Symptom
The Log4j third-party component used by OpenText Archive Center to keep a record of activity within the application is affected by the Critical RCE Vulnerability: log4j - CVE-2021-4104 and CVE-2021-44832.
This issue occurs in (but may not be limited to):
- Archive Center 20.2
- Archive Center 21.2
We validated that Archive Center versions before 20.2, where log4j-1.x.jar is used, are not impacted by CVE-2021-44228. The JMSAppender in Log4j third party component which is affected by the Critical RCE Vulnerability: CVE-2021-4104, has no impact on any of the following versions:
- Archive Center 16.2
- Archive Center 16
- Archive Server 10.5.0
- Archive Server 10.1.1
- Archive Server 9.7.1
- Archive Server 9.6.1
A threat actor could potentially exploit this vulnerability to remotely execute unauthorized code on systems running Archive Center 20.2 and 21.2.
Adding following CVEs as a result of JIRA AS-21552:
- CVE-2019-17571
- CVE-2020-9488
- CVE-2022-23302
- CVE-2022-23305
- CVE-2022-23307
Read more...
Environment
This issue occurs in (but may not be limited to):
- Archive Center 20.2
- Archive Center 21.2
Product
Keywords
KBA , XX-PART-OPT-ARC , SAP Archiving by OpenText , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.