cancel
Showing results for 
Search instead for 
Did you mean: 

Crystal Reports for .NET Framework 4.0 - Log4j

blederer
Discoverer
2,424

I see some Log4J files located in the following. Is this vulnerable to the log4j vulnerability?

C:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\Crystal Reports 2011\crystalreportviewers\js\log4javascript

View Entire Topic

Not an issue in CR Designer,

And PLEASE search before posting

blederer
Discoverer

Thank you, I contacted support and they told me to ask my question here. I did search, but I am unfamiliar with Crystal Reports and must be installed for another program, are you saying that this file is part of CR Designer and it is not vulnerable?

Thanks, but as Brian Lederer, I am still uncertain about the usage of the files listed below in relation to CVE-2021-44228:

c:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\Crystal Reports 2011\crystalreportviewers\js\log4javascript\log4javascript.js

c:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\Crystal Reports 2011\crystalreportviewers\js\log4javascript\log4javascript_stub.js

c:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\Crystal Reports 2011\crystalreportviewers\js\log4javascript\log4javascript_stub_uncompressed.js

c:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\Crystal Reports 2011\crystalreportviewers\js\log4javascript\log4javascript_uncompressed.js

c:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\Crystal Reports 2011\crystalreportviewers\js\MochiKit\Logging.js

c:\Program Files (x86)\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\Crystal Reports 2011\crystalreportviewers\js\MochiKit\LoggingPane.js

are they to consider as vulnerable?

Thanks in advance

jn1
Explorer
0 Kudos

I, too, would like the questions that Morten asked, answered. I have read the other post at https://answers.sap.com/questions/13545419/log4j-security-vulnerability-with-sap-crystal-repo.html. I would like to know...

- WHEN/WHAT would trigger the JS files noted above to be used?

- Can they be deleted without affecting the runtime engine?

- Why are they installed on Windows machines if they are never used?

Thanks.