Oracle Documaker Folder On WebLogic Server Security Vulnerability
(Doc ID 2981417.1)
Last updated on OCTOBER 17, 2023
Applies to:Oracle Documaker - Version 12.6.4 and later
Information in this document applies to any platform.
On : 12.6.4 version, Documaker Studio
WebLogic servers are patched up to the July 2023 Critical Patch Update (CPU), however security scans are still indicating the servers are running a version of Apache Log4j that is no longer supported.
It indicates that Log4j is in use, which has been out of support since October 2015. This is the jar file being flagged:
C:\Oracle\Middleware\user_projects\domains\idocumaker_domain\servers\dmkr_server\tmp_WL_user\DWSAL1\2j42aa\war\WEB-INF\lib\log4j-1.2.17-16.jar Installed version
Since this path is added during the Oracle Documaker installation, is the jar file still needed and can it be removed?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document