Log4j Vulnerability Even After Remediation Patch (Doc ID 2878017.1)

Last updated on JUNE 10, 2024

Applies to:

Oracle Financial Services Behavior Detection Platform - Version 8.1.1 and later
Information in this document applies to any platform.

Goal

Client has upgraded to v8.1.1.2 recently and also applied log4j remediation patch 33663417 on top. However one of the FIC_HOME files is flagged for vulnerability by infra team. Below is the file detail.
PATH VERSION JNDI_CLASS_STATUS BASE_DIR
/cs/mantas/fccm801/ficapp/common/FICServer/lib/log4j-core-2.13.3.jar 2.13.3 JNDI CLASS FOUND /cs/mantas/fccm801

Vulnerability codes CVE-2021-44228 and CVE-2021-45046

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Log4j Vulnerability Even After Remediation Patch (Doc ID 2878017.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!