Attention: To align with new corporate security policies, and to match policies adopted by other communities within Oracle, the My Oracle Support Community access requirements will change beginning September 18, 2025. MOSC will now require that member accounts in our community be associated to a *corporate* email address. This means that users with generic domains (such as gmail.com, yahoo.com, and others) will no longer be granted access to the discussion forums and ideas labs. If this policy affects you, act now to change the email address that is associated with your Oracle (and community) account. Alternatively, you can opt to create a new Oracle account that uses your corporate email domain.

Enterprise Manager Generic (MOSC)

Apache Log4j 1.2 JMSAppender OEM 13.5 agents

Nov 18, 2022 9:04AM in Enterprise Manager Generic (MOSC) 1 commentAnswered

Our tenable nessus vulnerability scanner found the following:

Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104) (156103)

affected files of the oem agent 13.5 are:

agent_13.5.0.0.0/ocm/jlib/jlib/log4j-core.jar
agent_13.5.0.0.0/sysman/jlib/log4j-core.jar

we have applied the latest agent patch 13.5.0.10 (34611817)

is there anything else to update/remove these files?

0

Howdy, Stranger!

To view full details, sign in to My Oracle Support Community.

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month