cancel
Showing results for 
Search instead for 
Did you mean: 

Is SAP BUSINESS ONE AFFECTED BY CVE-2021-44228

yakoair1
Explorer
0 Kudos
2,555
We are receiving some questions (very worried customers) about this particular component.
Is SAP BUSINESS ONE affected?

Apache Log4j JNDI Lookup Remote Code Execution Vulnerability / A vulnerability exists in Apache Log4j due to insufficient restrictions placed on the JNDI lookup functionality. An attacker could exploit this vulnerability to execute arbitrary code on vulnerable systems
0 Kudos
yakoair1
Explorer
0 Kudos

Dear everybody I suggest not to share this document yet be aware that the document is marked as confidential and asks for an NDA even.

rahuljain257
Participant
0 Kudos

Sure Gabriela.

yakoair1
Explorer

sap note has been released

https://launchpad.support.sap.com/services/pdf/notes/3131789/E

3131789 - Mitigate Log4j CVE-2021-44228 Vulnerability in SAP Business One

Accepted Solutions (1)

Accepted Solutions (1)

JesperB1
Product and Topic Expert
Product and Topic Expert

Hello,

Just released - A new SAP Knowledge Based Article (KBA) (Note 3131789) is created which outlines our awareness and a workaround of this in the SAP Business One context.

Jesper

AngeloZ
Explorer

Hello Jesper,

Do other versions of SAP B1 not mentioned in the KBA is not affected by the Log4j vulnerability?

Thank you.

Angelo

Answers (1)

Answers (1)

patelyogesh
Active Contributor
0 Kudos

Hello gabriela.lpez2,

Patch Pending = SAP Business One

Please find more information at the link below.

sap-tc-01-5025.pdf

Thank you

Yogesh