Is SQL Anywhere affected by Apache Log4j vulnerabi...

2,008

SAP Managed Tags:
SAP SQL Anywhere

Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

https://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.sqlanywhere.12.0.1/sachanges/new...

MobiLink server no longer requires log4j.jar The log4j.jar file is no longer required by the MobiLink server and is no longer deployed with the MobiLink server. If you require log4j.jar you must install your own version of the jar and put it in the classpath.

My blind guess - no. But you can check if your server still uses log4j.jar as a dependency.

Thanks... it doesn't appear to ship with SA16 or SA17, but it's a different story with ASE 16

Accepted Solutions (0)

Answers (1)

SQL Anywhere 17 is not affected by this vulnerability.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

What about v16? (It's EOL'ed, I'm aware...)

The SAP note ("3130849 - CVE-2021-44228 - RCE 0-day exploit found in log4j - SQL Anywhere") states that: "... Note that versions of SQL Anywhere older than 17.0 are not being maintained. If this CVE is a concern, you should upgrade to SQL Anywhere 17.0."

Can you please tell me if there is any information about "zero-day/Log4j2"-vulnerability for SQL Anywhere 16.0.0 and SQL Anywhere 12.0.1?

AFAIK log4j.jar didn't ship with SQL Anywhere after version 11.

Ask a Question

Top Q&A Solution Author

User

Count