This new directive underlines the risk posed by Log4j vulnerabilities
To stress the importance of the vulnerabilities found in Log4j, the Cybersecurity and Infrastructure Security Agency of the United States government (CISA) has issued Emergency Directive 22-01. The directive requires federal civilian agencies to identify and remediate these vulnerabilities on their information systems.
Although these directives require action from federal civilian agencies only, CISA strongly recommends that private businesses and state, local, tribal, and territorial (SLTT) governments review and monitor these as well and remediate the listed vulnerabilities to strengthen their security and resilience posture. Building collective resilience requires action across all stakeholders.
The directive list currently contains the following vulnerabilities that are present in Apache, a component not developed by SAP but used in multiple SAP products and have been actively exploited in the wild:
|CVE||Description||SAP Note||Protect4S Check|
|CVE-2021-44228||Apache Log4J multiple vulnerabilities||multiple||multiple|
Protect4S supports this initiative and has created a new security template that will be updated in line with CISA, making it possible for SAP Customers to quickly determine whether they comply with this directive.
This new template will be distributed with Protect4S 6 Support Package 2202 in February.
For more SAP security-related news, articles, and whitepapers, please follow us on LinkedIn!
Try out Protect4S for 1 month for free or request a demo!