Hi,
Accorrding to the CVE-2021-44228 Vulnerability and Sage x3.
Elastic search uses log4j any suggestion or recomendations about this?
According to Elastic search website there is some mitigation available for elastic search
Yes, i have added -Dlog4j2.formatMsgNoLookups=true in the JVM_OPTIONS file for Elastic Search and restart the services. But we have alot of different version of X3 and elastic search out there, For the old bundled elastic search i have used the managermode of the service and added the parameters.
how exactly did you do this? i need to also do the same thing. Did you figuire out how to fix it in the SAP business objects? our SOC found that was installed by sage x3 "C:\program files (x86)\sap businessobjects\sap businessobjects enterprise xi 4.0\java\lib\external\axis2\1.6.2\log4j-1.2.15.jar"
how exactly did you do this? i need to also do the same thing. Did you figuire out how to fix it in the SAP business objects? our SOC found that was installed by sage x3 "C:\program files (x86)\sap businessobjects\sap businessobjects enterprise xi 4.0\java\lib\external\axis2\1.6.2\log4j-1.2.15.jar"
Is the sap business objects you mention a part of the printserver installation or is it development tools for crystal reports?
im not sure. i think its the crystal reports thats on the erp web server.
it appears to be deeply integrated into crystal reports generation.
it seems that log4j version 1 is not impacted
*Community Hub is the new name for Sage City