Published in: sap note 3132058 – [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability Author RedRays Team Published on: January 12, 2022 Description Symptom The SAP Cloud-to-Cloud Interoperability uses a version of Open Source component Apache Log4j which has vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832. Other Terms Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832. Solution Please upgrade your SAP Cloud-to-Cloud Interoperability to the latest version (1.10.0). You may download the latest version from SAP Market Place: https://launchpad.support.sap.com/#/softwarecenter/template/products/_APP=00200682500000001943&_EVENT=DISPHIER&HEADER=Y&FUNCTIONBAR=N&EVENT=TREE&NE=NAVIGATE&ENR=73555000100200010773&V=MAINT Available fix and Supported packages HYPERSCALER-INTEROP|100|100| Affected component HYPERSCALER-INTEROP CVSS CVSS v3.0 Base Score: 10.0/ 10 Exploit Exploit is not available.For detailed information please contact the mail [email protected] URL https://launchpad.support.sap.com/#/notes/3132058TAGS Command Injection, OS command injection, Remote Code Execution, Log4j2, CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832. RedRays SAP Security Audit RedRays SAP Security Audit
4 months ago sap note 3124597 – [CVE-2022-22529] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection
4 months ago sap note 3136094 – [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing