For JD Edwards Oneworld environments: We have investigated the impact noticed that Apache Log4j version 2 is not used in default Oracle Weblogic Server installations, but can contain some Apache Log4j version 2 jars.
These jar files can be found in the directory: ORACLE_HOME/oracle_common/modules/thirdparty
Meanwhile, Oracle confirmed the use of the Apache Log4J vulnerability in Oracle WebLogic Server – Version 12.2.1.3.0 to 14.1.1.0.0
We recommend applying the Oracle WebLogic Server patch to upgrade the Log4j packages and mitigate the vulnerabilities. Use the following Patch set update to update the Apache Log4j version 2 libraries:
For the full post by Steltix, please visit the Steltix website.