Subject: CVE-2021-44228 Still Present in IFS Remote Cloud 24R2 FilesHello,We are currently deploying IFS Remote Cloud 24R2, and we have identified that some files available on lifecycle.ifs.com still contain the Log4j vulnerability CVE-2021-44228.Since Oracle is distributed by IFS as an OEM, we do not have direct access to Oracle's patching services, which limits our ability to apply standard Oracle CPU patches.We would appreciate your guidance on the following points:What remediation options are available for environments where direct Oracle patching is not possible? Is it safe to manually remove the vulnerable components, such as JndiLookup.class, from the affected .jar files? Has anyone else encountered this issue during deployment of 24R2, and how was it resolved? Are there updated packages or scripts available from IFS to mitigate this vulnerability?We are particularly interested in best practices for removing or neutralizing the vulnerable files without impacting system stability.Thank you in advance for your support and insights.

CVE-2021-44228 still distrubuted on lifecycle.ifs.com

Subject: CVE-2021-44228 Still Present in IFS Remote Cloud 24R2 Files

Hello,

We are currently deploying IFS Remote Cloud 24R2, and we have identified that some files available on lifecycle.ifs.com still contain the Log4j vulnerability CVE-2021-44228.

Since Oracle is distributed by IFS as an OEM, we do not have direct access to Oracle's patching services, which limits our ability to apply standard Oracle CPU patches.

We would appreciate your guidance on the following points:

What remediation options are available for environments where direct Oracle patching is not possible?
Is it safe to manually remove the vulnerable components, such as JndiLookup.class, from the affected .jar files?
Has anyone else encountered this issue during deployment of 24R2, and how was it resolved?
Are there updated packages or scripts available from IFS to mitigate this vulnerability?

We are particularly interested in best practices for removing or neutralizing the vulnerable files without impacting system stability.

Thank you in advance for your support and insights.

Be the first to reply!

Did you find what you're looking for? If not:

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded