Multiple significant security vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-4104) have been disclosed and patched in the popular Java logging library Apache Log4j.  This library is installed in Oracle E-Business Suite (EBS) environments and these vulnerabilities may be exploitable in your environment depending on Oracle EBS version, Oracle EBS patches applied, and customizations or third-party products.

On December 15th, Oracle has changed the remediation with the disclosure of the most recent Log4j security vulnerability (CVE-2021-45046) as the initial recommended fix was not complete.

Integrigy has performed an in-depth analysis of these vulnerabilities and the impact on Oracle EBS.  This analysis reviews the Log4j vulnerabilities, describes how to determine if you Oracle EBS environment is vulnerable, and provides remediation steps to resolve the vulnerabilities in an Oracle EBS environment.

Vulnerability, Oracle E-Business Suite