Hi,
Accorrding to the CVE-2021-44228 Vulnerability and Sage x3.
Elastic search uses log4j any suggestion or recomendations about this?
According to Elastic search website there is some mitigation available for elastic search
According to Elastic search website there is some mitigation available for elastic search
Yes, i have added -Dlog4j2.formatMsgNoLookups=true in the JVM_OPTIONS file for Elastic Search and restart the services. But we have alot of different version of X3 and elastic search out there, For the old bundled elastic search i have used the managermode of the service and added the parameters.
how exactly did you do this? i need to also do the same thing. Did you figuire out how to fix it in the SAP business objects? our SOC found that was installed by sage x3 "C:\program files (x86)\sap businessobjects\sap businessobjects enterprise xi 4.0\java\lib\external\axis2\1.6.2\log4j-1.2.15.jar"
Is the sap business objects you mention a part of the printserver installation or is it development tools for crystal reports?
im not sure. i think its the crystal reports thats on the erp web server.
it appears to be deeply integrated into crystal reports generation.
it seems that log4j version 1 is not impacted
*Community Hub is the new name for Sage City