SAP Knowledge Base Article - Preview

3130846 - Detecting and remediating log4j CVE-2021-44228 vulnerabilities in SAP Cloud Integration NEO and CF applications


Log4J is a widely used Open Source component for logging and tracing of application events. Recently a severe security bug was discovered that allows attackers to exploit applications with low effort and causing severy security impact.



  • SAP Integration Suite
  • Cloud Integration

To current knowledge, Java applications using certain version of log4j can be vulnerable to attacks as outlined in CVE-2021-44228CVE-2021-45046, and CVE-2021-45105

Cloud Integration itself is not vulnerable, but the vulnerability can apply to Cloud Integration content which is using log4j as imported jar as part of scripts, mapping, or adapters.


Cloud Integration all versions ; SAP Integration Suite all versions


NEO, Cloud Foundry Log4J, CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, JNDI, Vulnerability, CPI , KBA , LOD-HCI-PI-OPS , Cloud Operations , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.