which of the oracle products are affected with CVE-2021-44228 ?

A security issue was found in the Java logging library Apache Log4j in versions from 2.0.0 and before as well as version 2.15.0. This allows a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker’s JNDI LDAP server lookup.

Following oracle products are affected as per the information we have as of now

Red Hat CodeReady Studio 12
Red Hat OpenStack Platform 13
Red Hat Integration Camel K
Red Hat Integration Camel Quarkus
Red Hat OpenShift Application Runtimes Vert.X 4
Red Hat JBoss Fuse 7
Red Hat OpenShift 4
Red Hat OpenShift 3.11
Red Hat OpenShift Logging
Red Hat Data Grid 8
Red Hat JBoss AMQ Streaming

RHEL products are not included in the list as these are not impacted due to this CVE

Red Hat Enterprise Linux 6      log4j   Not affected           
Red Hat Enterprise Linux 7      log4j   Not affected   
Red Hat Enterprise Linux 8      parfait:0.5/log4j12     Not affected   

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *