DBAsupport.com Forums - Powered by vBulletin
Results 1 to 3 of 3

Thread: Oracle 12c and Log4j Vulnerability

  1. #1
    Join Date
    Dec 2021
    Posts
    1

    Question Oracle 12c and Log4j Vulnerability

    Oracle Database 12c (12.1) and Log4j

    After updated definitions we are receiving notifications about the Log4j vulnerabilities with our Oracle 12c deployments.


    This vulnerable log4j jar file is installed in all the Oracle Home dirs, e.g.:

    $ORACLE_HOME/md/jlib/log4j-core-2.9.1.jar

    Can this jar file be upgraded/updated as a standalone and if so does anyone have the process they can share please?

    If not, how would one mitigate the vulnerability CVE-2021-44228 in Oracle 12c RDBMS?

    Thank you.

  2. #2
    Join Date
    Jan 2022
    Posts
    1
    Can't one just delete the .jar files? Aren't they just install files or something?


    Quote Originally Posted by reepcore View Post
    Oracle Database 12c (12.1) and Log4j

    After updated definitions we are receiving notifications about the Log4j vulnerabilities with our Oracle 12c deployments.


    This vulnerable log4j jar file is installed in all the Oracle Home dirs, e.g.:

    $ORACLE_HOME/md/jlib/log4j-core-2.9.1.jar

    Can this jar file be upgraded/updated as a standalone and if so does anyone have the process they can share please?

    If not, how would one mitigate the vulnerability CVE-2021-44228 in Oracle 12c RDBMS?

    Thank you.

  3. #3
    Join Date
    Dec 2002
    Posts
    74
    You have to get a patch from Oracle. It seems to impact OEM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width