My Oracle Support Banner

Log4j Vulnerabilities - Vulnerable Versions Found In FCCM Folders - Along With Latest Log4j Version (Doc ID 2921829.1)

Last updated on JUNE 27, 2023

Applies to:

Oracle Financial Services Know Your Customer - Version 8.0.0 and later
Information in this document applies to any platform.


Client see two versions of log4j files in a folder. log4j-core-2.13.3.jar and log4j-core-2.17.1.jar both exist in the folder. They know that log4j-core-2.13.3.jar is vulnerable and 2.17 replaced it. Yet, the older version file is still existing in the folder  and would like to remove the 2.13 version file.

Query: Can it be straight away delete this file from the folder? Are there any specific steps to follow while removing log4j-core-2.17.1.jar files.

Folder: /app/fccm/ofsaa/realtime_processing/WebContent/WEB-INF/lib

Vulnerability path (Production)

/app/fccm/fsdf/realtime_processing/WebContent/WEB-INF/lib/log4j-core-2.13.3.jar - AAI/fsdf/KYC
/app/fccm/ofsaa/realtime_processing/WebContent/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
/opt/tomcat/instances/FCCM_0000/webapps/RAOR/WEB-INF/lib/log4j-core-2.13.3.jar - KYC

Vulnerability path (PAT)
/app/fccm/fsdf/realtime_processing/WebContent/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
/opt/tomcat/instances/FCCM_0000/webapps/RAOR/WEB-INF/lib/log4j-core-2.13.3.jar - KYC

Vulnerability path (DEV)
/app/fccm/ofsaa/realtime_processing/WebContent/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
/opt/tomcat/instances/FCCM_0000/RAOR/WEB-INF/lib/log4j-core-2.13.3.jar - KYC
opt/tomcat/instances/FCCM_0000/webapps/RAOR/WEB-INF/lib/log4j-core-2.13.3.jar - KYC



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.