CVE-2021-4104 - JMSAppender In Log4j 1.2 Is Vulnerable
(Doc ID 2831650.1)
Last updated on JUNE 06, 2024
Applies to:
Oracle Financial Services Behavior Detection Platform - Version 6.2.4 and laterInformation in this document applies to any platform.
Goal
Version FCCM 6.2.4
Problem Summary
---------------------------------------------------
CVE-2021-4104 - JMSAppender in Log4j 1.2 is vulnerable
Regarding the main issue in log4j, and you confirmed our FCCM version is not affected as we are using an old version of log4j.jar, there is another CVE issue, CVE-2021-4104, that afects to log4j from 1.2.x versions including JMSAppender class.
Can you also confirm our version is not affected with this CVE?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |