I see that java library log4j is used in eclipse IDE that SAP HANA Studio is based on. The library can be found in following directories (on WIN OS based machine):
x:\Program Files\SAP\hdbstudio\Add-OnTools\SAPBASISAIE00P_5-70003841\plugins\org.apache.log4j_1.2.15.v201012070815.jar
x:\Program Files\SAP\hdbstudio\configuration\org.eclipse.osgi\166\0\.cp\lib\log4j.jar
x:\Program Files\SAP\hdbstudio\plugins\org.apache.log4j_1.2.15.v201012070815.jar
x:\Program Files\SAP\hdbstudio\plugins\org.apache.ant_1.10.5.v20180808-0324\lib\ant-apache-log4j.jar
x:\Program Files\SAP\hdbstudio\plugins\org.apache.ant_1.10.9.v20201106-1946\lib\ant-apache-log4j.jar
x:\Program Files\SAP\hdbstudio\plugins\org.apache.axis_1.4.0.v201411182030\lib\log4j.properties
x:\Program Files (x86)\eclipse\plugins\org.apache.log4j_1.2.15.v201012070815.jar
x:\Program Files (x86)\eclipse\plugins\org.apache.ant_1.10.8.v20200515-1239\lib\ant-apache-log4j.jar
x:\Program Files (x86)\eclipse\plugins\org.apache.axis_1.4.0.v201411182030\lib\log4j.properties
I understand that vulnerability is within version log4j2 of the library. Most of classes I found under SAP HANA STUDIO/eclipse installation seems using Log4J 1.2.15 version. Based on this I guess there is no impact. I know this is not server type of software but just want to be sure.
Does anyone have any information on this topic?
thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.