Skip links

3132058 – [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability

Description

Symptom

The SAP Cloud-to-Cloud Interoperability uses a version of Open Source component Apache Log4j which has vulnerabilities CVE-2021-44228CVE-2021-45046CVE-2021-45105CVE-2021-44832.

Other Terms

Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228CVE-2021-45046CVE-2021-45105CVE-2021-44832.

Solution

Please upgrade your SAP Cloud-to-Cloud Interoperability to the latest version (1.10.0). You may download the latest version from SAP Market Place: 

https://launchpad.support.sap.com/#/softwarecenter/template/products/_APP=00200682500000001943&_EVENT=DISPHIER&HEADER=Y&FUNCTIONBAR=N&EVENT=TREE&NE=NAVIGATE&ENR=73555000100200010773&V=MAINT

Available fix and Supported packages

HYPERSCALER-INTEROP|100|100|
 
Affected component

HYPERSCALER-INTEROP

CVSS

CVSS v3.0 Base Score: 10.0/ 10 

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/3132058

TAGS

 

Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228CVE-2021-45046CVE-2021-45105CVE-2021-44832.

RedRays SAP Security Audit

RedRays SAP Security Audit