Oracle SOA Suite (MOSC)

MOSC Banner

SOA_SPB_12.2.1.4.240112 has vulnerable log4j version that flagged by Nessus as vulnerability

in Oracle SOA Suite (MOSC) 8 commentsAnswered

SOA Suite

12.2.1.4.0

Installed patch: SOA_SPB_12.2.1.4.240112

Problem:

after installed the latest SOA bundle patch, there are still log4j version before 2.17.1 which is flagged by Nessus scan every time as vulnerable.

e.g. below files are embedded in the patch but will be scanned by Nessus as critical and high vulnerabilities.

 <file file_name="log4j-2.11.1.jar" path="%ORACLE_HOME%/%SYMBOL%/modules/thirdparty" shaolue="DFC68946CE7AF4AC349C9366F8BC166BE86C0BFE"/>

    </files>

  </bug>

  <bug bug_number="30284059">

    <files>

      <file file_name="log4j-2.11.1.jar" path="%ORACLE_HOME%/%SYMBOL%/modules/thirdparty" shaolue="DFC68946CE7AF4AC349C9366F8BC166BE86C0BFE"/>

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center