CVE-2021-44832 Still Found Under Agile Server Cache Folder After Applying Patch in Doc ID:2827700.1
(Doc ID 2863114.1)
Last updated on JANUARY 24, 2024
Applies to:
Oracle Agile PLM Framework - Version 9.3.6.0 and laterInformation in this document applies to any platform.
Symptoms
Actual Behavior
CVE-2021-44832 still found under Agile server cache folder after applying patch explained in Doc ID 2827700.1
Even after applying either of below patches explained in Doc ID 2827700.1, vulnerabilities are still detected in the Agile server cache path below:
- For Agile PLM 9.3.6 RUP 14 <Patch:33750442> (9.3.6.14.10)
- For Agile PLM 9.3.6 RUP 15 <Patch:33758192> (9.3.6.15.7)
- For Agile PLM 9.3.6 RUP 16 <Patch:33758193> (9.3.6.16.5)
- For Agile PLM 9.3.6 RUP 17 <Patch:33758195> (9.3.6.17.6)
- For Agile PLM 9.3.6 RUP 18 <Patch:33758196> (9.3.6.18.2)
%Agile_Home%/agileDomain/servers/{server_name}-Agile/tmp/_WL_user/AgilePLM/9phs2m/APP-INF/lib/log4j-core-2.17.0.jar
On every restart, this Agile server cache folder %Agile_Home%/agileDomain/servers/ contents are removed, but still been detected with older version.
Expected Behavior
CVE-2021-44832 not to be found in Agile installation
Steps
The issue can be reproduced at will with the following steps:
- Apply patch as explained in Doc ID 2827700.1
- Confirm patch installation completes successfully with "BUILD SUCCESSFUL" in install log: 9.3.6.xx.xx_Install.log
- Delete Agile server cache folder:
%Agile_Home%/agileDomain/servers/{server_name}-Agile - Restart Agile Application Server
- See log4j-core-2.17.0.jar which includes CVE-2021-44832 is found under
%Agile_Home%/agileDomain/servers/{server_name}-Agile/tmp/_WL_user/AgilePLM/xxxxxxx/APP-INF/lib/log4j-core-2.17.0.jar
Changes
<Patch:33699861> was applied in the Agile Application Server, and then applied the patches explained in Doc ID 2827700.1
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |