Dear partners and customers
The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by SAP Field Service Management’s cloud services.
SAP would like to notify our customers that SAP Field Service Management team has taken swift and responsive action to provide appropriate patching for the affected components to ensure that our customers’ Data, Applications and Infrastructure is secured from this vulnerability.
Please see updated verbiage from SAP on My Trust Center: SAP's Response to CVE-2021-44228