GUIDANCE FOR PREVENTING, DETECTING, AND HUNTING FOR CVE-2021-44228 LOG4J 2 EXPLOITATION IN SAP SYSTEMS 
News

Apache Log4j2 2.14.1 and below are susceptible to a remote code execution (RCE) vulnerability.

 

Executive Summary

The Log4j is a Java-based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to remote code execution (RCE) vulnerability. An attacker can leverage this vulnerability to take full control of a targeted machine. 

This module is a prerequisite for other software, which means it can be found in many products, including those from SAP SE, and is trivial to exploit. It is critical that organizations take immediate action to inventory their systems and prioritize remediation. 

Impacted Versions

Apache Log4j 2.x <= 2.15.0-rc1

CVSS: 10 (CRITICAL) 

Detection vs. Prevention

Microsoft’s Threat Intelligence team, which is responsible for the evaluation and threat analysis of security vulnerabilities and malware, has published an initial analysis of the Log4Shell vulnerability (CVE-2021-44228) in the Log4J logging library. There it emphasizes: “Every system with Log4J must be considered attacked meanwhile”. 


Specifically, Microsoft’s assessment states, “Because the attack vectors through which this vulnerability can be exploited are broad and fully deploying remediation in large environments will take time, we recommend defenders look for signs of post-exploitation rather than relying entirely on prevention.” 


Log4j usage in SAP

continue here.

  • Share with:
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2022 by SecurityBridge // NCMI GmbH