Log4j Vulnerability Even After Remediation Patch
(Doc ID 2878017.1)
Last updated on JUNE 10, 2024
Applies to:
Oracle Financial Services Behavior Detection Platform - Version 8.1.1 and laterInformation in this document applies to any platform.
Goal
Client has upgraded to v8.1.1.2 recently and also applied log4j remediation patch 33663417 on top. However one of the FIC_HOME files is flagged for vulnerability by infra team. Below is the file detail.
PATH VERSION JNDI_CLASS_STATUS BASE_DIR
/cs/mantas/fccm801/ficapp/common/FICServer/lib/log4j-core-2.13.3.jar 2.13.3 JNDI CLASS FOUND /cs/mantas/fccm801
Vulnerability codes CVE-2021-44228 and CVE-2021-45046
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |