SAP News Overview for December 2021 - Safe O'Clock

SAP News Overview for December 2021

December 23, 2021

Apache Log4j vulnerability affect SAP

In December 2021, the critical vulnerability CVE-2021-44228 was discovered in Apache Log4j, a popular logging library for Java that affects a number of services, including Minecraft, Steam and Apple iCloud, etc. SAP customers are concerned about the extent to which business-critical SAP SE applications are affected.

The SAP security team is intensively testing the possible impact on SAP applications. To date, SAP has identified 32 applications affected by CVE-2021-44228. 20 of them have already been corrected, 12 are currently pending review.

The December release of SAP Security Patch Day does not list all the notes for information on log4j, a zero-day vulnerability in SAP products.

 

SAP releases December 2021 security updates

On the 14th of December 2021, SAP released a total of 15 new and updated security notes. Four of them are the highest Hot News notes.

SAP Security Note #2622660 is a recurring HotNews note that contains a SAP Business Client hotfix.

Note #3089831 with a CVSS rating of 9.9 is an updated September 2021 note. SAP says the update does not require any customer action.

SAP Security Note #3119365 with CVSS score of 9.9 fixes a code injection vulnerability [CVE-2021-44231] in a text extraction report in the SAP ABAP Server Translation Tools and ABAP Platform. The vulnerability could allow an attacker with low privileges to execute arbitrary commands in the background. It did not receive the highest CVSS score because privileges are required to exploit the vulnerability.

The second new HotNews note is SAP Security Note # 3109577. It has a CVSS rating of 9.9 and fixes several code execution vulnerabilities in SAP Commerce localization for China.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – April 2024

On the 9th of April 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for March 2024

SAP and NVIDIA partnership Another SAP partnership has benefited from the use of artificial intelligence. SAP SE and NVIDIA announced […]

Read more
SAP Security Notes – March 2024

On the 13th of February 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for February 2024

SAP strengthens AI growth areas  In recent years, artificial intelligence has rightfully begun to gain increasing popularity among developers – […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK