SlideShare a Scribd company logo

LOG4J VULNERABILITY SAP BUSINESS ONE IMPACT AND WORK AROUNDS

A
AGSanePLDTCompany

This provides details on how to work around the Log4J Vulnerability on SAP Business One

Technology
1 of 23
Download to read offline
ADVISORY ON LOG4J VULNERABILITY: IMPACTS AND WORK AROUNDS
What is LOG4J Vulnerability and how does this impact you? Source: https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java/
What is LOG4J and where did it come from? Log4j is a chunk of code that helps software applications keep track of their past activities. Instead of reinventing a “logging” — or record- keeping — component each time developers build new software, they often use existing code like log4j instead. It’s free on the Internet and very widely used, appearing in a “big chunk” of Internet services, according to Asaf Ashkenazi, chief operating officer of security company Verimatrix.
How was the vulnerability discovered? Each time log4j is asked to log something new, it tries to make sense of that new entry and add it to the record. A few weeks ago, the cybersecurity community realized that by simply asking the program to log a line of malicious code, it would execute that code in the process, effectively letting bad actors grab control of servers that are running log4j.
Software bugs crop up all the time. Why is this one different? The fact that log4j is such a ubiquitous piece of software is what makes this such a big deal. Imagine if a common type of lock used by millions of people to keep their doors shut was suddenly discovered to be ineffective. Switching a single lock for a new one is easy, but finding all the millions of buildings that have that defective lock would take time and an immense amount of work.
Why act urgently on this? Huge swaths of the computer code that modern life runs on use Java and contain log4j. Cloud storage companies such as Google, Amazon and Microsoft, which provide the digital backbone for millions of other apps, are affected. So are giant software sellers whose programs are used by millions, such as IBM, Oracle and Salesforce. Devices that connect to the Internet such as TVs and security cameras are at risk as well. Hackers who try to break into digital spaces to steal information or plant malicious software suddenly have a massive new opportunity to try to get into nearly anywhere they want.
What versions are affected?
The following versions and components are affected: SAP Business One or SAP Business One, version for SAP HANA (version >= 9.3 PL07 and <= 10.0 FP2108) and the component Workflow is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed SAP Business One (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component JobService is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed
The following versions and components are affected: SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108)and the component Extension Manager(SLD) is installed SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed
What workarounds are available?
DISCLAIMER: Please assess the workaround applicability for your SAP landscape prior to implementation. Note that this workaround is a temporary fix but not a permanent solution. The content of the workaround may be updated over time. We strongly recommend to regularly check with AGS for updates.
When using SAP Business One or SAP Business One, version for SAP HANA (version >= 9.3 PL07 and <= 10.0 FP2108) and the component Workflow is installed, you can mitigate the vulnerability for Workflow with the following procedure: Open the package C:Program Files (x86)sapSAP Business One ServerToolsWorkflowworkflow-service.war in winrar. (Right click open in winrar.) Traverse to WEB-INFliblog4j-core-2.13.3.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. For version >= 9.3 PL07 and < 10.0 FP2008, traverse to WEB- INFliblog4j-core-2.11.1.jar, and do the operation. Accept the update archive. Restart the SAP Business One Workflow Engine from the windows services. 1. 2. 3. 4.
When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed, you can mitigate the vulnerability for License Server with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsLicenseHTTPSwebappsLicenseControlCenter.war in winrar. (Right click LicenseControlCenter.war and open it with winrar). Traverse to WEB-INFliblog4j-core-2.7.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed, you can mitigate the vulnerability for Service Layer with the following procedure: Go to the 64-bit Server Tools installation folder (for example, C:Program FilesSAPSAP Business One ServerTools). Navigate into the ServiceLayerController webapp folder: .ServiceLayerServiceLayerControllerwebapps Right click the ServiceLayerController.war and open it with winrar. Traverse to WEB-INFliblog4j-core-2.7.jar, double-click it and you will see the folder structure of log4j-core-2.7.jar. Find the file JndiLookup.class from the class path: org/apache/logging/log4j/core/lookup and delete this file. Accept the updated archive. Restart the 64-bit SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4. 5. 6. 7.
When using SAP Business One (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed, you can mitigate the vulnerability for Job Service with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsReportingServicewebappsReportingService.war in winrar. (Right click open in winrar.) Traverse to WEB-INFliblog4j-core-2.14.0.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed, you can mitigate the vulnerability for Extension Manager with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsExtensionManagerwebappsExtensionManager.war in winrar. (Right click ExtensionManager.war and open it in winrar.) Traverse to WEB-INFliblog4j-core-2.7.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed, you can mitigate the vulnerability for License Server with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the License’s webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/License/webapps 3. Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from LicenseControlCenter.war: unzip LicenseControlCenter.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip LicenseControlCenter.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of LicenseControlCenter.war by running the following command: chown b1service0:b1service0 LicenseControlCenter.war 5.Restart the server tools.
When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed, you can mitigate the vulnerability for Service Layer with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the ServiceLayer Controller's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServiceLayer/ServiceLayerController/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from ServiceLayerController.war: unzip ServiceLayerController.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ServiceLayerController.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of ServiceLayerController.war by running the following command: chown b1service0:b1service0 ServiceLayerController.war 5. Restart the server tools.
When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed, you can mitigate the vulnerability for Job Service with the following procedure:: Go to the server tools installation directory (e.g. /usr/sap/SAPBusinessOne) Navigate into the ReportingService Controller's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/ReportingService/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.14.0.jar from ReportingService.war: unzip ReportingService.war WEB-INF/lib/log4j-core-2.14.0.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.14.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ReportingService.war WEB-INF/lib/log4j-core-2.14.0.jar rm -r WEB-INF 4. Restore the permission of ReportingService.war by running the following command chown b1service0:b1service0 ReportingService.war 5. Restart the server tools.
When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed, you can mitigate the vulnerability for Extension Manager with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the ExtensionManager's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/ExtensionManager/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from ExtensionManager.war: unzip ExtensionManager.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ExtensionManager.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of ExtensionManager.war by running the following command: chown b1service0:b1service0 ExtensionManager.war 5. Restart the server tools.
When SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed, the vulnerability for Integration Framework can be mitigated with the following procedure:: Go to %InstallationDir%IntegrationServerTomcatwebappsB1iXcellerator. Edit the xcellerator.cfg file, and change xcl.reporting=false. Restart the Tomcat or Integration Service. Option 1: Switch off the execution of the Crystal Reports in the integration framework: 1. 2. 3. Side effect: The reporting processing functionality will be disabled.
When SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed, the vulnerability for Integration Framework can be mitigated with the following procedure:: Copy %InstallationDir%IntegrationServerTomcatwebappsB1iXcelleratorWEB- INFliblog4j-core.jar to a temp directory, named as %TempDir% Use command line, and cd to temp dir %TempDir% Run > jar -xvf log4j-core.jar and move the temp log4j-core.jar to another dir Go %TempDir%orgapachelogginglog4jcorelookup and Delete JndiLookup.class Use command line, and cd to %TempDir% again Run > jar -cvf log4j-core.jar. Stop B1i Tomcat / Integration Service Copy the log4j-core.jar from temp dir and overwrite the jar file in %InstallationDir%IntegrationServerTomcatwebappsB1iXcelleratorWEB- INFliblog4j-core.jar Restart B1i Tomcat / Integration Service Option 2: 1. 2. 3. 4. 5. 6. 7. 8. 9.
Download Winrar here

Recommended

Extensions in OAF
Extensions in OAF Extensions in OAF
Extensions in OAF iWare Logic Technologies Pvt. Ltd.
 
Engagement at Scale
Engagement at ScaleEngagement at Scale
Engagement at ScaleWorkday, Inc.
 
Oracle e-business suite (ebs) r12.2.6 - new functionality
Oracle e-business suite (ebs) r12.2.6 - new functionalityOracle e-business suite (ebs) r12.2.6 - new functionality
Oracle e-business suite (ebs) r12.2.6 - new functionalityMatthew Bezuidenhout
 
Oracle EBS Upgrade to 12.2.5.1
Oracle EBS Upgrade to 12.2.5.1Oracle EBS Upgrade to 12.2.5.1
Oracle EBS Upgrade to 12.2.5.1Amit Sharma
 
VMware Horizon (view) 7 Lab Manual
VMware Horizon (view) 7 Lab Manual VMware Horizon (view) 7 Lab Manual
VMware Horizon (view) 7 Lab Manual Sanjeev Kumar
 
Differences R12 Vs 11i.5.10
Differences R12 Vs 11i.5.10Differences R12 Vs 11i.5.10
Differences R12 Vs 11i.5.10Dharmalingam Kandampalayam Shanmugam
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
Threads & Concurrency
Threads & Concurrency Threads & Concurrency
Threads & Concurrency NomanMHasan
 

Recommended

Extensions in OAF
Extensions in OAF Extensions in OAF
Extensions in OAF iWare Logic Technologies Pvt. Ltd.
 
Engagement at Scale
Engagement at ScaleEngagement at Scale
Engagement at ScaleWorkday, Inc.
 
Oracle e-business suite (ebs) r12.2.6 - new functionality
Oracle e-business suite (ebs) r12.2.6 - new functionalityOracle e-business suite (ebs) r12.2.6 - new functionality
Oracle e-business suite (ebs) r12.2.6 - new functionalityMatthew Bezuidenhout
 
Oracle EBS Upgrade to 12.2.5.1
Oracle EBS Upgrade to 12.2.5.1Oracle EBS Upgrade to 12.2.5.1
Oracle EBS Upgrade to 12.2.5.1Amit Sharma
 
VMware Horizon (view) 7 Lab Manual
VMware Horizon (view) 7 Lab Manual VMware Horizon (view) 7 Lab Manual
VMware Horizon (view) 7 Lab Manual Sanjeev Kumar
 
Differences R12 Vs 11i.5.10
Differences R12 Vs 11i.5.10Differences R12 Vs 11i.5.10
Differences R12 Vs 11i.5.10Dharmalingam Kandampalayam Shanmugam
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
Threads & Concurrency
Threads & Concurrency Threads & Concurrency
Threads & Concurrency NomanMHasan
 
SAP Security interview questions
SAP Security interview questionsSAP Security interview questions
SAP Security interview questionsSiva Pradeep Bolisetti
 
Storage Virtualization Introduction
Storage Virtualization IntroductionStorage Virtualization Introduction
Storage Virtualization IntroductionStephen Foskett
 
Environment Hub Fundamentals (Salesforce Partners)
Environment Hub Fundamentals (Salesforce Partners)Environment Hub Fundamentals (Salesforce Partners)
Environment Hub Fundamentals (Salesforce Partners)Salesforce Partners
 
EMEA Airheads- ArubaOS - High availability with AP Fast Failover
EMEA Airheads- ArubaOS - High availability with AP Fast FailoverEMEA Airheads- ArubaOS - High availability with AP Fast Failover
EMEA Airheads- ArubaOS - High availability with AP Fast FailoverAruba, a Hewlett Packard Enterprise company
 
Salesforce Integration Patterns
Salesforce Integration PatternsSalesforce Integration Patterns
Salesforce Integration Patternsusolutions
 
ClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Oracle ebs r12_architecture
Oracle ebs r12_architectureOracle ebs r12_architecture
Oracle ebs r12_architectureprasanna432
 
Oracle Fusion & Cloud Applications Overview
Oracle Fusion & Cloud Applications OverviewOracle Fusion & Cloud Applications Overview
Oracle Fusion & Cloud Applications OverviewAhmed El-Demasy
 
Oracle Fusion Financials Overview
Oracle Fusion Financials OverviewOracle Fusion Financials Overview
Oracle Fusion Financials OverviewBerry Clemens
 
9 Principles for Salesforce Application Architecture
9 Principles for Salesforce Application Architecture9 Principles for Salesforce Application Architecture
9 Principles for Salesforce Application ArchitectureSteven Herod
 
Collaborate 15 White Paper Implementing Oracle Fusion Payroll
Collaborate 15 White Paper Implementing Oracle Fusion PayrollCollaborate 15 White Paper Implementing Oracle Fusion Payroll
Collaborate 15 White Paper Implementing Oracle Fusion PayrollWilliam Stratton
 
Juniper SRX
Juniper SRX Juniper SRX
Juniper SRX Niasta Learning
 
Oracle General ledger ivas
Oracle General ledger ivasOracle General ledger ivas
Oracle General ledger ivasAli Ibrahim
 
Oracle Financials R12 - GL STEP 1 - Chart Of Accounts
Oracle Financials R12 - GL STEP 1 - Chart Of AccountsOracle Financials R12 - GL STEP 1 - Chart Of Accounts
Oracle Financials R12 - GL STEP 1 - Chart Of AccountsMohammed Raouf
 
Oracle Low Code Lowdown: APEX vs VBCS
Oracle Low Code Lowdown: APEX vs VBCSOracle Low Code Lowdown: APEX vs VBCS
Oracle Low Code Lowdown: APEX vs VBCSKaren Cannell
 
Oracle SaaS Applications Overview
Oracle SaaS Applications OverviewOracle SaaS Applications Overview
Oracle SaaS Applications OverviewMichel Van Woudenberg
 
Overview of web services
Overview of web servicesOverview of web services
Overview of web servicesPeople Strategists
 
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)Amazon Web Services
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxyBrendan Jennings
 
Oracle R12 Financials New Features Overview
Oracle R12 Financials New Features OverviewOracle R12 Financials New Features Overview
Oracle R12 Financials New Features OverviewiWare Logic Technologies Pvt. Ltd.
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
How to Implement Fiori Central Hub 1610
How to Implement Fiori Central Hub 1610How to Implement Fiori Central Hub 1610
How to Implement Fiori Central Hub 1610StraVis Enterprize Solutions
 

More Related Content

What's hot

Storage Virtualization Introduction
Storage Virtualization IntroductionStorage Virtualization Introduction
Storage Virtualization IntroductionStephen Foskett
 
Environment Hub Fundamentals (Salesforce Partners)
Environment Hub Fundamentals (Salesforce Partners)Environment Hub Fundamentals (Salesforce Partners)
Environment Hub Fundamentals (Salesforce Partners)Salesforce Partners
 
Salesforce Integration Patterns
Salesforce Integration PatternsSalesforce Integration Patterns
Salesforce Integration Patternsusolutions
 
Oracle ebs r12_architecture
Oracle ebs r12_architectureOracle ebs r12_architecture
Oracle ebs r12_architectureprasanna432
 
Oracle Fusion & Cloud Applications Overview
Oracle Fusion & Cloud Applications OverviewOracle Fusion & Cloud Applications Overview
Oracle Fusion & Cloud Applications OverviewAhmed El-Demasy
 
Oracle Fusion Financials Overview
Oracle Fusion Financials OverviewOracle Fusion Financials Overview
Oracle Fusion Financials OverviewBerry Clemens
 
9 Principles for Salesforce Application Architecture
9 Principles for Salesforce Application Architecture9 Principles for Salesforce Application Architecture
9 Principles for Salesforce Application ArchitectureSteven Herod
 
Collaborate 15 White Paper Implementing Oracle Fusion Payroll
Collaborate 15 White Paper Implementing Oracle Fusion PayrollCollaborate 15 White Paper Implementing Oracle Fusion Payroll
Collaborate 15 White Paper Implementing Oracle Fusion PayrollWilliam Stratton
 
Oracle General ledger ivas
Oracle General ledger ivasOracle General ledger ivas
Oracle General ledger ivasAli Ibrahim
 
Oracle Financials R12 - GL STEP 1 - Chart Of Accounts
Oracle Financials R12 - GL STEP 1 - Chart Of AccountsOracle Financials R12 - GL STEP 1 - Chart Of Accounts
Oracle Financials R12 - GL STEP 1 - Chart Of AccountsMohammed Raouf
 
Oracle Low Code Lowdown: APEX vs VBCS
Oracle Low Code Lowdown: APEX vs VBCSOracle Low Code Lowdown: APEX vs VBCS
Oracle Low Code Lowdown: APEX vs VBCSKaren Cannell
 
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)Amazon Web Services
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxyBrendan Jennings
 

What's hot (20)

SAP Security interview questions
SAP Security interview questionsSAP Security interview questions
SAP Security interview questions
 
Storage Virtualization Introduction
Storage Virtualization IntroductionStorage Virtualization Introduction
Storage Virtualization Introduction
 
Environment Hub Fundamentals (Salesforce Partners)
Environment Hub Fundamentals (Salesforce Partners)Environment Hub Fundamentals (Salesforce Partners)
Environment Hub Fundamentals (Salesforce Partners)
 
EMEA Airheads- ArubaOS - High availability with AP Fast Failover
EMEA Airheads- ArubaOS - High availability with AP Fast FailoverEMEA Airheads- ArubaOS - High availability with AP Fast Failover
EMEA Airheads- ArubaOS - High availability with AP Fast Failover
 
Salesforce Integration Patterns
Salesforce Integration PatternsSalesforce Integration Patterns
Salesforce Integration Patterns
 
ClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User Guide
 
Oracle ebs r12_architecture
Oracle ebs r12_architectureOracle ebs r12_architecture
Oracle ebs r12_architecture
 
Oracle Fusion & Cloud Applications Overview
Oracle Fusion & Cloud Applications OverviewOracle Fusion & Cloud Applications Overview
Oracle Fusion & Cloud Applications Overview
 
Oracle Fusion Financials Overview
Oracle Fusion Financials OverviewOracle Fusion Financials Overview
Oracle Fusion Financials Overview
 
9 Principles for Salesforce Application Architecture
9 Principles for Salesforce Application Architecture9 Principles for Salesforce Application Architecture
9 Principles for Salesforce Application Architecture
 
Collaborate 15 White Paper Implementing Oracle Fusion Payroll
Collaborate 15 White Paper Implementing Oracle Fusion PayrollCollaborate 15 White Paper Implementing Oracle Fusion Payroll
Collaborate 15 White Paper Implementing Oracle Fusion Payroll
 
Juniper SRX
Juniper SRX Juniper SRX
Juniper SRX
 
Oracle General ledger ivas
Oracle General ledger ivasOracle General ledger ivas
Oracle General ledger ivas
 
Oracle Financials R12 - GL STEP 1 - Chart Of Accounts
Oracle Financials R12 - GL STEP 1 - Chart Of AccountsOracle Financials R12 - GL STEP 1 - Chart Of Accounts
Oracle Financials R12 - GL STEP 1 - Chart Of Accounts
 
Oracle Low Code Lowdown: APEX vs VBCS
Oracle Low Code Lowdown: APEX vs VBCSOracle Low Code Lowdown: APEX vs VBCS
Oracle Low Code Lowdown: APEX vs VBCS
 
Oracle SaaS Applications Overview
Oracle SaaS Applications OverviewOracle SaaS Applications Overview
Oracle SaaS Applications Overview
 
Overview of web services
Overview of web servicesOverview of web services
Overview of web services
 
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
SRV401 Deep Dive on Amazon Elastic File System (Amazon EFS)
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxy
 
Oracle R12 Financials New Features Overview
Oracle R12 Financials New Features OverviewOracle R12 Financials New Features Overview
Oracle R12 Financials New Features Overview
 

Similar to LOG4J VULNERABILITY SAP BUSINESS ONE IMPACT AND WORK AROUNDS

Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
N-Tier Application with Windows Forms - Deployment and Security
N-Tier Application with Windows Forms - Deployment and SecurityN-Tier Application with Windows Forms - Deployment and Security
N-Tier Application with Windows Forms - Deployment and SecurityPeter Gfader
 
PhoneGap JavaScript API vs Native Components
PhoneGap JavaScript API vs Native ComponentsPhoneGap JavaScript API vs Native Components
PhoneGap JavaScript API vs Native ComponentsTechAhead
 
Jboss App Server
Jboss App ServerJboss App Server
Jboss App Serveracosdt
 
EMC Documentum - xCP 2.x Troubleshooting
EMC Documentum - xCP 2.x TroubleshootingEMC Documentum - xCP 2.x Troubleshooting
EMC Documentum - xCP 2.x TroubleshootingHaytham Ghandour
 
Microsoft WebsiteSpark & Windows Platform Installer
Microsoft WebsiteSpark & Windows Platform InstallerMicrosoft WebsiteSpark & Windows Platform Installer
Microsoft WebsiteSpark & Windows Platform InstallerGeorge Kanellopoulos
 
cPanel Plugin Contains Log4j Vulnerability
cPanel Plugin Contains Log4j VulnerabilitycPanel Plugin Contains Log4j Vulnerability
cPanel Plugin Contains Log4j VulnerabilityTemok IT Services
 
C panel plugin contains log4j vulnerability
C panel plugin contains log4j vulnerabilityC panel plugin contains log4j vulnerability
C panel plugin contains log4j vulnerabilityTemok IT Services
 
C panel plugin contains log4j vulnerability
C panel plugin contains log4j vulnerabilityC panel plugin contains log4j vulnerability
C panel plugin contains log4j vulnerabilityTemok IT Services
 
M365 global developer bootcamp 2019 PA
M365 global developer bootcamp 2019 PAM365 global developer bootcamp 2019 PA
M365 global developer bootcamp 2019 PAThomas Daly
 
1 app 2 developers 3 servers
1 app 2 developers 3 servers1 app 2 developers 3 servers
1 app 2 developers 3 serversMark Myers
 
SAP_Enable_Now_Master_Guide_en-US.pdf
SAP_Enable_Now_Master_Guide_en-US.pdfSAP_Enable_Now_Master_Guide_en-US.pdf
SAP_Enable_Now_Master_Guide_en-US.pdfssuser2e8ccd
 
Expert Guidance on debugging React Native Apps: Recommended Practices and Han...
Expert Guidance on debugging React Native Apps: Recommended Practices and Han...Expert Guidance on debugging React Native Apps: Recommended Practices and Han...
Expert Guidance on debugging React Native Apps: Recommended Practices and Han...Shelly Megan
 
Using galen framework for automated cross browser layout testing
Using galen framework for automated cross browser layout testingUsing galen framework for automated cross browser layout testing
Using galen framework for automated cross browser layout testingSarah Elson
 
JAVA LOGGING for JAVA APPLICATION PERFORMANCE
JAVA LOGGING for JAVA APPLICATION PERFORMANCEJAVA LOGGING for JAVA APPLICATION PERFORMANCE
JAVA LOGGING for JAVA APPLICATION PERFORMANCERajendra Ladkat
 
M365 global developer bootcamp 2019
M365 global developer bootcamp 2019M365 global developer bootcamp 2019
M365 global developer bootcamp 2019Thomas Daly
 
Full Stack Web Development: Vision, Challenges and Future Scope
Full Stack Web Development: Vision, Challenges and Future ScopeFull Stack Web Development: Vision, Challenges and Future Scope
Full Stack Web Development: Vision, Challenges and Future ScopeIRJET Journal
 

Similar to LOG4J VULNERABILITY SAP BUSINESS ONE IMPACT AND WORK AROUNDS (20)

Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
How to Implement Fiori Central Hub 1610
How to Implement Fiori Central Hub 1610How to Implement Fiori Central Hub 1610
How to Implement Fiori Central Hub 1610
 
N-Tier Application with Windows Forms - Deployment and Security
N-Tier Application with Windows Forms - Deployment and SecurityN-Tier Application with Windows Forms - Deployment and Security
N-Tier Application with Windows Forms - Deployment and Security
 
PhoneGap JavaScript API vs Native Components
PhoneGap JavaScript API vs Native ComponentsPhoneGap JavaScript API vs Native Components
PhoneGap JavaScript API vs Native Components
 
Jboss App Server
Jboss App ServerJboss App Server
Jboss App Server
 
EMC Documentum - xCP 2.x Troubleshooting
EMC Documentum - xCP 2.x TroubleshootingEMC Documentum - xCP 2.x Troubleshooting
EMC Documentum - xCP 2.x Troubleshooting
 
Microsoft WebsiteSpark & Windows Platform Installer
Microsoft WebsiteSpark & Windows Platform InstallerMicrosoft WebsiteSpark & Windows Platform Installer
Microsoft WebsiteSpark & Windows Platform Installer
 
cPanel Plugin Contains Log4j Vulnerability
cPanel Plugin Contains Log4j VulnerabilitycPanel Plugin Contains Log4j Vulnerability
cPanel Plugin Contains Log4j Vulnerability
 
C panel plugin contains log4j vulnerability
C panel plugin contains log4j vulnerabilityC panel plugin contains log4j vulnerability
C panel plugin contains log4j vulnerability
 
C panel plugin contains log4j vulnerability
C panel plugin contains log4j vulnerabilityC panel plugin contains log4j vulnerability
C panel plugin contains log4j vulnerability
 
Srm 6.0
Srm 6.0Srm 6.0
Srm 6.0
 
M365 global developer bootcamp 2019 PA
M365 global developer bootcamp 2019 PAM365 global developer bootcamp 2019 PA
M365 global developer bootcamp 2019 PA
 
1 app 2 developers 3 servers
1 app 2 developers 3 servers1 app 2 developers 3 servers
1 app 2 developers 3 servers
 
SAP_Enable_Now_Master_Guide_en-US.pdf
SAP_Enable_Now_Master_Guide_en-US.pdfSAP_Enable_Now_Master_Guide_en-US.pdf
SAP_Enable_Now_Master_Guide_en-US.pdf
 
Expert Guidance on debugging React Native Apps: Recommended Practices and Han...
Expert Guidance on debugging React Native Apps: Recommended Practices and Han...Expert Guidance on debugging React Native Apps: Recommended Practices and Han...
Expert Guidance on debugging React Native Apps: Recommended Practices and Han...
 
Using galen framework for automated cross browser layout testing
Using galen framework for automated cross browser layout testingUsing galen framework for automated cross browser layout testing
Using galen framework for automated cross browser layout testing
 
JAVA LOGGING for JAVA APPLICATION PERFORMANCE
JAVA LOGGING for JAVA APPLICATION PERFORMANCEJAVA LOGGING for JAVA APPLICATION PERFORMANCE
JAVA LOGGING for JAVA APPLICATION PERFORMANCE
 
309675745
309675745309675745
309675745
 
M365 global developer bootcamp 2019
M365 global developer bootcamp 2019M365 global developer bootcamp 2019
M365 global developer bootcamp 2019
 
Full Stack Web Development: Vision, Challenges and Future Scope
Full Stack Web Development: Vision, Challenges and Future ScopeFull Stack Web Development: Vision, Challenges and Future Scope
Full Stack Web Development: Vision, Challenges and Future Scope
 

More from AGSanePLDTCompany

SAP Business One - CRM and Sales/AR Module
SAP Business One - CRM and Sales/AR ModuleSAP Business One - CRM and Sales/AR Module
SAP Business One - CRM and Sales/AR ModuleAGSanePLDTCompany
 
2022 AGS CLIENT APPRECIATON DAY SAP BUSINESS ONE UPDATES
2022 AGS CLIENT APPRECIATON DAY SAP BUSINESS ONE UPDATES 2022 AGS CLIENT APPRECIATON DAY SAP BUSINESS ONE UPDATES
2022 AGS CLIENT APPRECIATON DAY SAP BUSINESS ONE UPDATES AGSanePLDTCompany
 
2022 CLIENT APPRECIATION DAY SAP S/4HANA UPDATES TO CUSTOMERS
2022 CLIENT APPRECIATION DAY SAP S/4HANA UPDATES TO CUSTOMERS2022 CLIENT APPRECIATION DAY SAP S/4HANA UPDATES TO CUSTOMERS
2022 CLIENT APPRECIATION DAY SAP S/4HANA UPDATES TO CUSTOMERSAGSanePLDTCompany
 
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 25.pptx
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 25.pptx2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 25.pptx
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 25.pptxAGSanePLDTCompany
 
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 24.pptx
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 24.pptx2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 24.pptx
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 24.pptxAGSanePLDTCompany
 
2022 AGS Cebu Client Appreciation Day
2022 AGS Cebu Client Appreciation Day 2022 AGS Cebu Client Appreciation Day
2022 AGS Cebu Client Appreciation Day AGSanePLDTCompany
 
The New Business Essentials: Analytics that Matters with BIR E-Invoicing Session
The New Business Essentials: Analytics that Matters with BIR E-Invoicing SessionThe New Business Essentials: Analytics that Matters with BIR E-Invoicing Session
The New Business Essentials: Analytics that Matters with BIR E-Invoicing SessionAGSanePLDTCompany
 
Refresher Training_Inventory Management.pdf
Refresher Training_Inventory Management.pdfRefresher Training_Inventory Management.pdf
Refresher Training_Inventory Management.pdfAGSanePLDTCompany
 
SAP SME - The Agility Engine think piece - partner - July 10.pdf
SAP SME - The Agility Engine think piece - partner - July 10.pdfSAP SME - The Agility Engine think piece - partner - July 10.pdf
SAP SME - The Agility Engine think piece - partner - July 10.pdfAGSanePLDTCompany
 
SAP Business One Financial Module
SAP Business One Financial ModuleSAP Business One Financial Module
SAP Business One Financial ModuleAGSanePLDTCompany
 
SAP Business One Basics and Procure to Pay
SAP Business One Basics and Procure to PaySAP Business One Basics and Procure to Pay
SAP Business One Basics and Procure to PayAGSanePLDTCompany
 
Quickhits 2022 Add Button Extended In Marketing Documents
Quickhits 2022 Add Button Extended In Marketing DocumentsQuickhits 2022 Add Button Extended In Marketing Documents
Quickhits 2022 Add Button Extended In Marketing DocumentsAGSanePLDTCompany
 
Webinar February 23 AGS Mobile Technologies
Webinar February 23 AGS Mobile TechnologiesWebinar February 23 AGS Mobile Technologies
Webinar February 23 AGS Mobile TechnologiesAGSanePLDTCompany
 
SAP B1 Intelligent Enterprise AGS
SAP B1 Intelligent Enterprise AGSSAP B1 Intelligent Enterprise AGS
SAP B1 Intelligent Enterprise AGSAGSanePLDTCompany
 
AGS Support Live SAP Business One Order to Cash
AGS Support Live SAP Business One Order to Cash AGS Support Live SAP Business One Order to Cash
AGS Support Live SAP Business One Order to Cash AGSanePLDTCompany
 
AGS x COUPA's Lunch + Learn Series: Optimizing Spend and Cash
AGS x COUPA's Lunch + Learn Series: Optimizing Spend and Cash AGS x COUPA's Lunch + Learn Series: Optimizing Spend and Cash
AGS x COUPA's Lunch + Learn Series: Optimizing Spend and Cash AGSanePLDTCompany
 
AGS x COUPA's Lunch + Learn Series: Improving Operational Performance
AGS x COUPA's Lunch + Learn Series: Improving Operational Performance AGS x COUPA's Lunch + Learn Series: Improving Operational Performance
AGS x COUPA's Lunch + Learn Series: Improving Operational Performance AGSanePLDTCompany
 
AGS Support Live: SAP Business One Procure to Pay Refresher Training
AGS Support Live: SAP Business One Procure to Pay Refresher TrainingAGS Support Live: SAP Business One Procure to Pay Refresher Training
AGS Support Live: SAP Business One Procure to Pay Refresher TrainingAGSanePLDTCompany
 

More from AGSanePLDTCompany (20)

SAP Business One - CRM and Sales/AR Module
SAP Business One - CRM and Sales/AR ModuleSAP Business One - CRM and Sales/AR Module
SAP Business One - CRM and Sales/AR Module
 
2022 AGS CLIENT APPRECIATON DAY SAP BUSINESS ONE UPDATES
2022 AGS CLIENT APPRECIATON DAY SAP BUSINESS ONE UPDATES 2022 AGS CLIENT APPRECIATON DAY SAP BUSINESS ONE UPDATES
2022 AGS CLIENT APPRECIATON DAY SAP BUSINESS ONE UPDATES
 
2022 CLIENT APPRECIATION DAY SAP S/4HANA UPDATES TO CUSTOMERS
2022 CLIENT APPRECIATION DAY SAP S/4HANA UPDATES TO CUSTOMERS2022 CLIENT APPRECIATION DAY SAP S/4HANA UPDATES TO CUSTOMERS
2022 CLIENT APPRECIATION DAY SAP S/4HANA UPDATES TO CUSTOMERS
 
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 25.pptx
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 25.pptx2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 25.pptx
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 25.pptx
 
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 24.pptx
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 24.pptx2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 24.pptx
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 24.pptx
 
2022 AGS Cebu Client Appreciation Day
2022 AGS Cebu Client Appreciation Day 2022 AGS Cebu Client Appreciation Day
2022 AGS Cebu Client Appreciation Day
 
The New Business Essentials: Analytics that Matters with BIR E-Invoicing Session
The New Business Essentials: Analytics that Matters with BIR E-Invoicing SessionThe New Business Essentials: Analytics that Matters with BIR E-Invoicing Session
The New Business Essentials: Analytics that Matters with BIR E-Invoicing Session
 
Refresher Training_Inventory Management.pdf
Refresher Training_Inventory Management.pdfRefresher Training_Inventory Management.pdf
Refresher Training_Inventory Management.pdf
 
SAP SME - The Agility Engine think piece - partner - July 10.pdf
SAP SME - The Agility Engine think piece - partner - July 10.pdfSAP SME - The Agility Engine think piece - partner - July 10.pdf
SAP SME - The Agility Engine think piece - partner - July 10.pdf
 
SAP Business One Financial Module
SAP Business One Financial ModuleSAP Business One Financial Module
SAP Business One Financial Module
 
SAP Business One Basics and Procure to Pay
SAP Business One Basics and Procure to PaySAP Business One Basics and Procure to Pay
SAP Business One Basics and Procure to Pay
 
Rise with SAP
Rise with SAPRise with SAP
Rise with SAP
 
Quickhits 2022 Add Button Extended In Marketing Documents
Quickhits 2022 Add Button Extended In Marketing DocumentsQuickhits 2022 Add Button Extended In Marketing Documents
Quickhits 2022 Add Button Extended In Marketing Documents
 
Webinar February 23 AGS Mobile Technologies
Webinar February 23 AGS Mobile TechnologiesWebinar February 23 AGS Mobile Technologies
Webinar February 23 AGS Mobile Technologies
 
SAP B1 Intelligent Enterprise AGS
SAP B1 Intelligent Enterprise AGSSAP B1 Intelligent Enterprise AGS
SAP B1 Intelligent Enterprise AGS
 
Data Ownership
Data OwnershipData Ownership
Data Ownership
 
AGS Support Live SAP Business One Order to Cash
AGS Support Live SAP Business One Order to Cash AGS Support Live SAP Business One Order to Cash
AGS Support Live SAP Business One Order to Cash
 
AGS x COUPA's Lunch + Learn Series: Optimizing Spend and Cash
AGS x COUPA's Lunch + Learn Series: Optimizing Spend and Cash AGS x COUPA's Lunch + Learn Series: Optimizing Spend and Cash
AGS x COUPA's Lunch + Learn Series: Optimizing Spend and Cash
 
AGS x COUPA's Lunch + Learn Series: Improving Operational Performance
AGS x COUPA's Lunch + Learn Series: Improving Operational Performance AGS x COUPA's Lunch + Learn Series: Improving Operational Performance
AGS x COUPA's Lunch + Learn Series: Improving Operational Performance
 
AGS Support Live: SAP Business One Procure to Pay Refresher Training
AGS Support Live: SAP Business One Procure to Pay Refresher TrainingAGS Support Live: SAP Business One Procure to Pay Refresher Training
AGS Support Live: SAP Business One Procure to Pay Refresher Training
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

LOG4J VULNERABILITY SAP BUSINESS ONE IMPACT AND WORK AROUNDS

  • 1. ADVISORY ON LOG4J VULNERABILITY: IMPACTS AND WORK AROUNDS
  • 2. What is LOG4J Vulnerability and how does this impact you? Source: https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java/
  • 3. What is LOG4J and where did it come from? Log4j is a chunk of code that helps software applications keep track of their past activities. Instead of reinventing a “logging” — or record- keeping — component each time developers build new software, they often use existing code like log4j instead. It’s free on the Internet and very widely used, appearing in a “big chunk” of Internet services, according to Asaf Ashkenazi, chief operating officer of security company Verimatrix.
  • 4. How was the vulnerability discovered? Each time log4j is asked to log something new, it tries to make sense of that new entry and add it to the record. A few weeks ago, the cybersecurity community realized that by simply asking the program to log a line of malicious code, it would execute that code in the process, effectively letting bad actors grab control of servers that are running log4j.
  • 5. Software bugs crop up all the time. Why is this one different? The fact that log4j is such a ubiquitous piece of software is what makes this such a big deal. Imagine if a common type of lock used by millions of people to keep their doors shut was suddenly discovered to be ineffective. Switching a single lock for a new one is easy, but finding all the millions of buildings that have that defective lock would take time and an immense amount of work.
  • 6. Why act urgently on this? Huge swaths of the computer code that modern life runs on use Java and contain log4j. Cloud storage companies such as Google, Amazon and Microsoft, which provide the digital backbone for millions of other apps, are affected. So are giant software sellers whose programs are used by millions, such as IBM, Oracle and Salesforce. Devices that connect to the Internet such as TVs and security cameras are at risk as well. Hackers who try to break into digital spaces to steal information or plant malicious software suddenly have a massive new opportunity to try to get into nearly anywhere they want.
  • 8. The following versions and components are affected: SAP Business One or SAP Business One, version for SAP HANA (version >= 9.3 PL07 and <= 10.0 FP2108) and the component Workflow is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed SAP Business One (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component JobService is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed
  • 9. The following versions and components are affected: SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108)and the component Extension Manager(SLD) is installed SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed
  • 11. DISCLAIMER: Please assess the workaround applicability for your SAP landscape prior to implementation. Note that this workaround is a temporary fix but not a permanent solution. The content of the workaround may be updated over time. We strongly recommend to regularly check with AGS for updates.
  • 12. When using SAP Business One or SAP Business One, version for SAP HANA (version >= 9.3 PL07 and <= 10.0 FP2108) and the component Workflow is installed, you can mitigate the vulnerability for Workflow with the following procedure: Open the package C:Program Files (x86)sapSAP Business One ServerToolsWorkflowworkflow-service.war in winrar. (Right click open in winrar.) Traverse to WEB-INFliblog4j-core-2.13.3.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. For version >= 9.3 PL07 and < 10.0 FP2008, traverse to WEB- INFliblog4j-core-2.11.1.jar, and do the operation. Accept the update archive. Restart the SAP Business One Workflow Engine from the windows services. 1. 2. 3. 4.
  • 13. When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed, you can mitigate the vulnerability for License Server with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsLicenseHTTPSwebappsLicenseControlCenter.war in winrar. (Right click LicenseControlCenter.war and open it with winrar). Traverse to WEB-INFliblog4j-core-2.7.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
  • 14. When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed, you can mitigate the vulnerability for Service Layer with the following procedure: Go to the 64-bit Server Tools installation folder (for example, C:Program FilesSAPSAP Business One ServerTools). Navigate into the ServiceLayerController webapp folder: .ServiceLayerServiceLayerControllerwebapps Right click the ServiceLayerController.war and open it with winrar. Traverse to WEB-INFliblog4j-core-2.7.jar, double-click it and you will see the folder structure of log4j-core-2.7.jar. Find the file JndiLookup.class from the class path: org/apache/logging/log4j/core/lookup and delete this file. Accept the updated archive. Restart the 64-bit SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4. 5. 6. 7.
  • 15. When using SAP Business One (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed, you can mitigate the vulnerability for Job Service with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsReportingServicewebappsReportingService.war in winrar. (Right click open in winrar.) Traverse to WEB-INFliblog4j-core-2.14.0.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
  • 16. When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed, you can mitigate the vulnerability for Extension Manager with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsExtensionManagerwebappsExtensionManager.war in winrar. (Right click ExtensionManager.war and open it in winrar.) Traverse to WEB-INFliblog4j-core-2.7.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
  • 17. When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed, you can mitigate the vulnerability for License Server with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the License’s webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/License/webapps 3. Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from LicenseControlCenter.war: unzip LicenseControlCenter.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip LicenseControlCenter.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of LicenseControlCenter.war by running the following command: chown b1service0:b1service0 LicenseControlCenter.war 5.Restart the server tools.
  • 18. When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed, you can mitigate the vulnerability for Service Layer with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the ServiceLayer Controller's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServiceLayer/ServiceLayerController/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from ServiceLayerController.war: unzip ServiceLayerController.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ServiceLayerController.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of ServiceLayerController.war by running the following command: chown b1service0:b1service0 ServiceLayerController.war 5. Restart the server tools.
  • 19. When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed, you can mitigate the vulnerability for Job Service with the following procedure:: Go to the server tools installation directory (e.g. /usr/sap/SAPBusinessOne) Navigate into the ReportingService Controller's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/ReportingService/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.14.0.jar from ReportingService.war: unzip ReportingService.war WEB-INF/lib/log4j-core-2.14.0.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.14.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ReportingService.war WEB-INF/lib/log4j-core-2.14.0.jar rm -r WEB-INF 4. Restore the permission of ReportingService.war by running the following command chown b1service0:b1service0 ReportingService.war 5. Restart the server tools.
  • 20. When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed, you can mitigate the vulnerability for Extension Manager with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the ExtensionManager's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/ExtensionManager/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from ExtensionManager.war: unzip ExtensionManager.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ExtensionManager.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of ExtensionManager.war by running the following command: chown b1service0:b1service0 ExtensionManager.war 5. Restart the server tools.
  • 21. When SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed, the vulnerability for Integration Framework can be mitigated with the following procedure:: Go to %InstallationDir%IntegrationServerTomcatwebappsB1iXcellerator. Edit the xcellerator.cfg file, and change xcl.reporting=false. Restart the Tomcat or Integration Service. Option 1: Switch off the execution of the Crystal Reports in the integration framework: 1. 2. 3. Side effect: The reporting processing functionality will be disabled.
  • 22. When SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed, the vulnerability for Integration Framework can be mitigated with the following procedure:: Copy %InstallationDir%IntegrationServerTomcatwebappsB1iXcelleratorWEB- INFliblog4j-core.jar to a temp directory, named as %TempDir% Use command line, and cd to temp dir %TempDir% Run > jar -xvf log4j-core.jar and move the temp log4j-core.jar to another dir Go %TempDir%orgapachelogginglog4jcorelookup and Delete JndiLookup.class Use command line, and cd to %TempDir% again Run > jar -cvf log4j-core.jar. Stop B1i Tomcat / Integration Service Copy the log4j-core.jar from temp dir and overwrite the jar file in %InstallationDir%IntegrationServerTomcatwebappsB1iXcelleratorWEB- INFliblog4j-core.jar Restart B1i Tomcat / Integration Service Option 2: 1. 2. 3. 4. 5. 6. 7. 8. 9.