SAP Knowledge Base Article - Preview

3129956 - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 - BusinessObjects impact for Log4j vulnerability

Symptom

  • Vulnerability CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105, CVE-2021-44832 for log4j
  • How does this impact SAP BusinessObjects Business Intelligence Platform (BI) 4.x
  • log4j is an apache library used commonly in java applications. This particular issue was identified in log4j2 and fixed in log4j 2.16
  • Perhaps you have ran the identification commands from KBA 3129883 CVE-2021-44228 - AS Java Core Components' impact for Log4j vulnerability and found output similar to below: 
    jar:file:/usr/sap/<SID>/<instance>/j2ee/cluster/apps/sap.com/com.sap.ip.bi.designstudio.nw.lib/servlet_jsp/com.sap.ip.bi.designstudio.nw.lib/root/WEB-INF/lib/org.apache.log4j_1.2.15.v201012070815.jar!/org/apache/log4j/Logger.class


Read more...

Environment

  • SAP BusinessObjects Business Intelligence (BI) Platform 4.2, 4.3 
  • SAP BusinessObjects Business Intelligence (BI) Platform 4.0 / 4.1 * NO LONGER SUPPORTED
  • SAP BusinessObjects Business Intelligence (BI), Edge edition 4.2, 4.3
  • SAP BusinessObjects Business Intelligence (BI), Edge edition 4.0 / 4.1 * NO LONGER SUPPORTED
  • SAP BusinessObjects Enterprise XI 3.1 * NO LONGER SUPPORTED
  • SAP BusinessObjects BI Platform Client Tools 4.2, 4.3
  • SAP BusinessObjects BI Platform Client Tools 4.0, 4.1 * NO LONGER SUPPORTED
  • SAP Crystal Server 2016, 2020
  • SAP Crystal Reports 2016, 2020
  • SAP Crystal Reports for Enterprise 4.2, 4.3
  • SAP Crystal Reports Viewer 2016, 2020
  • BI Platform Support Tool (BIPST)
  • Live Office
  • Universe Design Tool (UDT)
  • Analysis for Office (AO) and Analysis for Office Add-on for BI Platform
  • Lumira Discovery, Lumira Server for BI Platform & Lumira Designer
  • SAP Design Studio * NO LONGER SUPPORTED
  • SAP BI Mobile server
  • All dependent server tools like Upgrade Management Tool, Promotion Management Wizard, Wdeploy
  • All Operating Systems

*Note that the information above applies also to all SPs of the mentioned releases

Product

SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3

Keywords

CVE-2021-44228, SAP BusinessObjects, 4.3, 4.2, log4j,vulnerability, JNDI , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , BI-BIP-INS , Installation, Updates, Upgrade, Patching , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.