Notice for Apache log4j security alert cve-2021-44228

This Security Alert addresses CVE-2021-44228, a remote code execution vulnerability in Apache Log4j. It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

NOTE: PenLink’s PLX system is not affected, however a support utility that is included is vulnerable.  The risk itself is minimal, but we recommend downloading a patch. See below for additional details including instructions on how to complete the patch.

• The PLX System, including the Oracle Database product, is not affected by this exploit.
• There are no Apache Webservers associated with PLX.
• Though this has not affected any of our PenLink products, Oracle has identified a vulnerability with the SQL Developer utility.  Some PenLink employees utilize SQL Developer as a means of accessing the Oracle database for troubleshooting purposes.  A patch for this vulnerability has now been made available.  As a precaution, we recommend installing this patch on the PLX Database Server.
• Patch Download Link: https://www.dropbox.com/s/79yjvgz7nxcfczr/SQLDeveloperPatchTool.zip?dl=1

Download instructions on how to patch.

Have further questions? Please contact [email protected] or call the support line 402.421.9132.