![]() However, this component is not utilized or mandatory for the operation of EDS365 software. Oracle Spatial – Oracle document 2830143.1 lists available patches for addressing the vulnerabilities in this component that is bundled with the Oracle Database product. The following directory can be safely quarantined or removed without impacting normal operation of EDS365. This component is not utilized or mandatory for the operation of EDS365 software. Log4J-core-1.2.13.jar does not contain the JMSAppender.class file associated with the reported vulnerability. Oracle SQL Developer v3.2.10 – this component contains log4j v1.2.13 which is not one of those listed in the security alert from Apache. Oracle Data Integrator v11.1.1 - Oracle document 2827929.1 lists this version (11g) as not affected by the vulnerability. The following directories can be safely quarantined or removed without impacting normal operation of EDS365. ![]() However, these components are not utilized or mandatory for the operation of EDS365 software. Oracle Spatial and Trace File Analyzer – Oracle document 2830143.1 lists available patches for addressing the vulnerabilities in those components that are bundled with the Oracle Database product. :\app\oracle\product\19.3.0\dbhome_1\sqldeveloper The following directories can be safely quarantined or removed without impacting normal operation of EDS365. Oracle SQL Developer v19.2.1 – Oracle document 2828123.1 states that this version includes the affected log4j library, but it is not used with SQL Developer. Oracle Data Integrator v11.1.1.6 - Oracle document 2827929.1 lists this version (11g) as not affected by the vulnerability. This version of log4j is listed as non-vulnerable in the most recently issued security alert from Apache ( ). ![]() Oracle Business Intelligence v12.2.1.2 - Oracle document 2828642.1 indicates that vulnerability patches are relevant only to later releases of this component. Log4j library instances have been found in the following components integrated in this service release: EDS365 Service Release 6, specifically Hotfix 1.9, 2021, affecting a common software package (Apache log4j). Because log4j is widely used across web applications and cloud service providers, the full scope of this vulnerability is complex, and its impact is still being determined. Waters product and engineering teams continue to investigate this matter. Waters will provide updates for its customers about the log4j vulnerability as needed and will notify customers when the assessment is complete.Īs part of initial investigation the following Waters software has been analyzed for the presence of log4j*.jar files: Waters is aware of the "zero day" vulnerability (CVE-2021-44228), announced by security researchers on Dec. Apache Log4j Vulnerability Update Feb 03,2022
0 Comments
Leave a Reply. |