Some users have raised concerns about the recently reported vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library.
Please see Bentley's security update here: https://communities.bentley.com/products/w/products__wiki/57356/bentley-security-update-december-2021
Our Managed Service users should not be affected - the servers have been checked and are safe.
For on-premise users, to find out if you would be affected, check the following:
CVE-2021-44228 Apache Log4j — oracle-mosc
Exor 4700 and 4800 systems should be unaffected as Oracle 11g uses a lower release.
For Exor 4900 there is a mitigation for Fusion 12.2.1.4. Please follow the instructions given in Security Alert CVE-2021-44228 Patch Availability Document for Oracle Fusion Middleware (Doc ID 2827793.1).
There is more information about the security alert in the following links:
Security Alert CVE-2021-44228 blogOracle Security Alert Advisory - CVE-2021-44228NOTE:1074055.1 - Security Vulnerability FAQ for Oracle Database and Fusion Middleware Products NOTE:2827611.1 - Apache Log4j Security Alert CVE-2021-44228 Products and Versions