3134193 - Security vulnerability CVE-2021-44228 in Apache log4j library for SAP Customer Data Cloud

Symptom

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce

https://logging.apache.org/log4j/2.x/security.html

Environment

SAP Customer Data Cloud
SAP Customer Data Platform

Product

SAP Customer Data Cloud all versions

Keywords

Zero Day, security vulnerability, Customer Data Cloud, CDC, CVE-2021-44228, Logger.class, Log4j, Log4j2, gigya, , KBA , CEC-PRO , SAP Customer Data Cloud - Identity, - Consent, - Profile , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.