NESSUS finding - Upgrade log4j-2.11.1.jar to 2.12.2
Hi All,
We had a NESSUS scan identify a log4j issue on our Weblogic 12.2.1.4 servers. In short it has reported a vulnerability with this file:
Plugin Output:
Path : /opt/oracle/middleware/oracle_common/modules/thirdparty/log4j-2.11.1.jar
Installed version : 2.11.1
Fixed version : 2.12.2
I feel like we are fully patched, up to and including the April 2024 CPU for both Weblogic Server and FMW Infrastructure 12.2.1.4, but feel there must be a patch I am missing. I am including an output of our lsinventory in case that helps.
Can anyone share their experience on how they upgraded this file?
Appreciate your help in advance.