Log4j Vulnerability Even After Remediation Patch
(Doc ID 2878017.1)
Last updated on JUNE 27, 2022
Applies to:Oracle Financial Services Behavior Detection Platform - Version 8.1.1 and later
Information in this document applies to any platform.
Client has upgraded to v126.96.36.199 recently and also applied log4j remediation patch 33663417 on top. However one of the FIC_HOME files is flagged for vulnerability by infra team. Below is the file detail.
PATH VERSION JNDI_CLASS_STATUS BASE_DIR
/cs/mantas/fccm801/ficapp/common/FICServer/lib/log4j-core-2.13.3.jar 2.13.3 JNDI CLASS FOUND /cs/mantas/fccm801
Vulnerability codes CVE-2021-44228 and CVE-2021-45046
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document