SAP Knowledge Base Article - Preview

3232533 - CVE-2021-4104 impact of Log4j 1.x vulnerability to SAP Sourcing / CLM

Symptom

SAP Sourcing Versions 7, 9, 10 and 11 (SP1 through SP17) contains Apache Log4j1.2 as part of base code.  Vulnerabilities have been identified, via CVE-2021-4104, for this file and version number, but only under certain circumstances which do not apply to SAP Sourcing / CLM. 


Read more...

Environment

SAP Sourcing/CLM Versions 9, 10 and 11 (SP1 through SP17)

Product

SAP Sourcing 10.0 and SAP Contract Lifecycle Management 10.0 ; SAP Sourcing 11.0 and SAP Contract Lifecycle Management 11.0 ; SAP Sourcing 7.0 and SAP Contract Lifecycle Management 7.0 ; SAP Sourcing 9.0 and SAP Contract Lifecycle Management 9.0

Keywords

CVE-2021-4104 log4j , KBA , SRM-ESO-SEC , Security for SAP Sourcing & CLM , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.