Skip to content

Oracle Weblogic Server (MOSC)

MOSC Banner

How to solve log4j vulnerability detected in .patch_storage folder ?

in Oracle Weblogic Server (MOSC) 4 commentsAnswered ✓

We are running Oracle Weblogic Server version 12.2.1.4.0. We are up to date with the OPatch October 2023 PSU (we'll apply January 2024 PSU very soon), but our vulnerability detection tool has detected CVE-2019-17571 on file /opt/ORACLE/Weblogic12c/AppServer/.patch_storage/34236279_Jun_2_2022_21_32_46/files/oracle.wls.admin.console.en/12.2.1.4.0/wls.server.symbol/server/lib/consoleapp/APP-INF/lib/log4j-1.2.17-16.jar.

Is there a way to solve this vulnerability ? If no, can we delete this file without any impact ? Or should we consider it as a false positive ?

Thanks in advance for your help.

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center