SAP BO Version 4.2 SP 8 upgrade of log4J V1.2.15 t...

former_member560087 · ‎12-22-2021

Hi All ,

Currently we are on SAP Business Objects 4.2 SP8 contains the log4j-1.2.15.jar

As per our security team CVE-2021-4104 - JMSAppender class which is inside the log4j-1.2.15.jar file as vulnerability. They informed to upgrade the log4J.

Have checked the KBA : 3129956 and others there is no ref to upgrade of log4j.

Request your help, if anyone had upgraded log4j in SAP BO environment.

Regards,

Venkat

denis_konovalov · ‎01-04-2022

You should review KBA https://launchpad.support.sap.com/#/notes/3129956

ayman_salem · ‎12-22-2021

see *3 in the KBA 2914574 - Third-party software Vulnerabilities (CVE) NOT impacting SAP BusinessObjects 4.x

SAP BO Version 4.2 SP 8 upgrade of log4J V1.2.15 to Log4J V2.17

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: "Failed to update setup engine executables. Pr...

Re: Timer showing while sending the mails from SAP

Re: Best practice to connect to multiple databases...

SAP Hana Calculation view input parameter from JPA...

Re: Adaptation error in sap mdg ui screen customer