Symptom
In BI 4.3 SP02 Patch 400 and 4.2 SP09 Patch 1100, log4j was switched to reload4j, which is a supported version of log4j 1.x where the vulnerabilities have been resolved.
[for more details, see 3137930 CVE-2021-4104 & other log4j vulnerabilities - further information for BI 4.x]
- However customers (scans) can still see references to older log4j files which are not replaced with reload4j in their install cache.
- How to remove vulnerable Log4j occurrences from InstallCache folders ?
- How to remediate log4j vulnerabilities found in InstallCache folders ?
Read more...
Environment
- SAP BI Platform 4.2 / 4.3
- All supported OS
Product
SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3
Keywords
BI Platform 4.x 4.2 4.3 remove vulnerable Log4j occurrences InstallCache folders , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.