on 12-15-2021 4:58 PM
I see that java library log4j is used in eclipse IDE that SAP HANA Studio is based on. The library can be found in following directories (on WIN OS based machine):
x:\Program Files\SAP\hdbstudio\Add-OnTools\SAPBASISAIE00P_5-70003841\plugins\org.apache.log4j_1.2.15.v201012070815.jar
x:\Program Files\SAP\hdbstudio\configuration\org.eclipse.osgi\166\0\.cp\lib\log4j.jar
x:\Program Files\SAP\hdbstudio\plugins\org.apache.log4j_1.2.15.v201012070815.jar
x:\Program Files\SAP\hdbstudio\plugins\org.apache.ant_1.10.5.v20180808-0324\lib\ant-apache-log4j.jar
x:\Program Files\SAP\hdbstudio\plugins\org.apache.ant_1.10.9.v20201106-1946\lib\ant-apache-log4j.jar
x:\Program Files\SAP\hdbstudio\plugins\org.apache.axis_1.4.0.v201411182030\lib\log4j.properties
x:\Program Files (x86)\eclipse\plugins\org.apache.log4j_1.2.15.v201012070815.jar
x:\Program Files (x86)\eclipse\plugins\org.apache.ant_1.10.8.v20200515-1239\lib\ant-apache-log4j.jar
x:\Program Files (x86)\eclipse\plugins\org.apache.axis_1.4.0.v201411182030\lib\log4j.properties
I understand that vulnerability is within version log4j2 of the library. Most of classes I found under SAP HANA STUDIO/eclipse installation seems using Log4J 1.2.15 version. Based on this I guess there is no impact. I know this is not server type of software but just want to be sure.
Does anyone have any information on this topic?
thanks
Check out the official communication to that topic. It contains a list of products and if they are affected or their current status. That communication is updated regularly, so make sure you check back at least once a day. And I do believe HANA Studio is not affected - but you really will need to check that out yourself.
Direct Link (S-User required): https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.