-
-
Notifications
[Action required] SAP Security Patch Day - October 2024
SAP Patches released on SAP Security Patch Day - October 10 2024 2024/10/08 | Advisory |Stable version 6.30
A new Stable version 6.30.1 now available for download and installation – You are welcome to try it out! 2024/10/03 | Release notes |[Action required] SAP Security Patch Day - September 2024
SAP Patches released on SAP Security Patch Day - September 10 2024 2024/09/10 | Advisory |[Action required] SAP Security Patch Day - August 2024
SAP Patches released on SAP Security Patch Day - August 13 2024 2024/08/13 | Advisory |[Action required] SAP Security Patch Day - July 2024
SAP Patches released on SAP Security Patch Day - July 09 2024 2024/07/09 | Advisory |[Action required] SAP Security Patch Day - June 2024
SAP Patches released on SAP Security Patch Day - June 11 2024 2024/06/11 | Advisory |[Action required] SAP Security Patch Day - May 2024
SAP Patches released on SAP Security Patch Day - May 14 2024 2024/05/14 | Advisory |[Action required] SAP Security Patch Day - April 2024
SAP Patches released on SAP Security Patch Day - April 9 2024 2024/04/09 | Advisory |[Action required] SAP Security Patch Day - March 2024
SAP Patches released on SAP Security Patch Day - March 12 2024 2024/03/12 | Advisory |[Action required] SAP Security Patch Day - February 2024
SAP Patches released on SAP Security Patch Day - February 13 2024 2024/02/13 | Advisory |[Action required] SAP Security Patch Day - January 2024
SAP Patches released on SAP Security Patch Day - January 9 2024 2024/01/09 | Advisory |[Action required] SAP Security Patch Day - December 2023
SAP Patches released on SAP Security Patch Day - December 12 2023 2023/12/12 | Advisory |[Action required] SAP Security Patch Day - November 2023
SAP Patches release on SAP Security Patch Day of November on 14th 2023 2023/11/14 | Advisory |[Action required] SAP Security Patch Day - October 2023
SAP Patches release on SAP Security Patch Day of October on 10th 2023 2023/10/10 | Advisory |[Action required] SAP Security Patch Day - September 2023
SAP Patches release on SAP Security Patch Day of September on 12th 2023 2023/09/12 | Advisory |[Action required] SAP Security Patch Day - August 2023
SAP Patches release on SAP Security Patch Day of August on 8th 2023 2023/08/08 | Advisory |[Action required] SAP Security Patch Day - July 2023
SAP Patches release on SAP Security Patch Day of July on 11th 2023 2023/07/11 | Advisory |[Action required] SAP Security Patch Day - June 2023
SAP Patches release on SAP Security Patch Day of June on 13th 2023 2023/06/13 | Advisory |[Action required] SAP Security Patch Day - May 2023
SAP Patches release on SAP Security Patch Day of May on 9th 2023 2023/05/09 | Advisory |[Action required] SAP Security Patch Day - April 2023
SAP Patches release on SAP Security Patch Day of April on 11th 2023 2023/04/11 | Advisory |[Action required] SAP Security Patch Day - March 2023
SAP Patches release on SAP Security Patch Day of March on 14th 2023 2023/03/14 | Advisory |[Action required] SAP Security Patch Day - February 2023
SAP Patches release on SAP Security Patch Day of February on 14th 2023 2023/02/14 | Advisory |[Action required] SAP Security Patch Day - January 2023
HotNews Patches release on SAP Security Patch Day of January on 10th 2023 2023/01/10 | Advisory |[Action required] SAP Security Patch Day - December 2022
SAP Security Patch Day of December the 13th 2022 has been provided. 2022/12/13 | Advisory |[Action required] SAP Security Patch Day - September 2022
[Action required] SAP Security Patch Day of September the 13th has been provided 2022/09/13 | Advisory |[Solution available] App not loading
SAP has removed CDN library version used by SecurityBridge App, caused white screen. 2022/08/11 | News |[Action required] SAP Security Patch Day - August 2022
[Action required] SAP Security Patch Day of August the 7th has been provided 2022/07/14 | Advisory |[Action required] SAP Security Patch Day - July 2022
[Action required] SAP Security Patch Day of July the 5th has been provided 2022/07/14 | Advisory |Security Advisory for April 2022
Today we have released the Security Advisories for SAP and the month of April 2022 2022/03/07 | Advisory |Security Advisory for February 2022
Today we have released the Security Advisories for SAP and the month of February 2022 2022/02/18 | Advisory |Security Advisory for March 2022
Today we have released the Security Advisories for SAP and the month of March 2022 2022/03/07 | Advisory |Security Advisory for January 2022
Today we have released the Security Advisories for SAP and the month of January 2022 2022/01/07 | Advisory |Security Advisory for December 2021
Today we have released the Security Advisories for SAP and the month of December 2021 2021/12/27 | Advisory |GUIDANCE FOR PREVENTING, DETECTING, AND HUNTING FOR CVE-2021-44228 LOG4J 2 EXPLOITATION IN SAP SYSTEMS
Apache Log4j2 2.14.1 and below are susceptible to a remote code execution (RCE) vulnerability. 2021/12/01 | News |Security Advisory for October 2021
Today we have released the Security Advisories for SAP and the month of October 2021 2021/10/03 | Advisory |Security Advisory for September 2021
Today we have released the Security Advisories for SAP and the month of September 2021 2021/09/27 | Advisory |Security Advisory for July 2021
Today we have released the Security Advisories for SAP and the month of July 2021 2021/08/09 | Advisory |Security Advisory for June 2021
Today we have released the Security Advisories for SAP and the month of June 2021 2021/08/09 | Advisory |Security Advisory for May 2021
Today we have released the Security Advisories for SAP and the month of May 2021 2021/04/07 | Advisory |Security Advisory for April 2021
Today we have released the Security Advisories for SAP and the month of April 2021 2021/04/07 | Advisory |Security Advisory for February 2021
Today we have released the Security Advisories for SAP and the month of February 2021 2021/02/04 | Advisory |Security Advisory for January 2021
Today we have released the Security Advisories for SAP and the month of January 2021 2021/02/04 | Advisory |Security Advisory for December 2020
Today we have released the Security Advisories for the month of December 2020 2021/01/13 | Advisory |Security Advisory for November 2020
Today we have released the Security Advisories for the month of November 2020 2020/11/24 | Advisory |Start your journey on the road to securing SAP
A new whitepaper has been published describing the important milestones and steps on your road to secure SAP. 2020/11/24 | Advisory |
GUIDANCE FOR PREVENTING, DETECTING, AND HUNTING FOR CVE-2021-44228 LOG4J 2 EXPLOITATION IN SAP SYSTEMS
News
Executive Summary
The Log4j is a Java-based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to remote code execution (RCE) vulnerability. An attacker can leverage this vulnerability to take full control of a targeted machine.
This module is a prerequisite for other software, which means it can be found in many products, including those from SAP SE, and is trivial to exploit. It is critical that organizations take immediate action to inventory their systems and prioritize remediation.
Impacted Versions
Apache Log4j 2.x <= 2.15.0-rc1
CVSS: 10 (CRITICAL)
Detection vs. Prevention
Microsoft’s Threat Intelligence team, which is responsible for the evaluation and threat analysis of security vulnerabilities and malware, has published an initial analysis of the Log4Shell vulnerability (CVE-2021-44228) in the Log4J logging library. There it emphasizes: “Every system with Log4J must be considered attacked meanwhile”.
Specifically, Microsoft’s assessment states, “Because the attack vectors through which this vulnerability can be exploited are broad and fully deploying remediation in large environments will take time, we recommend defenders look for signs of post-exploitation rather than relying entirely on prevention.”
Log4j usage in SAP
continue here.