SAP Knowledge Base Article - Preview

3437764 - Archive Center - Log4j Vulnerability

Symptom

The Log4j third-party component used by OpenText Archive Center to keep a record of activity within the application is affected by the Critical RCE Vulnerability: log4j - CVE-2021-4104 and CVE-2021-44832.

This issue occurs in (but may not be limited to):

  • Archive Center 20.2
  • Archive Center 21.2



We validated that Archive Center versions before 20.2, where log4j-1.x.jar is used, are not impacted by CVE-2021-44228. The JMSAppender in Log4j third party component which is affected by the Critical RCE Vulnerability: CVE-2021-4104, has no impact on any of the following versions:

  • Archive Center 16.2
  • Archive Center 16
  • Archive Server 10.5.0
  • Archive Server 10.1.1
  • Archive Server 9.7.1
  • Archive Server 9.6.1

A threat actor could potentially exploit this vulnerability to remotely execute unauthorized code on systems running Archive Center 20.2 and 21.2.


Adding following CVEs as a result of JIRA AS-21552:

  • CVE-2019-17571
  • CVE-2020-9488
  • CVE-2022-23302
  • CVE-2022-23305
  • CVE-2022-23307


Read more...

Environment

This issue occurs in (but may not be limited to):

  • Archive Center 20.2
  • Archive Center 21.2

Product

SAP Archiving and Document Access 20.4 by OpenText ; SAP Archiving and Document Access 21.4 by OpenText

Keywords

KBA , XX-PART-OPT-ARC , SAP Archiving by OpenText , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.