Most people who weren’t aware of the Log4j Java platform will now be very aware of its existence. Earlier last month (December 2021), Apache disclosed the Log4j vulnerability. The Department of Homeland Security at the time called it the “worst vulnerability yet”.
Log4j is an open-source Apache logging service that was created to provide logging capability of application behaviour. The logging platform is used extensively in websites, applications, software all across the world.
Versions 2.15 and below of Apache Log4j were open to unauthenticated remote code execution. A number of vulnerabilities were reported earlier this month and fixes have been made readily available in record time. Shortly afterwards, Apache released an updated version, 2.16 which fixed an additional vulnerability relating to denial of service. Version 2.1.7 was released shortly afterwards to fix a newly discovered security vulnerability - an untrusted deserialisation flaw.
A number of Oracle products have been impacted by the Log4j vulnerabilities as they make use of the Log4J platform for logging. Oracle has put together a number of documents that lists affected products as well as information about the available patches or steps necessary to fix the Log4j vulnerabilities.
Oracle Analytics Server, Oracle Business Intelligence Enterprise Edition, Oracle Business Intelligence Applications, Remote Data Gateway and Oracle Analytics Cloud – Classic Edition are some of the Analytics products that have been listed as Oracle products with impacted underlying or bundled components.
Here to help
These vulnerabilities need to be urgently addressed in order to ensure that your information systems are kept safe and secure. It may also be worth considering upgrading to newer versions of the Oracle products if you’re running versions that are close to the end of Premier Support.
Qubix will be happy to assist you in this endeavour. Get in touch if this is something that you’re considering.