Enterprise Manager Generic (MOSC)

MOSC Banner

CVE-2021-44228 and OEM 13.5

in Enterprise Manager Generic (MOSC) 5 commentsAnswered

Hi,


I did install OEM CC 13.5 and our security monitor is reporting cve-2021-4428 on this file:

$OEM_HOME/gc_inst/user_projects/domains/GCDomain/servers/EMGC_OMS1/tmp/_WL_user/emdb/1danf1/database/jet/emsaasui/emcdbms-ui/ear/APP-INF/lib/log4j-core-2.8.2.jar

It seems to me this a deploy of the emdb.war file bij OEM:

unzip -l ./Middleware/plugins/oracle.sysman.db.oms.plugin_13.5.1.0.0/archives/emdb.war|grep emsaasui |grep log4j

   9753 05-04-2020 10:18  database/jet/emsaasui/emcdbms-ui/ear/APP-INF/lib/slf4j-log4j12-1.6.1.jar

   8486 05-04-2020 10:23  database/jet/emsaasui/emcdbms-ui/ear/APP-INF/lib/log4j2.xml

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center