Forum Stats

  • 3,826,348 Users
  • 2,260,631 Discussions
  • 7,896,912 Comments

Discussions

Is Oracle 19c affected by Log4j Vulnerability

GeekDBA
GeekDBA Member Posts: 2 Green Ribbon

Hi Team,

We have Oracle 19c(standard version) PROD database running on Windows server.

In recent security scans it is detected that Oracle 19c software path has vulnerable Log4j  files.

They are

i)(c:\app\oracle\product\19.0.0\dbhome_1\suptools\tfa\release\tfa_home\jlib\log4j-core-2.9.1.jar)

ii)(c:\app\oracle\product\19.0.0\dbhome_1\md\property_graph\lib\log4j-core-2.11.0.jar)


Is it true that the software is Vulnerable.

Can someone please shed some light on this topic.

https://support.oracle.com/knowledge/Support%20Tools/2847142_1.html

https://support.oracle.com/knowledge/Oracle%20Cloud/2827611_1.html

https://blogs.oracle.com/security/post/log4j-vulnerabilities


Thanks and Regards

Venkat