My Oracle Support Banner

CVE-2021-4104 - JMSAppender In Log4j 1.2 Is Vulnerable (Doc ID 2831650.1)

Last updated on JANUARY 08, 2022

Applies to:

Oracle Financial Services Behavior Detection Platform - Version 6.2.4 and later
Information in this document applies to any platform.

Goal

Version FCCM 6.2.4

Problem Summary
---------------------------------------------------
CVE-2021-4104 - JMSAppender in Log4j 1.2 is vulnerable

Regarding the main issue in log4j, and you confirmed our FCCM version is not affected as we are using an old version of log4j.jar, there is another CVE issue, CVE-2021-4104, that afects to log4j from 1.2.x versions including JMSAppender class.

Can you also confirm our version is not affected with this CVE?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.