Log4j Vulnerabilities - Vulnerable Versions Found In FCCM Folders - Along With Latest Log4j Version
(Doc ID 2921829.1)
Last updated on JUNE 27, 2023
Applies to:
Oracle Financial Services Know Your Customer - Version 8.0.0 and laterInformation in this document applies to any platform.
Goal
Client see two versions of log4j files in a folder. log4j-core-2.13.3.jar and log4j-core-2.17.1.jar both exist in the folder. They know that log4j-core-2.13.3.jar is vulnerable and 2.17 replaced it. Yet, the older version file is still existing in the folder and would like to remove the 2.13 version file.
Query: Can it be straight away delete this file from the folder? Are there any specific steps to follow while removing log4j-core-2.17.1.jar files.
Folder: /app/fccm/ofsaa/realtime_processing/WebContent/WEB-INF/lib
Vulnerability path (Production)
-----------------------------------------------
/app/fccm/fsdf/realtime_processing/WebContent/WEB-INF/lib/log4j-core-2.13.3.jar - AAI/fsdf/KYC
/app/fccm/ofsaa/realtime_processing/WebContent/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
/opt/tomcat/instances/FCCM_0000/webapps/RAOR/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
Vulnerability path (PAT)
-------------------------------------------
/app/fccm/fsdf/realtime_processing/WebContent/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
/opt/tomcat/instances/FCCM_0000/webapps/RAOR/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
Vulnerability path (DEV)
----------------------------------------
/app/fccm/ofsaa/realtime_processing/WebContent/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
/opt/tomcat/instances/FCCM_0000/RAOR/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
opt/tomcat/instances/FCCM_0000/webapps/RAOR/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |