Multiple significant security vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-4104) have been disclosed and patched in the popular Java logging library Apache Log4j. This library is installed in Oracle E-Business Suite (EBS) environments and these vulnerabilities may be exploitable in your environment depending on Oracle EBS version, Oracle EBS patches applied, and customizations or third-party products.
On December 15th, Oracle has changed the remediation with the disclosure of the most recent Log4j security vulnerability (CVE-2021-45046) as the initial recommended fix was not complete.
Integrigy has completed a detailed analysis on the impact of these Log4j security vulnerabilities on Oracle E-Business Suite and you can access this analysis here -
Integrigy's products AppDefend and AppSentry does not use the Log4j library, therefore, are not vulnerable to this security bug.
Please let us know if you have any questions regarding this security vulnerability at firstname.lastname@example.org.