SAP Knowledge Base Article - Preview

3130846 - Detecting and remediating log4j CVE-2021-44228 vulnerabilities in SAP Cloud Integration NEO and CF applications

Symptom

Log4J is a widely used Open Source component for logging and tracing of application events. Recently a severe security bug was discovered that allows attackers to exploit applications with low effort and causing severy security impact.


Read more...

Environment

  • SAP Integration Suite
  • Cloud Integration

To current knowledge, Java applications using certain version of log4j can be vulnerable to attacks as outlined in CVE-2021-44228CVE-2021-45046, and CVE-2021-45105

Cloud Integration itself is not vulnerable, but the vulnerability can apply to Cloud Integration content which is using log4j as imported jar as part of scripts, mapping, or adapters.

Product

Cloud Integration all versions ; SAP Integration Suite all versions

Keywords

NEO, Cloud Foundry Log4J, CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, JNDI, Vulnerability, CPI , KBA , LOD-HCI-PI-OPS , Cloud Operations , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.