Symptom
- You would like further details on the impact of the security vulnerability disclosed in CVE-2022-42889, impacting Apache Commons Text, on SAP Process Orchestration (PO) or SAP Process Integration (PI).
- Further details available from vendor site: Security Vulnerabilities
- Note as stated by the vendor Apache: "If you rely on software that uses a version of commons-text prior to 1.10.0, you are likely still not vulnerable: only if this software uses the StringSubstitutor API without properly sanitizing any untrusted input." and "We're not currently aware of any applications that pass untrusted input to the substitutor and thus would have been impacted by this problem prior to Apache Commons Text 1.10.0"
- This KBA will serve as an FAQ for this issue and will be updated if and when new information is available.
Read more...
Environment
- SAP NetWeaver 7.5
Product
SAP NetWeaver 7.5
Keywords
Security risk, CVE, high , KBA , BC-XI-PIT , Process Integration Test Tool , BC-XI-CON-AFW , J2EE Adapter Framework , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.