SAP Knowledge Base Article - Preview

3129956 - CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 - BusinessObjects impact for Log4j vulnerability

Symptom

  • Vulnerability CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105, CVE-2021-44832 for log4j
  • How does this impact SAP BusinessObjects Business Intelligence Platform (BI) 4.x
  • log4j is an apache library used commonly in java applications. This particular issue was identified in log4j2 and fixed in log4j 2.16
  • Perhaps you have ran the identification commands from KBA 3129883 CVE-2021-44228 - AS Java Core Components' impact for Log4j vulnerability and found output similar to below: 
    jar:file:/usr/sap/<SID>/<instance>/j2ee/cluster/apps/sap.com/com.sap.ip.bi.designstudio.nw.lib/servlet_jsp/com.sap.ip.bi.designstudio.nw.lib/root/WEB-INF/lib/org.apache.log4j_1.2.15.v201012070815.jar!/org/apache/log4j/Logger.class


Read more...

Environment

  • SAP BusinessObjects Business Intelligence (BI) Platform 4.2, 4.3 
  • SAP BusinessObjects Business Intelligence (BI) Platform 4.0 / 4.1 * NO LONGER SUPPORTED
  • SAP BusinessObjects Business Intelligence (BI), Edge edition 4.2, 4.3
  • SAP BusinessObjects Business Intelligence (BI), Edge edition 4.0 / 4.1 * NO LONGER SUPPORTED
  • SAP BusinessObjects Enterprise XI 3.1 * NO LONGER SUPPORTED
  • SAP BusinessObjects BI Platform Client Tools 4.2, 4.3
  • SAP BusinessObjects BI Platform Client Tools 4.0, 4.1 * NO LONGER SUPPORTED
  • SAP Crystal Server 2016, 2020
  • SAP Crystal Reports 2016, 2020
  • SAP Crystal Reports for Enterprise 4.2, 4.3
  • BI Platform Support Tool (BIPST)
  • Live Office
  • Universe Design Tool (UDT)
  • Analysis for Office (AO) and Analysis for Office Add-on for BI Platform
  • Lumira Discovery, Lumira Server for BI Platform & Lumira Designer
  • SAP Design Studio * NO LONGER SUPPORTED
  • SAP BI Mobile server
  • All dependent server tools like Upgrade Management Tool, Promotion Management Wizard, Wdeploy
  • All Operating Systems

*Note that the information above applies also to all SPs of the mentioned releases

Product

SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3

Keywords

CVE-2021-44228, SAP BusinessObjects, 4.3, 4.2, log4j,vulnerability, JNDI , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , BI-BIP-INS , Installation, Updates, Upgrade, Patching , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.