SAP News Overview for December 2021 - Apache Log4j vulnerability & SAP Products, Security Notes - Safe O'Clock

SAP News Overview for December 2021 – Apache Log4j vulnerability & SAP Products, Security Notes

December 23, 2021

Apache Log4j vulnerability affect SAP

In December 2021, the critical vulnerability CVE-2021-44228 was discovered in Apache Log4j, a popular logging library for Java that affects a number of services, including Minecraft, Steam and Apple iCloud, etc. SAP customers are concerned about the extent to which business-critical SAP SE applications are affected.

The SAP security team is intensively testing the possible impact on SAP applications. To date, SAP has identified 32 applications affected by CVE-2021-44228. 20 of them have already been corrected, 12 are currently pending review.

The December release of SAP Security Patch Day does not list all the notes for information on log4j, a zero-day vulnerability in SAP products.

 

SAP releases December 2021 security updates

On the 14th of December 2021, SAP released a total of 15 new and updated security notes. Four of them are the highest Hot News notes.

SAP Security Note #2622660 is a recurring HotNews note that contains a SAP Business Client hotfix.

Note #3089831 with a CVSS rating of 9.9 is an updated September 2021 note. SAP says the update does not require any customer action.

SAP Security Note #3119365 with CVSS score of 9.9 fixes a code injection vulnerability [CVE-2021-44231] in a text extraction report in the SAP ABAP Server Translation Tools and ABAP Platform. The vulnerability could allow an attacker with low privileges to execute arbitrary commands in the background. It did not receive the highest CVSS score because privileges are required to exploit the vulnerability.

The second new HotNews note is SAP Security Note # 3109577. It has a CVSS rating of 9.9 and fixes several code execution vulnerabilities in SAP Commerce localization for China.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP News Overview for April 2023 – new SAP office in San Francisco, AMD is SAP customer and others

New SAP office in San Francisco SAP is constantly expanding to make its services available to more customers. The company […]

Read more
SAP Security Notes – May 2023

May 2023 On the 9th of May 2023, SAP Security Patch Day, 18 new Security Notes were released. There were […]

Read more
SAP Security Notes – April 2023

On the 11th of April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. There were […]

Read more
SAP News Overview for March 2023 – Industry Cloud for healthcare, Axfood and others

SAP’s Industry Cloud helps healthcare In life sciences and healthcare, SAP is committed to helping its customers develop and advance […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK