Update: Release of interim patch by Oracle for temporary workaround of Log4j vulnerability
An interim patch has been released by Oracle. This patch should work for all affected P6 EPPM versions as of 19.12. and can be used on PPM installations if required.
The statement from Oracle about the release of the interim patch can be found here.
This issue has been resolved within the following interim patch:
Please refer to the README documentation for steps to apply the interim patch.
The single patch is applicable to all affected releases. The patch can also be applied to the P6 PPM (Integration API) component).
This patch was remediated on 15Dec21 to address both CVE-2021-44228 and CVE-2021-45046.
• If you downloaded/applied the patch prior to 15Dec21, you will have to re-download and apply the new patch.
• If you applied a previously documented JVM parameter workaround, you will have to download and apply the patch to mitigate.
Update: Tools, interfaces and environments of proadvise GmbH
proimporter: We are working hard to implement the interim patch for the proimporter on-premise together with the P6 version 19.12 to 20.12.
excelP6ConfigTool: We are working at full speed to implement the interim patch for excelP6ConfigTool.
SaaS environment: the measures published by Oracle to fix the problem will be implemented on the pa SaaS environment in a timely manner. An update after successful implementation will be provided under News & Blog.
P6 customer interfaces and add-ons: customers with API and web service interfaces please contact our support for individual analysis.
In case of need or open questions, please feel free to contact us.
Note: For an overview of possible affected vendors, click here: