Description
Symptom
The SAP Cloud-to-Cloud Interoperability uses a version of Open Source component Apache Log4j which has vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832.
Other Terms
Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832.
Solution
Please upgrade your SAP Cloud-to-Cloud Interoperability to the latest version (1.10.0). You may download the latest version from SAP Market Place:
Available fix and Supported packages
HYPERSCALER-INTEROP
CVSS
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected].
URL
https://launchpad.support.sap.com/#/notes/3132058
TAGS
Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832.