Skip links
RedRays - Your SAP Security Solution
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

3132058 – [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability

Description

Symptom

The SAP Cloud-to-Cloud Interoperability uses a version of Open Source component Apache Log4j which has vulnerabilities CVE-2021-44228CVE-2021-45046CVE-2021-45105CVE-2021-44832.

Other Terms

Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228CVE-2021-45046CVE-2021-45105CVE-2021-44832.

Solution

Please upgrade your SAP Cloud-to-Cloud Interoperability to the latest version (1.10.0). You may download the latest version from SAP Market Place: 

https://launchpad.support.sap.com/#/softwarecenter/template/products/_APP=00200682500000001943&_EVENT=DISPHIER&HEADER=Y&FUNCTIONBAR=N&EVENT=TREE&NE=NAVIGATE&ENR=73555000100200010773&V=MAINT

Available fix and Supported packages

HYPERSCALER-INTEROP|100|100|
 
Affected component

HYPERSCALER-INTEROP

CVSS

CVSS v3.0 Base Score: 10.0/ 10 

Exploit


Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/3132058

TAGS

 

Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228CVE-2021-45046CVE-2021-45105CVE-2021-44832.

RedRays SAP Security Audit

RedRays SAP Security Audit

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN