top of page
Search
Writer's picturemeersguadoggtisri
Aug 20, 20236 min read

Warning: 0-Day vulnerability in Internet Explorer (01 17 2020) - Tips and Tricks to Avoid It



CVE-2020-0674 is an RCE vulnerability that exists in the way the scripting engine handles objects in memory in Internet Explorer. Exploitation of this vulnerability could allow an attacker to corrupt memory and execute arbitrary code with the same level of privileges as the current user. If the current user has administrator-level privileges this would grant the attacker control of the system with the ability to view, edit or delete data, install programs or create accounts with privileges of their choosing.




Warning: 0-Day vulnerability in Internet Explorer (01 17 2020)



In March 2020, Microsoft warned users of zero-day attacks exploiting two separate vulnerabilities. These vulnerabilities affected all supported Windows versions and no patch was expected until weeks later. There is not currently a CVE identifier for this vulnerability.


The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.


  • Hi,\\nIs Crystal Reports 2011 version 14.0.7 affected by log4j vulnerability as well?\",\"author\":\"username\":\"sanketh.gardas\",\"displayName\":\"Sanketh Gardas\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"don.williams\",\"displayName\":\"Don Williams\",\"groupIcons\":[\"name\":\"moderator\",\"title\":\"This user is an SAP Moderator\",\"priority\":20,\"name\":\"employee\",\"title\":\"This user is an SAP Employee\",\"priority\":21],\"suspended\":false,\"isCurrentUser\":false,\"id\":13603922,\"creationDate\":1647504338000,\"activeRevisionId\":14097047,\"lastActivity\":1647504353000,\"parentId\":13566230,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false}]},\"13548260\":\"rootParentId\":13548260,\"commentsCount\":8,\"comments\":[\"body\":\"We were finally able to review this KBA. Not to beat a dead horse, but it makes no specific mention of the SAP Crystal runtime for .NET, which was the subject of my post. We see Crystal Reports and other BO components, but nothing about the runtime.\\nWill this component be added to the list of environments not affected by this vulnerability?\\nEnvironment\\nSAP BusinessObjects Business Intelligence Platform 4.2, 4.3\\nSAP BusinessObjects Business Intelligence (BI) Platform 4.0 / 4.1 * NO LONGER SUPPORTED\\nSAP Crystal Server 2016, 2020\\nSAP Crystal Reports 2016, 2020\\nSAP Crystal Reports for Enterprise 4.2, 4.3\\nLive Office\\nUniverse Design Tool (UDT)\\nAnalysis for Office (AO) and Analysis for Office Add-on for BI Platform\\nLumira Discovery, Lumira Server for BI Platform & Lumira Designer\\nSAP BI Mobile server\\nAll Operating Systems\",\"author\":\"username\":\"dave.smith2\",\"displayName\":\"Dave Smith\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"karthik_seela\",\"displayName\":\"Kartheek Seela\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13546003,\"creationDate\":1639596392000,\"activeRevisionId\":14017406,\"lastActivity\":1639596392000,\"parentId\":13548260,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false],\"13547532\":\"rootParentId\":13547532,\"commentsCount\":1,\"comments\":[\"body\":\"I can't copy it word-for-word, but it only says that they're aware of the problem and looking into it.\",\"author\":\"username\":\"joe.peters2\",\"displayName\":\"Joe Peters\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"dmjohnston\",\"displayName\":\"Michael Johnston\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13545651,\"creationDate\":1639413683000,\"activeRevisionId\":14013964,\"lastActivity\":1639413683000,\"parentId\":13547532,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false],\"13548450\":\"rootParentId\":13548450,\"commentsCount\":1,\"comments\":[\"body\":\"Would it be possible to gain access to this KBA somehow? We do not have an S-user id and so cannot access it. It would be much appreciated if you would be able to provide a link that allows us to view it.\\nThank you.\",\"author\":\"username\":\"dave.smith2\",\"displayName\":\"Dave Smith\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"don.williams\",\"displayName\":\"Don Williams\",\"groupIcons\":[\"name\":\"moderator\",\"title\":\"This user is an SAP Moderator\",\"priority\":20,\"name\":\"employee\",\"title\":\"This user is an SAP Employee\",\"priority\":21],\"suspended\":false,\"isCurrentUser\":false,\"id\":13545681,\"creationDate\":1639434940000,\"activeRevisionId\":14014001,\"lastActivity\":1639434940000,\"parentId\":13548450,\"originalParentId\":13545419,\"likeCount\":4,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"score\":4,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false],\"13545419\":\"rootParentId\":13545419,\"commentsCount\":2,\"comments\":[\"body\":\"There are lot of files with Name *\\\\Log4j-1.2.15.jar and Log4j.jar in the SAP Business Objects 4.3 implementation. Can SAP give a more detailed answer on the version of all the Log4j files? \",\"author\":\"username\":\"laxmi_b\",\"displayName\":\"Bhakthavachalam Laxmi\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"dave.smith2\",\"displayName\":\"Dave Smith\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13547390,\"creationDate\":1639330916000,\"activeRevisionId\":14014680,\"lastActivity\":1639330916000,\"parentId\":13545419,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false,\"body\":\" \",\"author\":\"username\":\"alexhart\",\"displayName\":\"Wynand Hart\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"dave.smith2\",\"displayName\":\"Dave Smith\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13547454,\"creationDate\":1639386809000,\"activeRevisionId\":14014751,\"lastActivity\":1639386809000,\"parentId\":13545419,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false],\"13548409\":\"rootParentId\":13548409,\"commentsCount\":3,\"comments\":[\"body\":\"Hi Don,\\nWe have our client which currently still running and using SAP Crystal Server and Crystal Reports 2013 old version.\\nSince SAP Crystal Server 2013 is run on BI Platform 4.1, could you check and confirm to us whether this version is impacted or not?\\nIn latest SAP notes release, it only mention SAP BusinessObjects Business Intelligence Platform 4.2, 4.3 environment were not impacted.\",\"author\":\"username\":\"amirul88\",\"displayName\":\"Hafiz Termizi\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"don.williams\",\"displayName\":\"Don Williams\",\"groupIcons\":[\"name\":\"moderator\",\"title\":\"This user is an SAP Moderator\",\"priority\":20,\"name\":\"employee\",\"title\":\"This user is an SAP Employee\",\"priority\":21],\"suspended\":false,\"isCurrentUser\":false,\"id\":13552781,\"creationDate\":1640144606000,\"activeRevisionId\":14022929,\"lastActivity\":1640144606000,\"parentId\":13548409,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false]}"); const simplifiedQuestionView = JSON.parse("true"); (function() window.pageContext = mergeDeep(pageContext, question: id: 13545419, plug: "log4j-security-vulnerability-with-sap-crystal-repo", votes: 7, questionTitle: "Log4j security vulnerability with SAP Crystal Reports for .NET SDK", isClosed: false, isLocked: false, isRedirected: false, redirectedFromTitle: "", redirectedFromId: "", closedStatusData: JSON.parse(""), userVoted: false, relations: JSON.parse("\"canClose\":false,\"canUnredirect\":false,\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"canReopen\":false,\"type\":\"question\",\"canVoteUpOrCancel\":false,\"canViewRevisions\":true,\"score\":7,\"canUnlock\":false,\"reported\":false,\"canVoteDownOrCancel\":false,\"canLock\":false,\"canCancelReport\":false,\"canComment\":true,\"isCurrentUserAuthor\":false,\"canViewReports\":false"), isQuestionAccepted: true , childToViewInfo: id: "" , comments: JSON.parse("\"13566230\":\"rootParentId\":13566230,\"commentsCount\":1,\"comments\":[\"body\":\"Hi,\\nIs Crystal Reports 2011 version 14.0.7 affected by log4j vulnerability as well?\",\"author\":\"username\":\"sanketh.gardas\",\"displayName\":\"Sanketh Gardas\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"don.williams\",\"displayName\":\"Don Williams\",\"groupIcons\":[\"name\":\"moderator\",\"title\":\"This user is an SAP Moderator\",\"priority\":20,\"name\":\"employee\",\"title\":\"This user is an SAP Employee\",\"priority\":21],\"suspended\":false,\"isCurrentUser\":false,\"id\":13603922,\"creationDate\":1647504338000,\"activeRevisionId\":14097047,\"lastActivity\":1647504353000,\"parentId\":13566230,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false],\"13548260\":\"rootParentId\":13548260,\"commentsCount\":8,\"comments\":[\"body\":\"We were finally able to review this KBA. Not to beat a dead horse, but it makes no specific mention of the SAP Crystal runtime for .NET, which was the subject of my post. We see Crystal Reports and other BO components, but nothing about the runtime.\\nWill this component be added to the list of environments not affected by this vulnerability?\\nEnvironment\\nSAP BusinessObjects Business Intelligence Platform 4.2, 4.3\\nSAP BusinessObjects Business Intelligence (BI) Platform 4.0 / 4.1 * NO LONGER SUPPORTED\\nSAP Crystal Server 2016, 2020\\nSAP Crystal Reports 2016, 2020\\nSAP Crystal Reports for Enterprise 4.2, 4.3\\nLive Office\\nUniverse Design Tool (UDT)\\nAnalysis for Office (AO) and Analysis for Office Add-on for BI Platform\\nLumira Discovery, Lumira Server for BI Platform & Lumira Designer\\nSAP BI Mobile server\\nAll Operating Systems\",\"author\":\"username\":\"dave.smith2\",\"displayName\":\"Dave Smith\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"karthik_seela\",\"displayName\":\"Kartheek Seela\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13546003,\"creationDate\":1639596392000,\"activeRevisionId\":14017406,\"lastActivity\":1639596392000,\"parentId\":13548260,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false],\"13547532\":\"rootParentId\":13547532,\"commentsCount\":1,\"comments\":[\"body\":\"I can't copy it word-for-word, but it only says that they're aware of the problem and looking into it.\",\"author\":\"username\":\"joe.peters2\",\"displayName\":\"Joe Peters\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"dmjohnston\",\"displayName\":\"Michael Johnston\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13545651,\"creationDate\":1639413683000,\"activeRevisionId\":14013964,\"lastActivity\":1639413683000,\"parentId\":13547532,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false],\"13548450\":\"rootParentId\":13548450,\"commentsCount\":1,\"comments\":[\"body\":\"Would it be possible to gain access to this KBA somehow? We do not have an S-user id and so cannot access it. It would be much appreciated if you would be able to provide a link that allows us to view it.\\nThank you.\",\"author\":\"username\":\"dave.smith2\",\"displayName\":\"Dave Smith\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"don.williams\",\"displayName\":\"Don Williams\",\"groupIcons\":[\"name\":\"moderator\",\"title\":\"This user is an SAP Moderator\",\"priority\":20,\"name\":\"employee\",\"title\":\"This user is an SAP Employee\",\"priority\":21],\"suspended\":false,\"isCurrentUser\":false,\"id\":13545681,\"creationDate\":1639434940000,\"activeRevisionId\":14014001,\"lastActivity\":1639434940000,\"parentId\":13548450,\"originalParentId\":13545419,\"likeCount\":4,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"score\":4,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false],\"13545419\":\"rootParentId\":13545419,\"commentsCount\":2,\"comments\":[\"body\":\"There are lot of files with Name *\\\\Log4j-1.2.15.jar and Log4j.jar in the SAP Business Objects 4.3 implementation. Can SAP give a more detailed answer on the version of all the Log4j files? \",\"author\":\"username\":\"laxmi_b\",\"displayName\":\"Bhakthavachalam Laxmi\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"dave.smith2\",\"displayName\":\"Dave Smith\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13547390,\"creationDate\":1639330916000,\"activeRevisionId\":14014680,\"lastActivity\":1639330916000,\"parentId\":13545419,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false,\"body\":\" \",\"author\":\"username\":\"alexhart\",\"displayName\":\"Wynand Hart\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"dave.smith2\",\"displayName\":\"Dave Smith\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13547454,\"creationDate\":1639386809000,\"activeRevisionId\":14014751,\"lastActivity\":1639386809000,\"parentId\":13545419,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false],\"13548409\":\"rootParentId\":13548409,\"commentsCount\":3,\"comments\":[\"body\":\"Hi Don,\\nWe have our client which currently still running and using SAP Crystal Server and Crystal Reports 2013 old version.\\nSince SAP Crystal Server 2013 is run on BI Platform 4.1, could you check and confirm to us whether this version is impacted or not?\\nIn latest SAP notes release, it only mention SAP BusinessObjects Business Intelligence Platform 4.2, 4.3 environment were not impacted.\",\"author\":\"username\":\"amirul88\",\"displayName\":\"Hafiz Termizi\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"parentAuthor\":\"username\":\"don.williams\",\"displayName\":\"Don Williams\",\"groupIcons\":[\"name\":\"moderator\",\"title\":\"This user is an SAP Moderator\",\"priority\":20,\"name\":\"employee\",\"title\":\"This user is an SAP Employee\",\"priority\":21],\"suspended\":false,\"isCurrentUser\":false,\"id\":13552781,\"creationDate\":1640144606000,\"activeRevisionId\":14022929,\"lastActivity\":1640144606000,\"parentId\":13548409,\"originalParentId\":13545419,\"likeCount\":0,\"visibility\":\"full\",\"depth\":0,\"attachments\":[],\"canVoteUpOrCancel\":false,\"relations\":\"canReport\":false,\"visibility\":\"full\",\"canEdit\":false,\"canUseDelete\":false,\"isLiked\":false,\"type\":\"comment\",\"canVoteUpOrCancel\":false,\"canConvertToAnswer\":false,\"canBeModerated\":false,\"canViewRevisions\":false,\"showInReply\":false,\"reported\":false,\"canCancelReport\":false,\"canDelete\":false,\"canVoteDownOrCancel\":false,\"canComment\":false,\"canViewReports\":false,\"isCurrentUserAuthor\":false,\"moderatorComment\":false,\"liked\":false]"), answerPager: answersCount: 8, page: 1, pageSize: 10, pageCount: 1, sort: "votes" , answers: JSON.parse("[\"body\":\"Hi John,The important part about all of these issues is the classes in log4j that have the issue is not included in the SAP versions so not sure about the scanner you are using and if it looks for the specific class definition or just the file/versions.The only version that was affected is in CR for Eclipse and that one we just released SP 28 to fix the issue with the updated log4j jar version 2.17.1 +Crystal+Reports+version+for+Eclipse+-+DownloadsUse Google and search for this KBA 3131199 for CR for Eclipse.You will need to contact Sage to see if and when they provide a fix or answer.I don't believe you'll be able to delete the files, the instal manifest file will put it back on if it detects it missing.Just be assured our version does not include the class with the vulnerability so it's not an issue.Hope that clears things up for everyone.Don\",\"author\":\"username\":\"don.williams\",\"displayName\":\"Don Williams\",\"groupIcons\":[\"name\":\"moderator\",\"title\":\"This user is an SAP Moderator\",\"priority\":20,\"name\":\"employee\",\"title\":\"This user is an SAP Employee\",\"priority\":21],\"suspended\":false,\"isCurrentUser\":false,\"id\":13558451,\"posted\":1641588383000,\"votes\":0,\"isAccepted\":true,\"isLocked\":false,\"userVoted\":\"\",\"relations\":\"canCancelAccept\":false,\"canUnlock\":false,\"canUseDelete\":false,\"accepted\":true,\"canVoteDownOrCancel\":false,\"canLock\":false,\"canAccept\":false,\"type\":\"answer\",\"canVoteUpOrCancel\":false,\"isCurrentUserAuthor\":false,\"attachments\":[],\"body\":\"Update:\\nOnly CR4Eclipse was impacted but, as per KBA 3131199, it has now been corrected in SP28.\\nYou can get SP 28 from here:\\n +Crystal+Reports+version+for+Eclipse+-+Downloads\",\"author\":\"username\":\"don.williams\",\"displayName\":\"Don Williams\",\"groupIcons\":[\"name\":\"moderator\",\"title\":\"This user is an SAP Moderator\",\"priority\":20,\"name\":\"employee\",\"title\":\"This user is an SAP Employee\",\"priority\":21],\"suspended\":false,\"isCurrentUser\":false,\"id\":13548450,\"posted\":1639434412000,\"votes\":2,\"isAccepted\":false,\"isLocked\":false,\"userVoted\":\"\",\"relations\":\"score\":2,\"canCancelAccept\":false,\"canUnlock\":false,\"canUseDelete\":false,\"canVoteDownOrCancel\":false,\"canLock\":false,\"canAccept\":false,\"type\":\"answer\",\"canVoteUpOrCancel\":false,\"isCurrentUserAuthor\":false,\"attachments\":[],\"body\":\"Hi Dave,\\nPlease refer to the note released by SAP on this:\\n3129956 - CVE-2021-44228 - BusinessObjects impact for Log4j vulnerability\\nHope this helps.!\\nRegards\\nKarthik\",\"author\":\"username\":\"karthik_seela\",\"displayName\":\"Kartheek Seela\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13548260,\"posted\":1639231081000,\"votes\":1,\"isAccepted\":false,\"isLocked\":false,\"userVoted\":\"\",\"relations\":\"score\":1,\"canCancelAccept\":false,\"canUnlock\":false,\"canUseDelete\":false,\"canVoteDownOrCancel\":false,\"canLock\":false,\"canAccept\":false,\"type\":\"answer\",\"canVoteUpOrCancel\":false,\"isCurrentUserAuthor\":false,\"attachments\":[],\"body\":\"Hi Guys,We've discussed this over the weekend and it does not impact CR or CR for VS or BOE runtime at all.Yes our version is out of date and we are working on updating it but there is no impact to .NET runtime since it's not used. So you can ignore the the warning.Don\",\"author\":\"username\":\"don.williams\",\"displayName\":\"Don Williams\",\"groupIcons\":[\"name\":\"moderator\",\"title\":\"This user is an SAP Moderator\",\"priority\":20,\"name\":\"employee\",\"title\":\"This user is an SAP Employee\",\"priority\":21],\"suspended\":false,\"isCurrentUser\":false,\"id\":13548409,\"posted\":1639412524000,\"votes\":1,\"isAccepted\":false,\"isLocked\":false,\"userVoted\":\"\",\"relations\":\"score\":1,\"canCancelAccept\":false,\"canUnlock\":false,\"canUseDelete\":false,\"canVoteDownOrCancel\":false,\"canLock\":false,\"canAccept\":false,\"type\":\"answer\",\"canVoteUpOrCancel\":false,\"isCurrentUserAuthor\":false,\"attachments\":[],\"body\":\"SAP sent me this: support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf\\nBut I can't access it since I'm not linked to an S-user ID.\",\"author\":\"username\":\"dmjohnston\",\"displayName\":\"Michael Johnston\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13547532,\"posted\":1639412345000,\"votes\":0,\"isAccepted\":false,\"isLocked\":false,\"userVoted\":\"\",\"relations\":\"canCancelAccept\":false,\"canUnlock\":false,\"canUseDelete\":false,\"canVoteDownOrCancel\":false,\"canLock\":false,\"canAccept\":false,\"type\":\"answer\",\"canVoteUpOrCancel\":false,\"isCurrentUserAuthor\":false,\"attachments\":[],\"body\":\"Hi Expert,\\nIf Log4j vulnerability are not impacting Business Objects 4.2 then how can we fix the issue on Tomcat nodes?\\nThanks\",\"author\":\"username\":\"srujankumar28\",\"displayName\":\"Srujan Kovur\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13548433,\"posted\":1639422676000,\"votes\":0,\"isAccepted\":false,\"isLocked\":false,\"userVoted\":\"\",\"relations\":\"canCancelAccept\":false,\"canUnlock\":false,\"canUseDelete\":false,\"canVoteDownOrCancel\":false,\"canLock\":false,\"canAccept\":false,\"type\":\"answer\",\"canVoteUpOrCancel\":false,\"isCurrentUserAuthor\":false,\"attachments\":[],\"body\":\"Will the Sage Fixed Assets bundled SAP Crystal Reports for Sage still work if the log4j files are deleted from the system? \\nQualys is still flagging the files as at risk, even though SAP mentions above that they are not affected. I'm being asked to delete the files from the client computers.\",\"author\":\"username\":\"baerjo\",\"displayName\":\"John Baer\",\"groupIcons\":[],\"suspended\":false,\"isCurrentUser\":false,\"id\":13551349,\"posted\":1639749577000,\"votes\":0,\"isAccepted\":false,\"isLocked\":false,\"userVoted\":\"\",\"relations\":\"canCancelAccept\":false,\"canUnlock\":false,\"canUseDelete\":false,\"canVoteDownOrCancel\":false,\"canLock\":false,\"canAccept\":false,\"type\":\"answer\",\"canVoteUpOrCancel\":false,\"isCurrentUserAuthor\":false,\"attachments\":[],\"body\":\"And to answer your question CR for VS does not use log4j, it uses log4net so doesn't impact CR for VS at all\",\"author\":\"username\":\"don.williams\",\"displayName\":\"Don Williams\",\"groupIcons\":[\"name\":\"moderator\",\"title\":\"This user is an SAP Moderator\",\"priority\":20,\"name\":\"employee\",\"title\":\"This user is an SAP Employee\",\"priority\":21],\"suspended\":false,\"isCurrentUser\":false,\"id\":13566230,\"posted\":1642097680000,\"votes\":0,\"isAccepted\":false,\"isLocked\":false,\"userVoted\":\"\",\"relations\":\"canCancelAccept\":false,\"canUnlock\":false,\"canUseDelete\":false,\"canVoteDownOrCancel\":false,\"canLock\":false,\"canAccept\":false,\"type\":\"answer\",\"canVoteUpOrCancel\":false,\"isCurrentUserAuthor\":false,\"attachments\":[]]"), answerForm: formAction: "/answers/13545419/post.json", textareaName: "body", textareaErrors: "", isAttachmentsEnabled: true, answerEditorialGuideline: title: "Before answering", content: "You should only submit an answer when you are proposing a solution to the poster\'s problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that your answer complies with our Rules of Engagement.", links: [ title: "Rules of Engagement", href: " -of-engagement.html", ] , answerMinBodyLength: '10', answerMaxBodyLength: '20000' , currentUser: sapInternalId: '', permissions: canVoteUpOrCancel: false, canVoteDownOrCancel: false, canModerate: false, , isVotedUp: false, isVotedDown: false , alerts: alertModeratorMinLength : "It should be given a proper explanation about why the content is inappropriate.", alertModeratorMinLengthValue : "10", alreadyReportedMessage : "You already have an active moderator alert for this content." , url: profileApiBaseUrl: ' -api.services.sap.com', followUnfollowQuestion: '/sap/nodeSubscription.json', isFollowingQuestion: '/sap/isFollowingNode.json', vote: voteUp: '/commands/0/voteup.json', voteDown: '/commands/0/votedown.json', cancelVote: '/commands/0/cancelvote.json' , rss: answers: '/feed/13545419/answers.rss', answersAndComments: '/feed/13545419/comments-and-answers.rss' , authorizeUploadContext: type: 'answer' , atMention: userSearchServiceUrl: ' ', currentUserName: '', useNewUSSCORS: true, atMentionDelayMs: 100, showMentionInRedactor: true , attachmentSettings: commentMaxAttachments: '2', answerMaxAttachments: '10', commentMaxAttachmentSizeBytes: '1048576', answerMaxAttachmentSizeBytes: '1048576', commentAttachmentsSizeBytesTotal: '2097152', answerAttachmentsSizeBytesTotal: '10485760' , editor: editorClipboardUploadEnabled: true ) )(); Home

  • Community

  • Ask a Question

  • Write a Blog Post

Login / Sign-up Search Questions and Answers 7 Dave Smith Dec 10, 2021 at 09:27 PM Log4j security vulnerability with SAP Crystal Reports for .NET SDK 35922 Views Last edit Dec 13, 2021 at 04:22 PM 2 rev Follow RSS Feed We were just made aware of a severe vulnerability in the Java logging library Apache Log4j.


2ff7e9595c


0 views0 comments

Recent Posts

See All

Komentáře

bottom of page