Log4j vulnerability impact for the Oracle Forms/Reports/SQL Developer/ORDS/Data Modeler/SQLcl products

Log4j vulnerability impact for the Oracle Forms/Reports/SQL Developer/ORDS/Data Modeler/SQLcl products

Thank you to Dan Andronache for providing this information!

Please find below how/if the Log4j vulnerability impacts the above mentioned products:

• Oracle Forms/Reports - these products are not affected. However, these products are applications deployed into Weblogic. As such, products from the Middleware stack that Forms/Reports come with are affected (for example, Weblogic, Oracle HTTP Server). For information on the steps that need to be implemented to mitigate this please check Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle WebLogic Server and Fusion Middleware (Doc ID 2827793.1)

• Oracle REST Data Services (ORDS)/SQLcl - these products do not use log4j and, as such, are not affected.

• Oracle SQL Developer/Data Modeler - upgrade to the latest version as soon as possible. You can download SQL Developer 21.4.2.x or higher (when available) from here. This contains Log4jReleaseVersion: 2.17.1.

For full information please check Security Alert CVE-2021-45046 CVE-2021-44228 CVE-2021-44832 CVE-2021-45105 Patch Availability Document for SQL Developer and SQL Developer Data Modeler (Doc ID 2828123.1)