Is Messaging Server 7.x vulnerable to Log4Shell - CVE-2021-44228 ?
(Doc ID 2828526.1)
Last updated on MARCH 16, 2023
Applies to:
Oracle Communications Messaging Server - Version 7.0.0 to 7.0.5 [Release 7.0.0]Information in this document applies to any platform.
Goal
Is Messaging Server 7.x vulnerable to CVE-2021-44228 which deals with the Log4Shell? And if so, what can be done to mitigate it?
The "Apache Log4j Security Alert CVE-2021-44228 Products and Versions (Doc ID 2827611.1)" KM document points to the following additional KM document:
Oracle Communications Instant Messaging Server, Oracle Communications Messaging Server, Oracle Communications Convergence - Security Alert and Mitigation For Apache Log4j CVE-2021-44228 (Doc ID 2827846.1)
The above KM document indicates the JVM flag mitigation for the Messaging Server 8 and Convergence 3. Our team is running Messaging Server 7. Is the same mitigation applicable?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |