limkedin Skip to main content

Protect4S releases new SAP security template for Log4j emergency directive

By 3 February 2022No Comments

This new directive underlines the risk posed by Log4j vulnerabilities 

Log4j SAP Security

To stress the importance of the vulnerabilities found in Log4j, the Cybersecurity and Infrastructure Security Agency of the United States government (CISA) has issued Emergency Directive 22-01. The directive requires federal civilian agencies to identify and remediate these vulnerabilities on their information systems. 

Although these directives require action from federal civilian agencies only, CISA strongly recommends that private businesses and state, local, tribal, and territorial (SLTT) governments review and monitor these as well and remediate the listed vulnerabilities to strengthen their security and resilience posture. Building collective resilience requires action across all stakeholders. 

The directive list currently contains the following vulnerabilities that are present in Apache, a component not developed by SAP but used in multiple SAP products and have been actively exploited in the wild: 

CVE Description SAP Note Protect4S Check 
CVE-2021-44228 Apache Log4J multiple vulnerabilities multiple multiple 

Protect4S supports this initiative and has created a new security template that will be updated in line with CISA, making it possible for SAP Customers to quickly determine whether they comply with this directive. 

This new template will be distributed with Protect4S 6 Support Package 2202 in February. 

For more SAP security-related news, articles, and whitepapers, please follow us on LinkedIn! 

Try out  Protect4S for 1 month for free or request a demo!