SAP Knowledge Base Article - Preview

3134193 - Security vulnerability CVE-2021-44228 in Apache log4j library for SAP Customer Data Cloud

Symptom

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce

https://logging.apache.org/log4j/2.x/security.html


Read more...

Environment

SAP Customer Data Cloud
SAP Customer Data Platform

Keywords

Zero Day, security vulnerability, Customer Data Cloud, CDC, CVE-2021-44228, Logger.class, Log4j, Log4j2, gigya,  , KBA , CEC-PRO , SAP Customer Data Cloud - Identity, - Consent, - Profile , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.