What is Log4j vulnerability?
Log4j vulnerability officially know as CVE-2021-44228. It is exploitation of a critical remote code execution in Apache's Log4j library (versions 2.0 beta 9 to 2.14.1).
It is widely used in applications, websites, consumer services etc...to log security and performance details. An unauthorized remote actor could exploit the vulnerability and take control of affected systems.
It is used by organizations like Apple, Cloudflare, Google, Microsoft, Tesla, Twitter have been affected by this vulnerability.
The CVSS (Common Vulnerability Scoring System) as 10 out of 10 based as the impact might be global if exploited by attackers.
This issue was identified in log4j2 and fixed in log4j 2.15.0.
FAQ's of Log4j vulnerability in SAP Business One
Does Log4j Affects SAP Business One?
Yes, Log4j vulnerability officially CVE-2021-44228 affects SAP Business One, this impact is on both MS SQL and SAP HANA versions and irrespective of any localization.
Which Business One versions are affected?
From 9.3 PL7 to 10.0 FP2108 both MS SQL and SAP HANA versions.
Has SAP provided the fix for Log4j vulnerability in Business One?
Yes, SAP has provided the fix in 10.0 FP2111 for both MS SQL and SAP HANA version.
Or apply SAP workaround provided in Note-3131789.
Which Business One components are affected by Log4j vulnerability?
License Server, Integration Framework, Job Service, SLD, Service Layer and Workflow.
What are other things that I need to check?
- Ensure backup system is working properly
- Apply patches and updates on all the systems
Log4J Fun Story