SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.

SAP has identified 32 apps that are affected by CVE-2021-44228 – the critical vulnerability in the Apache Log4j Java-based logging library that’s been under active attack since last week.

As of yesterday, Patch Tuesday, the German software maker reported that it’s already patched 20 of those apps, and it’s still feverishly working on fixes for 12. SAP provided workarounds for some of the pending patches in this document, accessible to users on the company’s support portal.

The news about Log4Shell has been nonstop, with the easily exploited, ubiquitous vulnerability spinning off even more dangerous variations, being associated with yet another vulnerability in Apache’s fast-baked patch and threat actors jumping it on a global scale.

Between Sunday and Wednesday morning ET, SAP had released 50 SAP Notes and Knowledge Base entries focusing on Log4j.

Beyond ‘Logapalooza’: Other SAP Patch Tuesday Fixes

But hard though it may be to believe, there are other SAP security matters to attend to besidea Logapalooza, including fixes for other severe flaws in the company’s

Read More: https://threatpost.com/sap-log4shell-vulnerability-apps/177069/