A security issue was found in the Java logging library Apache Log4j in versions from 2.0.0 and before as well as version 2.15.0. This allows a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker’s JNDI LDAP server lookup.
Following oracle products are affected as per the information we have as of now
Red Hat CodeReady Studio 12 Red Hat OpenStack Platform 13 Red Hat Integration Camel K Red Hat Integration Camel Quarkus Red Hat OpenShift Application Runtimes Vert.X 4 Red Hat JBoss Fuse 7 Red Hat OpenShift 4 Red Hat OpenShift 3.11 Red Hat OpenShift Logging Red Hat Data Grid 8 Red Hat JBoss AMQ Streaming
RHEL products are not included in the list as these are not impacted due to this CVE
Red Hat Enterprise Linux 6 log4j Not affected Red Hat Enterprise Linux 7 log4j Not affected Red Hat Enterprise Linux 8 parfait:0.5/log4j12 Not affected