Skip to Content
7
Dec 10, 2021 at 09:27 PM

Log4j security vulnerability with SAP Crystal Reports for .NET SDK

33889 Views Last edit Dec 13, 2021 at 04:22 PM 2 rev

We were just made aware of a severe vulnerability in the Java logging library Apache Log4j.

See the following article for more information:

https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/

Is this library present and being used by the Crystal Reports runtime engine for .NET SDK (using v13.0.30.3805)? If so, what measures can we take to mitigate this vulnerability? Is SAP planning to issue some kind of patch?

Thanks in advance.