My Oracle Support Banner

Log4j Vulnerabilities On OFSAA 8111 & OFSAA 80950 Versions. (Doc ID 2869476.1)

Last updated on AUGUST 27, 2024

Applies to:

Oracle Financial Services Analytical Applications Infrastructure - Version 8.1.1.1 and later
Information in this document applies to any platform.

Symptoms

We have multiple log4j vulnerabilities on OFSAA 8111&OFSAA 80950 versions, as per security/ISO team log4j have highest vulnerability rating and need to remediate on priority immediately.

on 81110 below files reporting log4j vulnerabilities.
/apps/ofsaa/utility/Migration/migration_Run/automate_ofsaa_migration_lib/log4j-1.2.9.jar Installed version : 1.2.9 Fixed version : 2.16.0 Path
/apps/ofsaa/utility/copy_Migration/lib/log4j-1.2.13.jar Installed version : 1.2.13 Fixed version : 2.16.0 Path
/apps/ofsaa/FTPWebService/ROOT/WEB-INF/lib/log4j-1.2.17.jar Installed version : 1.2.17 Fixed version : 2.16.0
/apps/ofsaa/FTPWebService/ROOT/WEB-INF/lib/log4j-1.2.13.jar Installed version : 1.2.13 Fixed version : 2.16.0 Path
/apps/ofsaa/FTPWebService/ROOT/WEB-INF/lib/log4j-1.2.8.jar Installed version : 1.2.8 Fixed version : 2.16.0
/apps/ofsaa/ficweb/webroot/WEB-INF/lib/log4j-1.2.17.redhat-3.jar Installed version : 1.2.17 Fixed version : 2.16.0
/apps/ofsaa/ficapp/common/FICServer/lib/log4j-1.2.17.redhat-3.jar Installed version : 1.2.17 Fixed version : 2.16.0
/apps/ofsaa/ficdb/lib/log4j-1.2.17.redhat-3.jar Installed version : 1.2.17 Fixed version : 2.16.0
/apps/ofsaa/ofsaa_migration/ofsaaTest_lib/log4j-1.2.9.jar Installed version : 1.2.9 Fixed version : 2.16.0
/apps/ofsaa/utility/Migration/migration_Run/automate_ofsaa_migration.jar Installed version : 2.5 Fixed version : 2.12.3 / 2.17.0
/apps/ofsaa/FTPWebService/ROOT/WEB-INF/lib/log4j-core-2.10.0.jar Installed version : 2.10.0 Fixed version : 2.12.3 / 2.17.0
/apps/ofsaa/FTPWebService/ROOT/WEB-INF/lib/log4j-core-2.8.2.jar Installed version : 2.8.2 Fixed version : 2.12.3 / 2.17.0 Path :
/apps/ofsaa/utility/Migration/migration_Run/automate_ofsaa_migration.jar Installed version : 2.5 Fixed version : 2.12.4
/apps/ofsaa/EXEWebService/weblogic/EXEWebService.war Installed version : 1.2.13
/apps/ofsaa/ficdb/lib/log4j-1.2.17.red

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.