My Oracle Support Banner

Log4j Vulnerability Even After Remediation Patch (Doc ID 2878017.1)

Last updated on JUNE 27, 2022

Applies to:

Oracle Financial Services Behavior Detection Platform - Version 8.1.1 and later
Information in this document applies to any platform.

Goal

Client has upgraded to v8.1.1.2 recently and also applied log4j remediation patch 33663417 on top. However one of the FIC_HOME files is flagged for vulnerability by infra team. Below is the file detail.
PATH VERSION JNDI_CLASS_STATUS BASE_DIR
/cs/mantas/fccm801/ficapp/common/FICServer/lib/log4j-core-2.13.3.jar 2.13.3 JNDI CLASS FOUND /cs/mantas/fccm801

Vulnerability codes CVE-2021-44228 and CVE-2021-45046

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.