Tag: log4j

Log4J and OEM Part II

After part 1, where Oracle wrote in an official document there is no impact for your targets, Critical Patch Advisory April 2022 reveals multiple vulnerabilities, one of them is Log4J severity 9.8/10. 9.8 means it is kindergarden easy to compromise confidentiality, integrity and availability even without a login. In the meanwhile, per 30. April, Oracle […]

Log4J and Oracle Enterprise Manager

Log4j issues allow a remote client to execute code without authentication. Software vendors spent the last two months thinking of the impact and the mitigations. The bad: If you have Enterprise Manager, you have multiple web services, like em itself (https://oms.example.com:7799/em), the weblogic console (https://oms.example.com:7102/console), the agent (https://dbsrv01.example.com:3872/emd/main/) and others. This makes you an easy […]