Log4j Vulnerabilities On OFSAA 8111 & OFSAA 80950 Versions.
(Doc ID 2869476.1)
Last updated on AUGUST 27, 2024
Applies to:
Oracle Financial Services Analytical Applications Infrastructure - Version 8.1.1.1 and laterInformation in this document applies to any platform.
Symptoms
We have multiple log4j vulnerabilities on OFSAA 8111&OFSAA 80950 versions, as per security/ISO team log4j have highest vulnerability rating and need to remediate on priority immediately.
on 81110 below files reporting log4j vulnerabilities.
/apps/ofsaa/utility/Migration/migration_Run/automate_ofsaa_migration_lib/log4j-1.2.9.jar Installed version : 1.2.9 Fixed version : 2.16.0 Path
/apps/ofsaa/utility/copy_Migration/lib/log4j-1.2.13.jar Installed version : 1.2.13 Fixed version : 2.16.0 Path
/apps/ofsaa/FTPWebService/ROOT/WEB-INF/lib/log4j-1.2.17.jar Installed version : 1.2.17 Fixed version : 2.16.0
/apps/ofsaa/FTPWebService/ROOT/WEB-INF/lib/log4j-1.2.13.jar Installed version : 1.2.13 Fixed version : 2.16.0 Path
/apps/ofsaa/FTPWebService/ROOT/WEB-INF/lib/log4j-1.2.8.jar Installed version : 1.2.8 Fixed version : 2.16.0
/apps/ofsaa/ficweb/webroot/WEB-INF/lib/log4j-1.2.17.redhat-3.jar Installed version : 1.2.17 Fixed version : 2.16.0
/apps/ofsaa/ficapp/common/FICServer/lib/log4j-1.2.17.redhat-3.jar Installed version : 1.2.17 Fixed version : 2.16.0
/apps/ofsaa/ficdb/lib/log4j-1.2.17.redhat-3.jar Installed version : 1.2.17 Fixed version : 2.16.0
/apps/ofsaa/ofsaa_migration/ofsaaTest_lib/log4j-1.2.9.jar Installed version : 1.2.9 Fixed version : 2.16.0
/apps/ofsaa/utility/Migration/migration_Run/automate_ofsaa_migration.jar Installed version : 2.5 Fixed version : 2.12.3 / 2.17.0
/apps/ofsaa/FTPWebService/ROOT/WEB-INF/lib/log4j-core-2.10.0.jar Installed version : 2.10.0 Fixed version : 2.12.3 / 2.17.0
/apps/ofsaa/FTPWebService/ROOT/WEB-INF/lib/log4j-core-2.8.2.jar Installed version : 2.8.2 Fixed version : 2.12.3 / 2.17.0 Path :
/apps/ofsaa/utility/Migration/migration_Run/automate_ofsaa_migration.jar Installed version : 2.5 Fixed version : 2.12.4
/apps/ofsaa/EXEWebService/weblogic/EXEWebService.war Installed version : 1.2.13
/apps/ofsaa/ficdb/lib/log4j-1.2.17.red
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |