3514157 - CVE-2021-4104 & other log4j vulnerabilities - further information for BI 4.x

Symptom

Further information on following log4j vulnerabilities,
CVE-2022-23302 (JMSSink.class -> SAP Note 2914574)
CVE-2022-23305 (JDBCAppender.class -> SAP Note 2914574)
CVE-2021-44832 (JDBCAppender.class -> SAP Note 2914574)
CVE-2022-23307 (Chainsaw -> SAP Note 2914574)
CVE-2021-4104 (JMSAppender.class -> SAP Note 2914574)
CVE-2020-9488 (SMTPAppender.class -> SAP Note 2914574)
CVE-2019-17571 (SocketServer.class -> SAP Note 2914574)

Environment

SAP BusinessObjects Business Intelligence (BI) Platform 4.x (4.2 / 4.3)
log4j

Product

SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3

Keywords

SAP Business Objects log4j JMSSink.class JDBCAppender.class Chainsaw SMTPAppender.class SocketServer.class , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.