By Clemens Bleile

To address the log4j-vulnerability I recently had to fix the Oracle Enterprise Manager 13.4.-installation for a customer.

REMARK: Please check the following link for details concerning the log4j-vulnerability and how Oracle is affected:


and the following MOS Notes:

– Impact of December 2021 Apache Log4j Vulnerabilities on Oracle Products and Services (CVE-2021-44228, CVE-2021-45046) (Doc ID 2827611.1)
– Impact of December 2021 Apache Log4j Vulnerabilities on Oracle on-premises products (CVE-2021-44228, CVE-2021-45046) (Doc ID 2830143.1)
– Security Alert For CVE-2021-44228,CVE-2021-45046 & CVE-2021-45105 Patch Availability Document for Oracle Enterprise Manager Cloud Control (Doc ID 2828296.1)

REMARK: The link and the MOS Notes were correct at the time of writing the Blog. But this may have changed in the meantime.

According the latter MOS Note the following has to be patched on OEM 13.4.:

1. Patch WLS to OCT 2021: Patch 33412599

cd 33412599
emctl stop oms -all
opatch apply
emctl start oms

REMARK: Patch 33691226 ( is not applicable to EM Cloud Control 13c (13.4). See MOS Note “Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle WebLogic Server and Fusion Middleware (Doc ID 2827793.1)”.

2. Apply Patch 33672721 on OMS Middleware HOME (DB Plugin Home Patch)

cd 33672721
emctl stop oms
omspatcher apply
emctl start oms

During the patching of WLS with the OCT 2021 patch, the opatch utility did hang:

/home/oracle/cbleile/log4j_patch_for_OEM/33412599/ [oms13c] opatch apply
OPatch detects the Middleware Home as "/u01/app/oracle/middleware134"

Verifying environment and performing prerequisite checks...


ps -ef | grep opatch

I could see a hanging fuser-command. The reason for the hang was a stale NFS-mount, because the NFS-server was down. The same would have happened with the second patch and omspatcher. To be able to continue I could force the unmount of the stale NFS-mount with the command

umount -f -l /mnt/orarepo

The hanging opatch-command could be Ctrl-C’ed and the patching repeated. opatch went through then.

REMARK: To avoid the problem in the future it’s advised to soft-mount nfs as e.g. documented in this Blog.

The whole problem with opatch and fuser has also been documented here. In that Blog an alternative workaround has been provided by using a fake-fuser-command through the property_file option of opatch.

Finally everything could be patched successfully and I verified everything is OK with the Enterprise Manager 13.4.-installation:

/home/oracle/ [oms13c] opatch lspatches | grep 33412599
/home/oracle/ [oms13c] opatch lspatches | grep 33672721
33672721;Fix for bug 33672721