A client’s ExaCC platform installed with Autonomous Health Framework (AHF ) 188.8.131.52.0, which uses /opt/oracle.ahf/common/jlib/log4j-core-2.13.3.jar.
So to address vulnerability CVE-2021-45105/CVE-2021-44228/CVE-2021-45046. AHF should be upgraded to 21.4 or later versions.
To download the latest AHF here Autonomous Health Framework (AHF) – Including TFA and ORAchk/EXAchk (Doc ID 2550798.1)
This version 21.4 of AHF uses Log4J 2.17, fixing the following Log4J CVEs: