The PeopleSoft Administrator Podcast hosted by Dan Iverson and Kyle Benson
On this early release episode, Kyle and Dan talk about the log4shell vulnerability and how to mitigate the risk for PeopleSoft.
Show Notes
- log4shell – Vulnerability issue with log4j @ 0:30
- Remediation @ 18:45
- Add “-Dlog4j2.formatMsgNoLookups=true” to your JAVA_OPTS parameter
- Scanner tool
- Dan’s sample script to identify vulnerable libraries
- PeopleTools Patch for Log4Shell @ 29:00
- How does affect PS/Oracle products down the road? @ 40:00
Any idea if PeopleTools 8.54.28 is impacted by CVE-2021-44228 (Log4j) ? I see 8.57 – 8.59 notes on Oracle support.
You can check the log4j version under PS_HOME/class and see if it’s in the affected versions. 8.54 has been out of support for a while, so Oracle won’t mention it in their documents.