Discussions
Categories
- 384.5K All Categories
- 2.5K Data
- 551 Big Data Appliance
- 1.9K Data Science
- 451.3K Databases
- 222.1K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 32 Multilingual Engine
- 561 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 561 SQLcl
- 4K SQL Developer Data Modeler
- 187.4K SQL & PL/SQL
- 21.4K SQL Developer
- 296.8K Development
- Application Development
- 18 Developer Projects
- 140 Programming Languages
- 293.5K Development Tools
- 112 DevOps
- 3.1K QA/Testing
- 646.2K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 186 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.2K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 21 Java Essentials
- 164 Java 8 Questions
- 86K Java Programming
- 81 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 206 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 525 LiveLabs
- 39 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 178 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 236 Portuguese
log4j.jar vulnerability in kvstore/lib binaries
Hi all,
recently I run the local-log4j-vuln-scanner on my NoSQL machines kvstore installation and fount this vulnerability exposed.
Checking for vulnerabilities: CVE-2019-17571, CVE-2021-44228, CVE-2021-45105
indicator for vulnerable component found in /oracle/<DBNAME>/kv-<VERSION>/lib/log4j.jar (org/apache/log4j/net/SocketNode.class): SocketNode.class log4j 1.2.17 CVE-2019-17571
do we have some fix for this vulnerability or some workaround ?
Thank you in advance
Adrian
Best Answer
-
Adrian,
You will need to upgrade to a later version of NoSQL. We have addressed the issue in the later versions. 4.3 is an extremely old version of the software.
Mike
Answers
-
What version of Oracle NoSQL are you using?
-
Hi Tim,
version Version: 12.1.4.3.11.
Thank you
Adrian
-
Adrian,
You will need to upgrade to a later version of NoSQL. We have addressed the issue in the later versions. 4.3 is an extremely old version of the software.
Mike
