Dear all,
One of our customers need to know if it is affected by some vulnerabilities detected during an audit process.
This are the main points:
- Apache Log4j SEoL (<=1.x) – The plug in provides this finding as proof of vulnerability:
- Questions: Are the servers using SAP Business objects 4.0 and if so can it be upgraded to 4.2 or 4.3 as referenced here: Solved: How is BO impacted by Log4j vulnerability? - SAP Community
i. If not using this library file, can it be deleted?
- ASP.NET Core SEoL – The plug in has found multiple EOL version of ASP.NET core including 2.0.13103.0, 2.2.8, 3.1.29
- Is SAP using these ASP.NET versions? If so can ASP.NET be upgraded independently of any SAP software (BusinessOne or Business Objects Enterprise)?
- Microsoft.NET Core SEoL - The plug in has found multiple EOL version of .NET core including 10.16.5115, 1.1.13.1809, 2.0.9.26615, 2.2.8.28209, 3.1.29.31617
- Is SAP using these ASP.NET versions? If so can .NET be upgraded independently of any SAP software (BusinessOne or Business Objects Enterprise)?
- Apache 2.4.x < 2.4.58 Multiple Vulnerabilities – The plug in provides this finding as proof of vulnerability:
- Can Apache be upgraded independent of SAP Business One?
For the first point (Log4j), we have the 3 SAP notes that help us to know the affectation of the vulnerability detected in the following SAP Forum link:
https://community.sap.com/t5/technology-q-a/how-is-bo-impacted-by-log4j-vulnerability/qaq-p/12651273
I need to know if there are any specific information regarding points 2, 3 and 4.
Kind regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.