Symptom
SAP Sourcing Versions 7, 9, 10 and 11 (SP1 through SP17) contains Apache Log4j1.2 as part of base code. Vulnerabilities have been identified, via CVE-2021-4104, for this file and version number, but only under certain circumstances which do not apply to SAP Sourcing / CLM.
Read more...
Environment
SAP Sourcing/CLM Versions 9, 10 and 11 (SP1 through SP17)
Product
SAP Sourcing 10.0 and SAP Contract Lifecycle Management 10.0 ; SAP Sourcing 11.0 and SAP Contract Lifecycle Management 11.0 ; SAP Sourcing 7.0 and SAP Contract Lifecycle Management 7.0 ; SAP Sourcing 9.0 and SAP Contract Lifecycle Management 9.0
Keywords
CVE-2021-4104 log4j , KBA , SRM-ESO-SEC , Security for SAP Sourcing & CLM , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.