Oracle Security Alert for CVE-2021-44228: Part One

  • Date: December 13, 2021
  • Article by: Jeff Henkel

Well, you may be reading about the new Oracle Security Alert around Apache Log4j.  This email  (Oracle Security Alert for CVE-2021-44228) was sent on December 10th and noted a high-level exploit potential, and offered a patch that should be installed on any of the below products and supporting systems:

Since there are a number of Oracle EPM Suite components there, we recommend that clients patch their systems as soon as patches are available. At present, there are no patches released to address this issue.

If you should need assistance with patching please let us know.  I’ve taken the liberty of bolding and increasing the font on the EPM/Hyperion products of concern.

Oracle has determined that the following 49 Oracle products are vulnerable and do not have fixes available for CVE-2021-44228:

·    Communications Instant Messaging Server [Product ID 8495]

·    Communications IP Service Activator [Product ID 2261]

·    Communications Messaging Server [Product ID 8496]

·    Communications Network Charging and Control [Product ID 4623]

·    Communications Network Integrity [Product ID 4491]

·    Communications Offline Mediation Controller [Product ID 2269]

·    Communications Order and Service Management [Product ID 2270]

·    Data Integrator [Product ID 2196]

·    Data Visualization Desktop [Product ID 12791]

·    Enterprise Data Quality [Product ID 9464]

·    Enterprise Manager for Peoplesoft [Product ID 2131]

·    Enterprise Repository [Product ID 5326]

·    Exalytics Software [Product ID 9736]

·    Hyperion Data Relationship Management [Product ID 4375]

·    Hyperion Enterprise Performance Management Architect [Product ID 4392]

·    Identity Manager Connector [Product ID 1999]

·    JD Edwards World [Product ID 4839]

·    Managed File Transfer [Product ID 10198]

·    Mobile Application Framework [Product ID 11055]

·    Oracle Access Manager / Webgates [Product ID 5565]

·    Oracle Access Manager [Product ID 5565]

·    Oracle Communications ASAP [Product ID 2260]

·    Oracle Communications Billing and Revenue Management [Product ID 2136]

·    Oracle Communications Convergence [Product ID 8501]

·    Oracle Communications MetaSolv Solution [Product ID 2267]

·    Oracle E-Business Suite [Product ID 1745]

·    Oracle EBS Extensions for Oracle Endeca – INSTALL [Product ID 10240]

·    Oracle Enterprise Manager [Product ID 1370]

·    Oracle Exalogic Elastic Cloud [Product ID 9415]

·    Oracle Fusion Middleware – MCR50 (3RDJARS) [Product ID 1032]

·    Oracle Fusion Middleware [Product ID 1032]

·    Oracle Global Lifecycle Management Repository Creation Utility [Product ID 12746]

·    Oracle GoldenGate Application Adapters [Product ID 5760]

·    Oracle GoldenGate Studio [Product ID 10945]

·    Oracle GoldenGate Veridata [Product ID 5758]

·    Oracle Hospitality OPERA 5 [Product ID 12726]

·    Oracle HTTP Server [Product ID 1042]

·    Oracle Internet Directory [Product ID 355]

·    Oracle JDeveloper [Product ID 807]

·    Oracle Policy Automation [Product ID 5624]

·    Oracle SOA Suite [Product ID 1162]

·    Oracle Tuxedo Application Rehosting Workbench [Product ID 8485]

·    Oracle Tuxedo Mainframe Adapter for OSI TP [Product ID 5439]

·    Oracle(R) BPEL Process Manager 10g [Product ID 1669]

·    Policy Automation for Mobile Devices [Product ID 5626]

·    Real-Time Decision Server [Product ID 2104]

·    Reports Developer [Product ID 159]

·    WebCenter Portal [Product ID 1696]

·    WebCenter Sites [Product ID 9617]

There is a further list of product being investigated for potential patching.

The following products are under investigation and may be impacted by vulnerability CVE-2021-44228:

·    Agile Engineering Data Management [Product ID 4436]

·    Agile PLM Framework [Product ID 4461]

·    Argus Analytics [Product ID 9171]

·    Argus Mart [Product ID 10383]

·    ATG Web Commerce Core [Product ID 9408]

·    Autovue for Agile Product Lifecycle Management [Product ID 4434]

·    Berkeley DB [Product ID 2051]

·    Commerce Platform [Product ID 9348]

·    Commerce Service Center [Product ID 9351]

·    Communications Application Session Controller [Product ID 10769]

·    Communications Converged Application Server [Product ID 5382]

·    Communications Convergent Charging Controller [Product ID 12985]

·    Communications EAGLE FTP Table Base Retrieval [Product ID 11116]

·    Communications Interactive Session Recorder [Product ID 10765]

·    Communications Session Report Manager [Product ID 10770]

·    Communications Session Route Manager [Product ID 10771]

·    Communications WebRTC Session Controller [Product ID 10811]

·    CRF Submit Requestor [Product ID 9641]

·    Currency Transaction Reporting [Product ID 9784]

·    Database Gateway for APPC [Product ID 774]

·    Demantra Demand Management [Product ID 2100]

·    Financial Services Behavior Detection Platform [Product ID 9190]

·    Financial Services Economic Capital Advanced [Product ID 9475]

·    Financial Services Foreign Account Tax Compliance Act Management [Product ID 10308]

·    Financial Services Lending and Leasing [Product ID 10484]

·    Financial Services Model Risk Management [Product ID 10227]

·    Financial Services Operational Risk [Product ID 9112]

·    Financial Services Personal Trading Approval [Product ID 10647]

·    Financial Services Regulatory Reporting [Product ID 9142]

·    Financial Services Revenue Management and Billing [Product ID 5322]

·    FLEXCUBE Core Banking [Product ID 9101]

·    FLEXCUBE Direct Banking [Product ID 9111]

·    FLEXCUBE Investor Servicing [Product ID 9099]

·    Functional Testing Advanced Pack for Oracle Utilities [Product ID 11163]

·    Health Insurance Claims Pricing [Product ID 10295]

·    Health Insurance Data Management [Product ID 10643]

·    Health Sciences Data Management Workbench [Product ID 9581]

·    Health Sciences Empirica Signal [Product ID 9646]

·    Health Sciences Empirica Study [Product ID 9647]

·    Health Sciences Information Manager [Product ID 9177]

·    Healthcare Analytics Data Integration [Product ID 9314]

·    Healthcare Data Repository [Product ID 9161]

·    Healthcare Data Warehouse Foundation [Product ID 8116]

·    Healthcare Foundation [Product ID 12950]

·    Instantis EnterpriseTrack [Product ID 10563]

·    Insurance Calculation Engine [Product ID 10837]

·    Insurance Insbridge Rating and Underwriting [Product ID 5484]

·    Insurance Policy Administration J2EE [Product ID 5279]

·    Insurance Rules Palette [Product ID 5288]

·    Management Cloud Engine [Product ID 14252]

·    MySQL Enterprise Monitor [Product ID 8480]

·    Oracle Agile Engineering Collaboration [Product ID 4439]

·    Oracle Agile PLM MCAD Connector [Product ID 4440]

·    Oracle Agile Product Lifecycle Management Integration Pack for SAP: Design to Release [Product ID 5460]

·    Oracle Audit Vault and Database Firewall [Product ID 9749]

·    Oracle Banking Cash Management [Product ID 14195]

·    Oracle Banking Corporate Lending [Product ID 12989]

·    Oracle Banking Corporate Lending Process Management [Product ID 13701]

·    Oracle Banking Credit Facilities Process Management [Product ID 13703]

·    Oracle Banking Deposits and Lines of Credit Servicing [Product ID 13928]

·    Oracle Banking Enterprise Collections [Product ID 13390]

·    Oracle Banking Extensibility Workbench [Product ID 14124]

·    Oracle Banking Liquidity Management [Product ID 13304]

·    Oracle Banking Loans Servicing [Product ID 13927]

·    Oracle Banking Party Management [Product ID 13929]

·    Oracle Banking Platform [Product ID 9178]

·    Oracle Banking Supply Chain Finance [Product ID 13872]

·    Oracle Banking Trade Finance Process Management [Product ID 13718]

·    Oracle Banking Treasury Management [Product ID 14133]

·    Oracle Banking Virtual Account Management [Product ID 13487]

·    Oracle Big Data Spatial and Graph [Product ID 11528]

·    Oracle Blockchain Cloud Service [Product ID 13444]

·    Oracle Coherence [Product ID 2545]

·    Oracle Commerce Guided Search/Oracle Commerce Experience Mgr [Product ID 9633]

·    Oracle Communications Diameter Signaling Router [Product ID 10899]

·    Oracle Communications EAGLE Element Management System [Product ID 11125]

·    Oracle Communications Service Broker [Product ID 8565]

·    Oracle Communications Services Gatekeeper [Product ID 5381]

·    Oracle Communications Session Element Manager [Product ID 11052]

·    Oracle Communications User Data Repository [Product ID 11108]

·    Oracle Database [Product ID 5]

·    Oracle Database Global Service Manager [Product ID 5]

·    Oracle Fabric Manager [Product ID 10477]

·    Oracle Fail Safe [Product ID 843]

·    Oracle Financial Services Analytical Applications Infrastructure [Product ID 5680]

·    Oracle Financial Services Anti Money Laundering Event Scoring [Product ID 13609]

·    Oracle Financial Services Asset Liability Management [Product ID 5662]

·    Oracle Financial Services Balance Computation Engine [Product ID 14246]

·    Oracle Financial Services Balance Sheet Planning [Product ID 5663]

·    Oracle Financial Services Crime and Compliance Management Studio [Product ID 13595]

·    Oracle Financial Services Data Integration Hub [Product ID 11289]

·    Oracle Financial Services Enterprise Case Management [Product ID 13545]

·    Oracle Financial Services Loan Loss Forecasting and Provisioning [Product ID 9474]

·    Oracle Financial Services Market Risk Measurement and Management [Product ID 13111]

·    Oracle Financial Services Model Management and Governance [Product ID 14276]

·    Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition [Product ID 13789]

·    Oracle FLEXCUBE Private Banking [Product ID 9110]

·    Oracle Health Insurance Analytics [Product ID 9656]

·    Oracle Health Sciences Clinical Development Analytics [Product ID 5563]

·    Oracle Healthcare Translational Research [Product ID 9427]

·    Oracle Insurance Accounting Analyzer [Product ID 13809]

·    Oracle Insurance Allocation Manager for Enterprise Profitability [Product ID 13946]

·    Oracle Insurance Data Gateway [Product ID 13628]

·    Oracle Insurance Policy Administration Operational Data Store for Life and Annuity [Product ID 13339]

·    Oracle Key Vault [Product ID 10221]

·    Oracle NoSQL Database [Product ID 13373]

·    Oracle Policy Automation Connector for Siebel [Product ID 5627]

·    Oracle Real-Time Scheduler [Product ID 2238]

·    Oracle Retail Advanced Inventory Planning [Product ID 1785]

·    Oracle Retail Allocation [Product ID 1786]

·    Oracle Retail Assortment Planning [Product ID 1788]

·    Oracle Retail Back Office [Product ID 2013]

·    Oracle Retail Bulk Data Integration [Product ID 12968]

·    Oracle Retail Central Office [Product ID 2016]

·    Oracle Retail Customer Management and Segmentation Foundation [Product ID 13388]

·    Oracle Retail Data Extractor for Merchandising [Product ID 12936]

·    Oracle Retail Data Model [Product ID 2538]

·    Oracle Retail EFTLink [Product ID 11516]

·    Oracle Retail Extract Tranform and Load [Product ID 1803]

·    Oracle Retail Financial Integration [Product ID 10722]

·    Oracle Retail Fiscal Management [Product ID 9038]

·    Oracle Retail Insights [Product ID 10263]

·    Oracle Retail Integration Bus [Product ID 1807]

·    Oracle Retail Invoice Matching [Product ID 1810]

·    Oracle Retail Merchandising System [Product ID 1816]

·    Oracle Retail Order Management System Cloud Service [Product ID 11519]

·    Oracle Retail Predictive Application Server [Product ID 1823]

·    Oracle Retail Price Management [Product ID 1824]

·    Oracle Retail Returns Management [Product ID 2020]

·    Oracle Retail Service Backbone [Product ID 10867]

·    Oracle Retail Store Inventory Management [Product ID 1838]

·    Oracle Retail Xstore Point of Service [Product ID 11513]

·    Oracle StorageTek Tape Analytics [Product ID 10085]

·    Oracle TimesTen In-Memory Database [Product ID 1870]

·    Oracle Utilities Application Framework [Product ID 2245]

·    Oracle Utilities Asset Management Base [Product ID 9574]

·    Oracle Utilities Customer to Meter [Product ID 13345]

·    Oracle Utilities Smart Grid Gateway Adapter for Echelon [Product ID 9129]

·    Oracle Utilities Smart Grid Gateway Adapter for Landis Gyr [Product ID 9130]

·    Oracle Utilities Smart Grid Gateway MV90 Adapter for Itron [Product ID 9128]

·    Oracle Utilities Testing Accelerator [Product ID 13784]

·    Primavera Analytics [Product ID 8577]

·    Primavera Gateway [Product ID 10605]

·    Primavera P6 Enterprise Project Portfolio Management [Product ID 5579]

·    Primavera P6 Professional Project Management [Product ID 5580]

·    Primavera Unifier [Product ID 10354]

·    Product Lifecycle Analytics [Product ID 9387]

·    Rapid Planning [Product ID 5235]

·    Retail Analytics [Product ID 9346]

·    Secure Global Desktop [Product ID 8539]

·    Siebel Core – Services Security [Product ID 9001]

·    Siebel Industry – Travel & Transportation [Product ID 9164]

·    Siebel UI Framework [Product ID 9011]

·    SQL Developer [Product ID 1875]

·    Sun StorageTek Tape Library ACSLS [Product ID 10088]

·    Tekelec Platform [Product ID 11269]

·    Universal Installer [Product ID 662]

·    Utilities Meter Data Management [Product ID 4101]

·    Utilities Mobile Workforce Management [Product ID 2239]

·    Utilities Network Management System [Product ID 2241]

·    Utilities Smart Grid Gateway [Product ID 9127]

·    Utilities Smart Grid Gateway Adapter Development Kit [Product ID 10356]

·    Utilities Smart Grid Gateway Adapter for Itron OpenWay [Product ID 10211]

·    Utilities Smart Grid Gateway Adapter for Sensus RNI [Product ID 9563]

·    Utilities Smart Grid Gateway Adapter for Silver Spring Networks [Product ID 9560]

·    Zero Data Loss Recovery Appliance [Product ID 11342]

Share me

Oracle Security Alert for CVE-2021-44228: Part Four

  • Date: Dec 16, 2021
  • Article by: Mike Turner
Read More

Oracle Security Alert for CVE-2021-44228: Part Three

  • Date: Dec 15, 2021
  • Article by: Jeff Henkel
Read More

Leave a Reply

Your email address will not be published. Required fields are marked *