Workbench [Product ID 14124]
Oracle Banking Liquidity Management [Product ID 13304]
Oracle Banking Supply Chain Finance [Product ID 13872]
Oracle Banking Trade Finance Process Management [Product ID 13718]
Oracle Banking Treasury Management [Product ID 14133]
Oracle Banking Virtual Account Management [Product ID 13487]
Oracle Commerce Guided Search/Oracle Commerce Experience Mgr [Product ID 9633]
Oracle Communications Performance Intelligence Center (PIC) Software [Product ID 11044]
Oracle Communications Services Gatekeeper [Product ID 5381]
Oracle Communications Session Element Manager [Product ID 11052]
Oracle Directory Server Enterprise Edition [Product ID 8512]
Oracle Enterprise Manager [Product ID 1370]
Oracle Financial Services Analytical Applications Infrastructure [Product ID 5680]
Oracle Financial Services Anti Money Laundering Event Scoring [Product ID 13609]
Oracle Financial Services Asset Liability Management [Product ID 5662]
Oracle Financial Services Balance Computation Engine [Product ID 14246]
Oracle Financial Services Balance Sheet Planning [Product ID 5663]
Oracle Financial Services Crime and Compliance Management Studio [Product ID 13595]
Oracle Financial Services Data Integration Hub [Product ID 11289]
Oracle Financial Services Enterprise Case Management [Product ID 13545]
Oracle Financial Services Loan Loss Forecasting and Provisioning [Product ID 9474]
Oracle Financial Services Market Risk Measurement and Management [Product ID 13111]
Oracle Financial Services Model Management and Governance [Product ID 14276]
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition [Product ID 13789]
Oracle FLEXCUBE Private Banking [Product ID 9110]
Oracle Fusion Middleware Infrastructure [Product ID 1032]
Oracle GoldenGate Application Adapters [Product ID 5760]
Oracle GoldenGate Studio [Product ID 10945]
Oracle GoldenGate Veridata [Product ID 5758]
Oracle Insurance Accounting Analyzer [Product ID 13809]
Oracle Insurance Allocation Manager for Enterprise Profitability [Product ID 13946]
Oracle Insurance Policy Administration Operational Data Store for Life and Annuity [Product ID 13339]
Oracle Policy Automation [Product ID 5624]
Oracle Spatial and Graph [Product ID 619]
Oracle(R) BPEL Process Manager 10g [Product ID 1669]
Policy Automation for Mobile Devices [Product ID 5626]
Product Lifecycle Analytics [Product ID 9387]
Siebel Core - Services Security [Product ID 9001]
Siebel Industry - Travel & Transportation [Product ID 9164]
Siebel UI Framework [Product ID 9011]

3.0 Oracle products under investigation

https://urlisolation.com/browser?clickId=A0ECD476-DD5C-4207-9790-A49323A1AA1A&frameUrl=%2Fpage%3Furl%3D%26token%3Dkx689rgr-sjfh6… 4/7
12/14/21, 9:56 AM Document 2827611.1

The following Oracle products are under investigation and may be impacted by vulnerability CVE-2021-44228:

ATG Web Commerce Core [Product ID 9408]

Enterprise Single Sign-On Suite Plus [Product ID 2074]
Functional Testing Advanced Pack for Oracle Utilities [Product ID 11163]
Management Cloud Engine [Product ID 14252]
Oracle Adaptive Access Manager [Product ID 4419]
Oracle Fabric Manager [Product ID 10477]
Oracle Global Lifecycle Management FMW Installer [Product ID 12748]
Oracle Identity Manager [Product ID 1980]
Oracle MiniCluster S7-2 Engineered System [Product ID 12598]
Oracle Platform Security for Java [Product ID 2233]
Oracle Policy Automation Connector for Siebel [Product ID 5627]
Oracle Real-Time Scheduler [Product ID 2238]
Oracle Retail Advanced Inventory Planning [Product ID 1785]
Oracle Retail Allocation [Product ID 1786]
Oracle Retail Assortment Planning [Product ID 1788]
Oracle Retail Back Office [Product ID 2013]
Oracle Retail Bulk Data Integration [Product ID 12968]
Oracle Retail Central Office [Product ID 2016]
Oracle Retail Customer Management and Segmentation Foundation [Product ID 13388]
Oracle Retail Data Extractor for Merchandising [Product ID 12936]
Oracle Retail EFTLink [Product ID 11516]
Oracle Retail Extract Tranform and Load [Product ID 1803]
Oracle Retail Financial Integration [Product ID 10722]
Oracle Retail Fiscal Management [Product ID 9038]
Oracle Retail Insights [Product ID 10263]
Oracle Retail Integration Bus [Product ID 1807]
Oracle Retail Invoice Matching [Product ID 1810]
Oracle Retail Merchandising System [Product ID 1816]
Oracle Retail Order Management System Cloud Service [Product ID 11519]
Oracle Retail Predictive Application Server [Product ID 1823]
Oracle Retail Price Management [Product ID 1824]
Oracle Retail Returns Management [Product ID 2020]
Oracle Retail Service Backbone [Product ID 10867]
Oracle Retail Store Inventory Management [Product ID 1838]
Oracle Retail Xstore Point of Service [Product ID 11513]
Oracle Solaris Operating System [Product ID 10006]
Oracle SuperCluster [Product ID 10011]
Oracle Utilities Application Framework [Product ID 2245]
Oracle Utilities Asset Management Base [Product ID 9574]
Oracle Utilities Customer to Meter [Product ID 13345]
Oracle Utilities Smart Grid Gateway Adapter for Echelon [Product ID 9129]
Oracle Utilities Smart Grid Gateway Adapter for Landis Gyr [Product ID 9130]
Oracle Utilities Smart Grid Gateway MV90 Adapter for Itron [Product ID 9128]
Oracle Utilities Testing Accelerator [Product ID 13784]
Oracle Virtual Directory [Product ID 1978]
Retail Analytics [Product ID 9346]
Utilities Meter Data Management [Product ID 4101]
Utilities Mobile Workforce Management [Product ID 2239]
Utilities Smart Grid Gateway [Product ID 9127]
Utilities Smart Grid Gateway Adapter Development Kit [Product ID 10356]
Utilities Smart Grid Gateway Adapter for Itron OpenWay [Product ID 10211]
https://urlisolation.com/browser?clickId=A0ECD476-DD5C-4207-9790-A49323A1AA1A&frameUrl=%2Fpage%3Furl%3D%26token%3Dkx689rgr-sjfh6… 5/7
12/14/21, 9:56 AM Document 2827611.1

Utilities Smart Grid Gateway Adapter for Sensus RNI [Product ID 9563]
Utilities Smart Grid Gateway Adapter for Silver Spring Networks [Product ID 9560]

4.0 Oracle products with impacted underlying Oracle components

No products in this category.

5.0 Oracle products not requiring patches

At this point in time, Oracle doesn’t believe the following products to be affected by vulnerability CVE-2021-44228:

Application Testing Suite [Product ID 4622]

Argus Analytics [Product ID 9171]
Argus Mart [Product ID 10383]
Berkeley DB [Product ID 2051]
Commerce Platform [Product ID 9348]
Commerce Service Center [Product ID 9351]
Communications Converged Application Server [Product ID 5382]
Communications EAGLE FTP Table Base Retrieval [Product ID 11116]
Communications Network Integrity [Product ID 4491]
Communications Order and Service Management [Product ID 2270]
Communications WebRTC Session Controller [Product ID 10811]
CRF Submit Requestor [Product ID 9641]
Data Visualization Desktop [Product ID 12791]
Database Gateway for APPC [Product ID 774]
Demantra Demand Management [Product ID 2100]
Enterprise Data Quality [Product ID 9464]
Enterprise Manager for MySQL Database [Product ID 11166]
Exalytics Software [Product ID 9736]
FLEXCUBE Direct Banking [Product ID 9111]
Health Insurance Claims Management Data Marts [Product ID 9313]
Health Insurance Data Management [Product ID 10643]
Healthcare Data Repository [Product ID 9161]
JD Edwards EnterpriseOne Deployment Server [Product ID 4781]
JD Edwards EnterpriseOne Enterprise Server [Product ID 4781]
JD Edwards EnterpriseOne Enterprise Server Platform Pack [Product ID 4781]
JD Edwards EnterpriseOne Server Manager [Product ID 4781]
JD Edwards World [Product ID 4839]
Mobile Application Framework [Product ID 11055]
Oracle Audit Vault and Database Firewall [Product ID 9749]
Oracle Big Data Spatial and Graph [Product ID 11528]
Oracle Blockchain Cloud Service [Product ID 13444]
Oracle Business Intelligence Publisher [Product ID 1479]
Oracle Client [Product ID 5]
Oracle Coherence [Product ID 2545]
Oracle Communications Diameter Signaling Router [Product ID 10899]
Oracle Communications EAGLE Element Management System [Product ID 11125]
Oracle Communications MetaSolv Solution [Product ID 2267]
Oracle Communications User Data Repository [Product ID 11108]
Oracle Database [Product ID 5]
https://urlisolation.com/browser?clickId=A0ECD476-DD5C-4207-9790-A49323A1AA1A&frameUrl=%2Fpage%3Furl%3D%26token%3Dkx689rgr-sjfh6… 6/7
12/14/21, 9:56 AM Document 2827611.1

Oracle Database Appliance [Product ID 9435]

Oracle Database Global Service Manager [Product ID 5]
Oracle Exadata Storage Server Software [Product ID 2546]
Oracle Exalogic Elastic Cloud [Product ID 9415]
Oracle Fail Safe [Product ID 843]
Oracle Forms [Product ID 45]
Oracle Global Lifecycle Management Repository Creation Utility [Product ID 12746]
Oracle GoldenGate [Product ID 5757]
Oracle GoldenGate for HP Nonstop [Product ID 13046]
Oracle Health Insurance Claims Management [Product ID 9307]
Oracle Health Insurance Claims Management Web Services [Product ID 9311]
Oracle Health Insurance Disbursements and Collections [Product ID 9308]
Oracle Health Insurance Long Term Care [Product ID 9394]
Oracle Health Insurance Policy Administration [Product ID 9306]
Oracle Health Insurance Policy Administration Data Marts [Product ID 9312]
Oracle Health Insurance Policy Administration Web Services [Product ID 9310]
Oracle Health Sciences Argus Safety [Product ID 5710]
Oracle Health Sciences Clinical Development Analytics [Product ID 5563]
Oracle Health Sciences InForm [Product ID 9636]
Oracle Healthcare Translational Research [Product ID 9427]
Oracle HTTP Server [Product ID 1042]
Oracle Internet Directory [Product ID 355]
Oracle Key Vault [Product ID 10221]
Oracle MapViewer [Product ID 1215]
Oracle NoSQL Database [Product ID 13373]
Oracle Retail Data Model [Product ID 2538]
Oracle Service Architecture Leveraging Tuxedo (SALT) [Product ID 5435]
Oracle SOA Suite [Product ID 1162]
Oracle StorageTek Tape Analytics [Product ID 10085]
Oracle TimesTen In-Memory Database [Product ID 1870]
Oracle Tuxedo Application Rehosting Workbench [Product ID 8485]
Oracle Tuxedo Mainframe Adapter for OSI TP [Product ID 5439]
Oracle VM [Product ID 4455]
Oracle WebLogic Server (not exploitable) [Product ID 5242] [See MOS Note 2827793.1]
Oracle ZFS Storage Appliance Kit [Product ID 10026]
PeopleSoft Enterprise CRM Client Management [Product ID 4860]
PeopleSoft Enterprise CS Install [Product ID 9068]
PeopleSoft Enterprise FIN Install [Product ID 8925]
PeopleSoft Enterprise FIN Supply Chain Portal Pack Brazil [Product ID 8883]
PeopleSoft Enterprise HCM Human Resources [Product ID 5071]
PeopleSoft Enterprise PRTL Interaction Hub [Product ID 5090]
Private Cloud Appliance [Product ID 10635]
Rapid Planning [Product ID 5235]
Secure Global Desktop [Product ID 8539]
Sun StorageTek Tape Library ACSLS [Product ID 10088]
Tekelec Platform [Product ID 11269]
Transportation Management [Product ID 1991]
Universal Installer [Product ID 662]
Zero Data Loss Recovery Appliance [Product ID 11342]

Didn't find what you are looking for?

https://urlisolation.com/browser?clickId=A0ECD476-DD5C-4207-9790-A49323A1AA1A&frameUrl=%2Fpage%3Furl%3D%26token%3Dkx689rgr-sjfh6… 7/7