SlideShare a Scribd company logo

LOG4J VULNERABILITY SAP BUSINESS ONE IMPACT AND WORK AROUNDS

A
AGSanePLDTCompany

Log4j is widely used logging software that was found to have a vulnerability allowing malicious code execution. The vulnerability impacts many major software and internet services. Workarounds are provided to mitigate the vulnerability for various versions of SAP Business One and its components by removing or disabling the vulnerable class from the log4j library. Administrators are urged to apply the workarounds as the vulnerability poses a major security risk by enabling widespread hacking attempts.

Technology
Related topics:
SAP Business One cloud-erp
1 of 23
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
ADVISORY ON LOG4J VULNERABILITY: IMPACTS AND WORK AROUNDS
What is LOG4J Vulnerability and how does this impact you? Source: https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java/
What is LOG4J and where did it come from? Log4j is a chunk of code that helps software applications keep track of their past activities. Instead of reinventing a “logging” — or record- keeping — component each time developers build new software, they often use existing code like log4j instead. It’s free on the Internet and very widely used, appearing in a “big chunk” of Internet services, according to Asaf Ashkenazi, chief operating officer of security company Verimatrix.
How was the vulnerability discovered? Each time log4j is asked to log something new, it tries to make sense of that new entry and add it to the record. A few weeks ago, the cybersecurity community realized that by simply asking the program to log a line of malicious code, it would execute that code in the process, effectively letting bad actors grab control of servers that are running log4j.
Software bugs crop up all the time. Why is this one different? The fact that log4j is such a ubiquitous piece of software is what makes this such a big deal. Imagine if a common type of lock used by millions of people to keep their doors shut was suddenly discovered to be ineffective. Switching a single lock for a new one is easy, but finding all the millions of buildings that have that defective lock would take time and an immense amount of work.
Why act urgently on this? Huge swaths of the computer code that modern life runs on use Java and contain log4j. Cloud storage companies such as Google, Amazon and Microsoft, which provide the digital backbone for millions of other apps, are affected. So are giant software sellers whose programs are used by millions, such as IBM, Oracle and Salesforce. Devices that connect to the Internet such as TVs and security cameras are at risk as well. Hackers who try to break into digital spaces to steal information or plant malicious software suddenly have a massive new opportunity to try to get into nearly anywhere they want.
What versions are affected?
The following versions and components are affected: SAP Business One or SAP Business One, version for SAP HANA (version >= 9.3 PL07 and <= 10.0 FP2108) and the component Workflow is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed SAP Business One (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component JobService is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed
The following versions and components are affected: SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108)and the component Extension Manager(SLD) is installed SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed
What workarounds are available?
DISCLAIMER: Please assess the workaround applicability for your SAP landscape prior to implementation. Note that this workaround is a temporary fix but not a permanent solution. The content of the workaround may be updated over time. We strongly recommend to regularly check with AGS for updates.
When using SAP Business One or SAP Business One, version for SAP HANA (version >= 9.3 PL07 and <= 10.0 FP2108) and the component Workflow is installed, you can mitigate the vulnerability for Workflow with the following procedure: Open the package C:Program Files (x86)sapSAP Business One ServerToolsWorkflowworkflow-service.war in winrar. (Right click open in winrar.) Traverse to WEB-INFliblog4j-core-2.13.3.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. For version >= 9.3 PL07 and < 10.0 FP2008, traverse to WEB- INFliblog4j-core-2.11.1.jar, and do the operation. Accept the update archive. Restart the SAP Business One Workflow Engine from the windows services. 1. 2. 3. 4.
When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed, you can mitigate the vulnerability for License Server with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsLicenseHTTPSwebappsLicenseControlCenter.war in winrar. (Right click LicenseControlCenter.war and open it with winrar). Traverse to WEB-INFliblog4j-core-2.7.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed, you can mitigate the vulnerability for Service Layer with the following procedure: Go to the 64-bit Server Tools installation folder (for example, C:Program FilesSAPSAP Business One ServerTools). Navigate into the ServiceLayerController webapp folder: .ServiceLayerServiceLayerControllerwebapps Right click the ServiceLayerController.war and open it with winrar. Traverse to WEB-INFliblog4j-core-2.7.jar, double-click it and you will see the folder structure of log4j-core-2.7.jar. Find the file JndiLookup.class from the class path: org/apache/logging/log4j/core/lookup and delete this file. Accept the updated archive. Restart the 64-bit SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4. 5. 6. 7.
When using SAP Business One (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed, you can mitigate the vulnerability for Job Service with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsReportingServicewebappsReportingService.war in winrar. (Right click open in winrar.) Traverse to WEB-INFliblog4j-core-2.14.0.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed, you can mitigate the vulnerability for Extension Manager with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsExtensionManagerwebappsExtensionManager.war in winrar. (Right click ExtensionManager.war and open it in winrar.) Traverse to WEB-INFliblog4j-core-2.7.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed, you can mitigate the vulnerability for License Server with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the License’s webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/License/webapps 3. Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from LicenseControlCenter.war: unzip LicenseControlCenter.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip LicenseControlCenter.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of LicenseControlCenter.war by running the following command: chown b1service0:b1service0 LicenseControlCenter.war 5.Restart the server tools.
When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed, you can mitigate the vulnerability for Service Layer with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the ServiceLayer Controller's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServiceLayer/ServiceLayerController/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from ServiceLayerController.war: unzip ServiceLayerController.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ServiceLayerController.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of ServiceLayerController.war by running the following command: chown b1service0:b1service0 ServiceLayerController.war 5. Restart the server tools.
When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed, you can mitigate the vulnerability for Job Service with the following procedure:: Go to the server tools installation directory (e.g. /usr/sap/SAPBusinessOne) Navigate into the ReportingService Controller's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/ReportingService/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.14.0.jar from ReportingService.war: unzip ReportingService.war WEB-INF/lib/log4j-core-2.14.0.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.14.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ReportingService.war WEB-INF/lib/log4j-core-2.14.0.jar rm -r WEB-INF 4. Restore the permission of ReportingService.war by running the following command chown b1service0:b1service0 ReportingService.war 5. Restart the server tools.
When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed, you can mitigate the vulnerability for Extension Manager with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the ExtensionManager's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/ExtensionManager/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from ExtensionManager.war: unzip ExtensionManager.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ExtensionManager.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of ExtensionManager.war by running the following command: chown b1service0:b1service0 ExtensionManager.war 5. Restart the server tools.
When SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed, the vulnerability for Integration Framework can be mitigated with the following procedure:: Go to %InstallationDir%IntegrationServerTomcatwebappsB1iXcellerator. Edit the xcellerator.cfg file, and change xcl.reporting=false. Restart the Tomcat or Integration Service. Option 1: Switch off the execution of the Crystal Reports in the integration framework: 1. 2. 3. Side effect: The reporting processing functionality will be disabled.
When SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed, the vulnerability for Integration Framework can be mitigated with the following procedure:: Copy %InstallationDir%IntegrationServerTomcatwebappsB1iXcelleratorWEB- INFliblog4j-core.jar to a temp directory, named as %TempDir% Use command line, and cd to temp dir %TempDir% Run > jar -xvf log4j-core.jar and move the temp log4j-core.jar to another dir Go %TempDir%orgapachelogginglog4jcorelookup and Delete JndiLookup.class Use command line, and cd to %TempDir% again Run > jar -cvf log4j-core.jar. Stop B1i Tomcat / Integration Service Copy the log4j-core.jar from temp dir and overwrite the jar file in %InstallationDir%IntegrationServerTomcatwebappsB1iXcelleratorWEB- INFliblog4j-core.jar Restart B1i Tomcat / Integration Service Option 2: 1. 2. 3. 4. 5. 6. 7. 8. 9.
Download Winrar here

More Related Content

PPTX
Introduction to Redis
Maarten Smeets
 
PDF
Enterprise manager 13c
MarketingArrowECS_CZ
 
PPTX
EXACC Presentat CHEUG 2019 (9).pptx
abdulhafeezkalsekar1
 
PDF
Oracle goldengate 11g schema replication from standby database
uzzal basak
 
PDF
MySQL Database Architectures - MySQL InnoDB ClusterSet 2021-11
Kenny Gryp
 
PPTX
TechEvent Databricks on Azure
Trivadis
 
PPTX
Sql server performance tuning
Jugal Shah
 
PDF
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
Kenny Gryp
 
Introduction to Redis
Maarten Smeets
 
Enterprise manager 13c
MarketingArrowECS_CZ
 
EXACC Presentat CHEUG 2019 (9).pptx
abdulhafeezkalsekar1
 
Oracle goldengate 11g schema replication from standby database
uzzal basak
 
MySQL Database Architectures - MySQL InnoDB ClusterSet 2021-11
Kenny Gryp
 
TechEvent Databricks on Azure
Trivadis
 
Sql server performance tuning
Jugal Shah
 
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
Kenny Gryp
 

What's hot (20)

PDF
MySQL InnoDB Cluster and Group Replication in a nutshell hands-on tutorial
Frederic Descamps
 
PDF
İleri Seviye T-SQL Programlama - Chapter 15
Cihan Özhan
 
PDF
My First 100 days with an Exadata (PPT)
Gustavo Rene Antunez
 
PDF
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Zohar Elkayam
 
PDF
The best way to run Elastic on Kubernetes
Elasticsearch
 
PPTX
SAP on Azure. Use Cases and Benefits
myCloudDoor
 
PPT
Exploring the Oracle Database Architecture.ppt
MohammedHdi1
 
PDF
Awr + 12c performance tuning
AiougVizagChapter
 
PPTX
Data Guard Architecture & Setup
Satishbabu Gunukula
 
PDF
Azure Synapse Analytics
WinWire Technologies Inc
 
PPTX
Resiliency vs High Availability vs Fault Tolerance vs Reliability
jeetendra mandal
 
PPTX
Azure storage
Raju Kumar
 
PPT
Oracle GoldenGate
oracleonthebrain
 
PDF
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
SrirakshaSrinivasan2
 
PDF
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
Sandesh Rao
 
PDF
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Nelson Calero
 
PPTX
Azure Key Vault - Getting Started
Taswar Bhatti
 
PDF
One PDB to go, please!
Christian Gohmann
 
PPTX
Hexagonal architecture with Spring Boot [EPAM Java online conference]
Mikalai Alimenkou
 
PDF
z/VSE Connectors Introduction, Use Cases, and News
IBM
 
MySQL InnoDB Cluster and Group Replication in a nutshell hands-on tutorial
Frederic Descamps
 
İleri Seviye T-SQL Programlama - Chapter 15
Cihan Özhan
 
My First 100 days with an Exadata (PPT)
Gustavo Rene Antunez
 
Oracle Database Performance Tuning Advanced Features and Best Practices for DBAs
Zohar Elkayam
 
The best way to run Elastic on Kubernetes
Elasticsearch
 
SAP on Azure. Use Cases and Benefits
myCloudDoor
 
Exploring the Oracle Database Architecture.ppt
MohammedHdi1
 
Awr + 12c performance tuning
AiougVizagChapter
 
Data Guard Architecture & Setup
Satishbabu Gunukula
 
Azure Synapse Analytics
WinWire Technologies Inc
 
Resiliency vs High Availability vs Fault Tolerance vs Reliability
jeetendra mandal
 
Azure storage
Raju Kumar
 
Oracle GoldenGate
oracleonthebrain
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
SrirakshaSrinivasan2
 
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
Sandesh Rao
 
Oracle Exadata Maintenance tasks 101 - OTN Tour 2015
Nelson Calero
 
Azure Key Vault - Getting Started
Taswar Bhatti
 
One PDB to go, please!
Christian Gohmann
 
Hexagonal architecture with Spring Boot [EPAM Java online conference]
Mikalai Alimenkou
 
z/VSE Connectors Introduction, Use Cases, and News
IBM
 
Ad

Similar to LOG4J VULNERABILITY SAP BUSINESS ONE IMPACT AND WORK AROUNDS (20)

PDF
2020 content sap_solution_brief_saprecon
Appsian
 
PDF
Assess and monitor SAP security
ERPScan
 
PDF
Assessing and Securing SAP Solutions
ERPScan
 
PPTX
SAP (In)Security: New and Best
Positive Hack Days
 
PDF
Architecture vulnerabilities in SAP platforms
ERPScan
 
PDF
GRC 2013 Preventing Cyber Attacks for SAP - Onapsis Presentation
rclark004
 
PDF
Attacking SAP users with sapsploit
ERPScan
 
PDF
Breaking SAP portal (DeepSec)
ERPScan
 
PDF
A crushing blow at the heart of SAP’s J2EE Engine.
ERPScan
 
PDF
SAP security made easy
ERPScan
 
PDF
Breaking SAP portal (HackerHalted)
ERPScan
 
PDF
Breaking SAP portal (HashDays)
ERPScan
 
PDF
Preventing Vulnerabilities in SAP HANA based Deployments
Onapsis Inc.
 
PDF
Top 10 most interesting vulnerabilities and attacks in SAP
ERPScan
 
PDF
EAS-SEC Project
ERPScan
 
PDF
SAP security in figures
ERPScan
 
PDF
SAP portal: breaking and forensicating
ERPScan
 
PDF
SSRF vs. Business-critical applications. Part 2. New vectors and connect-back...
ERPScan
 
PDF
SAP (in)security: New and best
ERPScan
 
PDF
Read Access Logging (RAL) for SAP NetWeaver Overview
SAP Technology
 
2020 content sap_solution_brief_saprecon
Appsian
 
Assess and monitor SAP security
ERPScan
 
Assessing and Securing SAP Solutions
ERPScan
 
SAP (In)Security: New and Best
Positive Hack Days
 
Architecture vulnerabilities in SAP platforms
ERPScan
 
GRC 2013 Preventing Cyber Attacks for SAP - Onapsis Presentation
rclark004
 
Attacking SAP users with sapsploit
ERPScan
 
Breaking SAP portal (DeepSec)
ERPScan
 
A crushing blow at the heart of SAP’s J2EE Engine.
ERPScan
 
SAP security made easy
ERPScan
 
Breaking SAP portal (HackerHalted)
ERPScan
 
Breaking SAP portal (HashDays)
ERPScan
 
Preventing Vulnerabilities in SAP HANA based Deployments
Onapsis Inc.
 
Top 10 most interesting vulnerabilities and attacks in SAP
ERPScan
 
EAS-SEC Project
ERPScan
 
SAP security in figures
ERPScan
 
SAP portal: breaking and forensicating
ERPScan
 
SSRF vs. Business-critical applications. Part 2. New vectors and connect-back...
ERPScan
 
SAP (in)security: New and best
ERPScan
 
Read Access Logging (RAL) for SAP NetWeaver Overview
SAP Technology
 
Ad

More from AGSanePLDTCompany (20)

PPTX
SAP Business One - CRM and Sales/AR Module
AGSanePLDTCompany
 
PDF
2022 AGS CLIENT APPRECIATON DAY SAP BUSINESS ONE UPDATES
AGSanePLDTCompany
 
PDF
2022 CLIENT APPRECIATION DAY SAP S/4HANA UPDATES TO CUSTOMERS
AGSanePLDTCompany
 
PPTX
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 25.pptx
AGSanePLDTCompany
 
PPTX
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 24.pptx
AGSanePLDTCompany
 
PPTX
2022 AGS Cebu Client Appreciation Day
AGSanePLDTCompany
 
PPTX
The New Business Essentials: Analytics that Matters with BIR E-Invoicing Session
AGSanePLDTCompany
 
PDF
Refresher Training_Inventory Management.pdf
AGSanePLDTCompany
 
PDF
SAP SME - The Agility Engine think piece - partner - July 10.pdf
AGSanePLDTCompany
 
PPTX
SAP Business One Financial Module
AGSanePLDTCompany
 
PDF
SAP Business One Basics and Procure to Pay
AGSanePLDTCompany
 
PDF
Rise with SAP
AGSanePLDTCompany
 
PDF
Quickhits 2022 Add Button Extended In Marketing Documents
AGSanePLDTCompany
 
PDF
Webinar February 23 AGS Mobile Technologies
AGSanePLDTCompany
 
PDF
SAP B1 Intelligent Enterprise AGS
AGSanePLDTCompany
 
PDF
Data Ownership
AGSanePLDTCompany
 
PPTX
AGS Support Live SAP Business One Order to Cash
AGSanePLDTCompany
 
PPTX
AGS x COUPA's Lunch + Learn Series: Optimizing Spend and Cash
AGSanePLDTCompany
 
PPTX
AGS x COUPA's Lunch + Learn Series: Improving Operational Performance
AGSanePLDTCompany
 
PDF
AGS Support Live: SAP Business One Procure to Pay Refresher Training
AGSanePLDTCompany
 
SAP Business One - CRM and Sales/AR Module
AGSanePLDTCompany
 
2022 AGS CLIENT APPRECIATON DAY SAP BUSINESS ONE UPDATES
AGSanePLDTCompany
 
2022 CLIENT APPRECIATION DAY SAP S/4HANA UPDATES TO CUSTOMERS
AGSanePLDTCompany
 
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 25.pptx
AGSanePLDTCompany
 
2022 AGS MANILA CLIENT APPRECIATION DAY FOR AUGUST 24.pptx
AGSanePLDTCompany
 
2022 AGS Cebu Client Appreciation Day
AGSanePLDTCompany
 
The New Business Essentials: Analytics that Matters with BIR E-Invoicing Session
AGSanePLDTCompany
 
Refresher Training_Inventory Management.pdf
AGSanePLDTCompany
 
SAP SME - The Agility Engine think piece - partner - July 10.pdf
AGSanePLDTCompany
 
SAP Business One Financial Module
AGSanePLDTCompany
 
SAP Business One Basics and Procure to Pay
AGSanePLDTCompany
 
Rise with SAP
AGSanePLDTCompany
 
Quickhits 2022 Add Button Extended In Marketing Documents
AGSanePLDTCompany
 
Webinar February 23 AGS Mobile Technologies
AGSanePLDTCompany
 
SAP B1 Intelligent Enterprise AGS
AGSanePLDTCompany
 
Data Ownership
AGSanePLDTCompany
 
AGS Support Live SAP Business One Order to Cash
AGSanePLDTCompany
 
AGS x COUPA's Lunch + Learn Series: Optimizing Spend and Cash
AGSanePLDTCompany
 
AGS x COUPA's Lunch + Learn Series: Improving Operational Performance
AGSanePLDTCompany
 
AGS Support Live: SAP Business One Procure to Pay Refresher Training
AGSanePLDTCompany
 

Recently uploaded (20)

PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
KodekX | Application Modernization Development
KodekX
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Cloud computing and distributed systems.
kkkkkhan
 
Encapsulation theory and applications.pdf
gurumoop
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Approach and Philosophy of On baking technology
30anthuong17
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 

LOG4J VULNERABILITY SAP BUSINESS ONE IMPACT AND WORK AROUNDS

  • 1. ADVISORY ON LOG4J VULNERABILITY: IMPACTS AND WORK AROUNDS
  • 2. What is LOG4J Vulnerability and how does this impact you? Source: https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java/
  • 3. What is LOG4J and where did it come from? Log4j is a chunk of code that helps software applications keep track of their past activities. Instead of reinventing a “logging” — or record- keeping — component each time developers build new software, they often use existing code like log4j instead. It’s free on the Internet and very widely used, appearing in a “big chunk” of Internet services, according to Asaf Ashkenazi, chief operating officer of security company Verimatrix.
  • 4. How was the vulnerability discovered? Each time log4j is asked to log something new, it tries to make sense of that new entry and add it to the record. A few weeks ago, the cybersecurity community realized that by simply asking the program to log a line of malicious code, it would execute that code in the process, effectively letting bad actors grab control of servers that are running log4j.
  • 5. Software bugs crop up all the time. Why is this one different? The fact that log4j is such a ubiquitous piece of software is what makes this such a big deal. Imagine if a common type of lock used by millions of people to keep their doors shut was suddenly discovered to be ineffective. Switching a single lock for a new one is easy, but finding all the millions of buildings that have that defective lock would take time and an immense amount of work.
  • 6. Why act urgently on this? Huge swaths of the computer code that modern life runs on use Java and contain log4j. Cloud storage companies such as Google, Amazon and Microsoft, which provide the digital backbone for millions of other apps, are affected. So are giant software sellers whose programs are used by millions, such as IBM, Oracle and Salesforce. Devices that connect to the Internet such as TVs and security cameras are at risk as well. Hackers who try to break into digital spaces to steal information or plant malicious software suddenly have a massive new opportunity to try to get into nearly anywhere they want.
  • 8. The following versions and components are affected: SAP Business One or SAP Business One, version for SAP HANA (version >= 9.3 PL07 and <= 10.0 FP2108) and the component Workflow is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed SAP Business One (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component JobService is installed SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed
  • 9. The following versions and components are affected: SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108)and the component Extension Manager(SLD) is installed SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed
  • 11. DISCLAIMER: Please assess the workaround applicability for your SAP landscape prior to implementation. Note that this workaround is a temporary fix but not a permanent solution. The content of the workaround may be updated over time. We strongly recommend to regularly check with AGS for updates.
  • 12. When using SAP Business One or SAP Business One, version for SAP HANA (version >= 9.3 PL07 and <= 10.0 FP2108) and the component Workflow is installed, you can mitigate the vulnerability for Workflow with the following procedure: Open the package C:Program Files (x86)sapSAP Business One ServerToolsWorkflowworkflow-service.war in winrar. (Right click open in winrar.) Traverse to WEB-INFliblog4j-core-2.13.3.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. For version >= 9.3 PL07 and < 10.0 FP2008, traverse to WEB- INFliblog4j-core-2.11.1.jar, and do the operation. Accept the update archive. Restart the SAP Business One Workflow Engine from the windows services. 1. 2. 3. 4.
  • 13. When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed, you can mitigate the vulnerability for License Server with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsLicenseHTTPSwebappsLicenseControlCenter.war in winrar. (Right click LicenseControlCenter.war and open it with winrar). Traverse to WEB-INFliblog4j-core-2.7.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
  • 14. When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed, you can mitigate the vulnerability for Service Layer with the following procedure: Go to the 64-bit Server Tools installation folder (for example, C:Program FilesSAPSAP Business One ServerTools). Navigate into the ServiceLayerController webapp folder: .ServiceLayerServiceLayerControllerwebapps Right click the ServiceLayerController.war and open it with winrar. Traverse to WEB-INFliblog4j-core-2.7.jar, double-click it and you will see the folder structure of log4j-core-2.7.jar. Find the file JndiLookup.class from the class path: org/apache/logging/log4j/core/lookup and delete this file. Accept the updated archive. Restart the 64-bit SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4. 5. 6. 7.
  • 15. When using SAP Business One (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed, you can mitigate the vulnerability for Job Service with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsReportingServicewebappsReportingService.war in winrar. (Right click open in winrar.) Traverse to WEB-INFliblog4j-core-2.14.0.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
  • 16. When using SAP Business One (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed, you can mitigate the vulnerability for Extension Manager with the following procedure: Open the package C:Program Files (x86)SAPSAP Business One ServerToolsExtensionManagerwebappsExtensionManager.war in winrar. (Right click ExtensionManager.war and open it in winrar.) Traverse to WEB-INFliblog4j-core-2.7.jar and remove the JndiLookup class from the classpath:org/apache/logging/log4j/core/lookup/JndiLookup.class. Accept the update archive. Restart the SAP Business One Server Tools Service from the windows services. 1. 2. 3. 4.
  • 17. When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component License Server is installed, you can mitigate the vulnerability for License Server with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the License’s webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/License/webapps 3. Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from LicenseControlCenter.war: unzip LicenseControlCenter.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip LicenseControlCenter.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of LicenseControlCenter.war by running the following command: chown b1service0:b1service0 LicenseControlCenter.war 5.Restart the server tools.
  • 18. When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Service Layer is installed, you can mitigate the vulnerability for Service Layer with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the ServiceLayer Controller's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServiceLayer/ServiceLayerController/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from ServiceLayerController.war: unzip ServiceLayerController.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ServiceLayerController.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of ServiceLayerController.war by running the following command: chown b1service0:b1service0 ServiceLayerController.war 5. Restart the server tools.
  • 19. When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2105 and <= 10.0 FP2108) and the component Job Service is installed, you can mitigate the vulnerability for Job Service with the following procedure:: Go to the server tools installation directory (e.g. /usr/sap/SAPBusinessOne) Navigate into the ReportingService Controller's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/ReportingService/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.14.0.jar from ReportingService.war: unzip ReportingService.war WEB-INF/lib/log4j-core-2.14.0.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.14.0.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ReportingService.war WEB-INF/lib/log4j-core-2.14.0.jar rm -r WEB-INF 4. Restore the permission of ReportingService.war by running the following command chown b1service0:b1service0 ReportingService.war 5. Restart the server tools.
  • 20. When using SAP Business One, version for SAP HANA (version >= 10.0 FP 2008 and <= 10.0 FP 2108) and the component Extension Manager(SLD) is installed, you can mitigate the vulnerability for Extension Manager with the following procedure: Go to the server tools installation directory (for example, /usr/sap/SAPBusinessOne) Navigate into the ExtensionManager's webapps directory: 1. 2. /usr/sap/SAPBusinessOne/ServerTools/ExtensionManager/webapps 3.Run the following command to remove the JndiLookup.class of log4j-core-2.7.jar from ExtensionManager.war: unzip ExtensionManager.war WEB-INF/lib/log4j-core-2.7.jar -d . zip -q -d WEB-INF/lib/log4j-core-2.7.jar org/apache/logging/log4j/core/lookup/JndiLookup.class zip ExtensionManager.war WEB-INF/lib/log4j-core-2.7.jar rm -r WEB-INF 4. Restore the permission of ExtensionManager.war by running the following command: chown b1service0:b1service0 ExtensionManager.war 5. Restart the server tools.
  • 21. When SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed, the vulnerability for Integration Framework can be mitigated with the following procedure:: Go to %InstallationDir%IntegrationServerTomcatwebappsB1iXcellerator. Edit the xcellerator.cfg file, and change xcl.reporting=false. Restart the Tomcat or Integration Service. Option 1: Switch off the execution of the Crystal Reports in the integration framework: 1. 2. 3. Side effect: The reporting processing functionality will be disabled.
  • 22. When SAP Business One Integration Framework (B1 10.0 FP2105, and B1 10.0 FP2108) is installed, the vulnerability for Integration Framework can be mitigated with the following procedure:: Copy %InstallationDir%IntegrationServerTomcatwebappsB1iXcelleratorWEB- INFliblog4j-core.jar to a temp directory, named as %TempDir% Use command line, and cd to temp dir %TempDir% Run > jar -xvf log4j-core.jar and move the temp log4j-core.jar to another dir Go %TempDir%orgapachelogginglog4jcorelookup and Delete JndiLookup.class Use command line, and cd to %TempDir% again Run > jar -cvf log4j-core.jar. Stop B1i Tomcat / Integration Service Copy the log4j-core.jar from temp dir and overwrite the jar file in %InstallationDir%IntegrationServerTomcatwebappsB1iXcelleratorWEB- INFliblog4j-core.jar Restart B1i Tomcat / Integration Service Option 2: 1. 2. 3. 4. 5. 6. 7. 8. 9.