SAP Knowledge Base Article - Preview

3260611 - Impact of Apache Commons CVE-2022-42889 vulnerability on SAP Process Orchestration

Symptom

  • You would like further details on the impact of the security vulnerability disclosed in CVE-2022-42889, impacting Apache Commons Text, on SAP Process Orchestration (PO) or SAP Process Integration (PI). 
  • Further details available from vendor site: Security Vulnerabilities
  • Note as stated by the vendor Apache: "If you rely on software that uses a version of commons-text prior to 1.10.0, you are likely still not vulnerable: only if this software uses the StringSubstitutor API without properly sanitizing any untrusted input." and "We're not currently aware of any applications that pass untrusted input to the substitutor and thus would have been impacted by this problem prior to Apache Commons Text 1.10.0"
  • This KBA will serve as an FAQ for this issue and will be updated if and when new information is available. 


Read more...

Environment

  • SAP NetWeaver 7.5

Product

SAP NetWeaver 7.5

Keywords

Security risk, CVE, high , KBA , BC-XI-PIT , Process Integration Test Tool , BC-XI-CON-AFW , J2EE Adapter Framework , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.