SAP FSM - Response to CVE-2021-44228 Apache Log4j 2

Dear partners and customers

 

Background

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by SAP Field Service Management’s cloud services.

Customer Update

SAP would like to notify our customers that SAP Field Service Management team has taken swift and responsive action to provide appropriate patching for the affected components to ensure that our customers’ Data, Applications and Infrastructure is secured from this vulnerability.

 

Please see updated verbiage from SAP on My Trust Center: SAP's Response to CVE-2021-44228

 

References

https://nvd.nist.gov/vuln/detail/CVE-2021-44228 

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce

https://logging.apache.org/log4j/2.x/security.html

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.