This Security Alert addresses CVE-2021-44228, a remote code execution vulnerability in Apache Log4j. It is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
NOTE: PenLink’s PLX system is not affected, however a support utility that is included is vulnerable. The risk itself is minimal, but we recommend downloading a patch. See below for additional details including instructions on how to complete the patch.
- The PLX System, including the Oracle Database product, is not affected by this exploit.
- There are no Apache Webservers associated with PLX.
- Though this has not affected any of our PenLink products, Oracle has identified a vulnerability with the SQL Developer utility. Some PenLink employees utilize SQL Developer as a means of accessing the Oracle database for troubleshooting purposes. A patch for this vulnerability has now been made available. As a precaution, we recommend installing this patch on the PLX Database Server.
- Patch Download Link: https://www.dropbox.com/s/79yjvgz7nxcfczr/SQLDeveloperPatchTool.zip?dl=1
Have further questions? Please contact email@example.com or call the support line 402.421.9132.