CVE-2021-44228 (Log4j) Impact to MET/TEAM
Incident Report for MET/TEAM
Resolved
SAP has reported that the referenced issue does not impact Crystal Reports Runtime (https://answers.sap.com/answers/13548409/view.html). Therefore, MET/TEAM is not impacted by CVE-2021-44228.
Posted Dec 13, 2021 - 21:34 UTC
Update
SAP is aware of the issue and is working to resolve it. Once we have a resolution there, we will determine what needs to happen on our end to apply the fix.
Posted Dec 13, 2021 - 16:43 UTC
Investigating
Late last week, a security flaw was identified in Log4j, a widely-used logging library from Apache (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228). While the MET/TEAM application itself does not use this library, our reporting engine, SAP Crystal Reports, does. We are awaiting further information from SAP about how they have dealt with this issue. Once we have additional answers, we will update this incident.
Posted Dec 13, 2021 - 03:52 UTC