Primavera CVE-2021-44228 and CVE-2021-45046 Apache Log4j Security Alert


Apache Log4j is most common logging library being used by applications written in Java. CVE-2021-44228 vulnerability is classified as severe and allows unauthenticated remote code execution access to the applications which are using this library.Oracle has released security alert advisory for this and listed out impacted application in its document 2827611.1

As per Oracle document following Primavera products are impacted
Primavera Gateway
version 17.12.0.0 – 17.12.11.0
version 18.8.0.0 – 18.8.13.0
version 19.12.0.0 – 19.12.12.0
version 20.12.0.0 – 20.12.7.1
Primavera P6 Enterprise Project Portfolio Management
version 19.12 – 19.12.17.0
version 20.12 – 20.12.9.0
Primavera P6 Professional Project Management
version 19.12 – 19.12.17.0
version 20.12 – 20.12.9.0
Primavera Unifier
version 18.8.0.0 – 18.8.18.0
version 19.12.0.0 – 19.12.16.0
version 20.12.0.0 – 20.12.11.0
Primavera Analytics
version 18.8.0.0 – 18.8.13.0
version 19.12.0.0 – 19.12.12.0
version 20.12.0.0 – 20.12.9.0

If you are using any of above version please ensure to follow Oracle documents and apply the workaround and as soon as patch set is available apply that to secure your applications.

Fail to initialize server_lock error

I have seen some cases where users face following error while starting Unifier application.

Connecting to Unifier database…
Server Version: 16.1.0.0 b-02282016-09
Fail to initialize server_lock.
Fail to initialize server_lock.
Exception in thread “Unifier Startup” java.lang.RuntimeException: java.lang.Exception: Fail to initialize server_lock.

Unifier_error

This error comes because of insufficient privileges granted to Unifier Database user. In order to resolve this, perform following steps:

  • Connect to your Unifier database with SYS user
  • Run following scripts and replace unifier with your Unifier database username

grant connect, resource, create table, create view to unifier ;
commit;
grant unlimited tablespace to unifier;
commit;

  • Restart your weblogic where Unifier is deployed.