Primavera CVE-2021-44228 and CVE-2021-45046 Apache Log4j Security Alert


Apache Log4j is most common logging library being used by applications written in Java. CVE-2021-44228 vulnerability is classified as severe and allows unauthenticated remote code execution access to the applications which are using this library.Oracle has released security alert advisory for this and listed out impacted application in its document 2827611.1

As per Oracle document following Primavera products are impacted
Primavera Gateway
version 17.12.0.0 – 17.12.11.0
version 18.8.0.0 – 18.8.13.0
version 19.12.0.0 – 19.12.12.0
version 20.12.0.0 – 20.12.7.1
Primavera P6 Enterprise Project Portfolio Management
version 19.12 – 19.12.17.0
version 20.12 – 20.12.9.0
Primavera P6 Professional Project Management
version 19.12 – 19.12.17.0
version 20.12 – 20.12.9.0
Primavera Unifier
version 18.8.0.0 – 18.8.18.0
version 19.12.0.0 – 19.12.16.0
version 20.12.0.0 – 20.12.11.0
Primavera Analytics
version 18.8.0.0 – 18.8.13.0
version 19.12.0.0 – 19.12.12.0
version 20.12.0.0 – 20.12.9.0

If you are using any of above version please ensure to follow Oracle documents and apply the workaround and as soon as patch set is available apply that to secure your applications.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.