Skip links
RedRays - Your SAP Security Solution
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

3132058 – [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability

Description

Symptom

The SAP Cloud-to-Cloud Interoperability uses a version of Open Source component Apache Log4j which has vulnerabilities CVE-2021-44228CVE-2021-45046CVE-2021-45105CVE-2021-44832.

Other Terms

Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228CVE-2021-45046CVE-2021-45105CVE-2021-44832.

Solution

Please upgrade your SAP Cloud-to-Cloud Interoperability to the latest version (1.10.0). You may download the latest version from SAP Market Place: 

https://launchpad.support.sap.com/#/softwarecenter/template/products/_APP=00200682500000001943&_EVENT=DISPHIER&HEADER=Y&FUNCTIONBAR=N&EVENT=TREE&NE=NAVIGATE&ENR=73555000100200010773&V=MAINT

Available fix and Supported packages

HYPERSCALER-INTEROP|100|100|
 
Affected component

HYPERSCALER-INTEROP

CVSS

CVSS v3.0 Base Score: 10.0/ 10 

Exploit


Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/3132058

TAGS

 

Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228CVE-2021-45046CVE-2021-45105CVE-2021-44832.

RedRays SAP Security Audit

RedRays SAP Security Audit

More to explorer

SAP Cloud Connector Certificate Validation Issue

February 13, 2024

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,