Symptom
You are curious whether your SAP NetWeaver Application Server Java system is affected by ZeroDay security vulnerability in log4j library mentioned in the blog.
- Vulnerability CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105 for log4j
- How does this impact SAP Netweaver Application Server Java Core Components
- The AS Java Core Software Components are documented in KBA 1794179 Importing AS Java Core patches for NetWeaver 7.1 or higher
log4j is an apache library used commonly in java applications. This particular issue was identified in log4j2 and fixed in log4j 2.17.0. See more in the document: Apache Log4j Security Vulnerabilities.
Read more...
Environment
- SAP NetWeaver Application Server Java all versions
- Library versions Log4j 2.x (below than 2.17.0) are affected
- Library versions Log4j 1.x has not been checked (see Apache Log4j Security Vulnerabilities for more details), although update of the library is recommended; this version is not supported/maintained since 2015.
Product
Keywords
Zero Day, security vulnerability, org.apache.naming.factory.BeanFactory, BeanFactory, CVE-2021-44228, Logger.class, Log4J, Log4j2, log4j2.15.0, log4j2.16.0, log4j2.17.0 , KBA , BC-JAS-COR , Enterprise Runtime, Core J2EE Framework , XX-PART-WILY , Introscope by CA Technologies , BC-XI-CON-AFW-AAE , Advanced Adapter Engine , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.