-
Oracle 12c and Log4j Vulnerability
Oracle Database 12c (12.1) and Log4j
After updated definitions we are receiving notifications about the Log4j vulnerabilities with our Oracle 12c deployments.
This vulnerable log4j jar file is installed in all the Oracle Home dirs, e.g.:
$ORACLE_HOME/md/jlib/log4j-core-2.9.1.jar
Can this jar file be upgraded/updated as a standalone and if so does anyone have the process they can share please?
If not, how would one mitigate the vulnerability CVE-2021-44228 in Oracle 12c RDBMS?
Thank you.
-
Can't one just delete the .jar files? Aren't they just install files or something?
Originally Posted by reepcore
Oracle Database 12c (12.1) and Log4j
After updated definitions we are receiving notifications about the Log4j vulnerabilities with our Oracle 12c deployments.
This vulnerable log4j jar file is installed in all the Oracle Home dirs, e.g.:
$ORACLE_HOME/md/jlib/log4j-core-2.9.1.jar
Can this jar file be upgraded/updated as a standalone and if so does anyone have the process they can share please?
If not, how would one mitigate the vulnerability CVE-2021-44228 in Oracle 12c RDBMS?
Thank you.
-
You have to get a patch from Oracle. It seems to impact OEM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|