Published in: sap note

3132058 – [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability

Author RedRays Team

Published on: January 12, 2022

Description

Symptom

The SAP Cloud-to-Cloud Interoperability uses a version of Open Source component Apache Log4j which has vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832.

Other Terms

Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832.

Solution

Please upgrade your SAP Cloud-to-Cloud Interoperability to the latest version (1.10.0). You may download the latest version from SAP Market Place:

https://launchpad.support.sap.com/#/softwarecenter/template/products/_APP=00200682500000001943&_EVENT=DISPHIER&HEADER=Y&FUNCTIONBAR=N&EVENT=TREE&NE=NAVIGATE&ENR=73555000100200010773&V=MAINT

Available fix and Supported packages

HYPERSCALER-INTEROP|100|100|

Affected component

HYPERSCALER-INTEROP

CVSS

CVSS v3.0 Base Score: 10.0/ 10

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/3132058

RedRays SAP Security Audit

Description

Symptom

Other Terms

Solution

Available fix and Supported packages

Exploit

URL

RedRays SAP Security Audit

RedRays SAP Security Audit

You may also like