Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
alexanderputt
Occasional Member - Level 1
‎Dec 14, 2021 12:36 PM
‎Dec 14, 2021 12:36 PM

Tech question - Log4j Vulnerability CVE-2021-44228

Hi Team Concur,

Have there been any definitive statements from your organization around the Log4j vulnerability? As Concur / SAP may be already be aware, there is a critical vulnerability on the log4j library. How do we get a formal assessment from your technical teams to address the following:

  • Is our version of Concur affected?
  • If yes, do we have remediation planned and a target date to apply it?

CVE References

https://logging.apache.org/log4j/2.x/security.html.

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulne...

 

4 people had this issue.
1 Solution
Solution
NTS
Super User
Super User
‎Dec 15, 2021 04:03 AM
‎Dec 15, 2021 04:03 AM

Hi @alexanderputt 

 

check this document please: Concur Apache Log4j 

NTS_0-1639569822701.png

 

Hope it helps

 

 

View solution in original post

8 REPLIES 8
KevinD
Community Manager
Community Manager
‎Dec 14, 2021 02:01 PM
‎Dec 14, 2021 02:01 PM

@alexanderputt I can't really speak to this topic other than saying that SAP has not sent out any communication about this issue to its employees. 


Thank you,
Kevin
SAP Concur Community Manager
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.
0 Kudos
Solution
NTS
Super User
Super User
‎Dec 15, 2021 04:03 AM
‎Dec 15, 2021 04:03 AM

Hi @alexanderputt 

 

check this document please: Concur Apache Log4j 

NTS_0-1639569822701.png

 

Hope it helps

 

 

alexanderputt
Occasional Member - Level 1
In response to NTS
‎Dec 15, 2021 06:22 AM
‎Dec 15, 2021 06:22 AM

Thanks for this NTS, unfortunately the link you supplied doesn't work for me. But from your image I can see that appropriate patching and actions have been taken thanks. Is there a more appropriate forum to raise these types of questions?

0 Kudos
NTS
Super User
Super User
In response to alexanderputt
‎Dec 15, 2021 06:37 AM
‎Dec 15, 2021 06:37 AM

@alexanderputt  have you checked Concur Support Portal or SAP Support Portal?

 

Both portals have info about the issue and the steps performed by SAP updated on a daily basis.

 

Regards

0 Kudos
fasteddiecamaro
New Member - Level 1
In response to NTS
‎Jan 24, 2022 09:48 AM
‎Jan 24, 2022 09:48 AM

NEED to change information on Concur. Need to Change the

Group, Company, and Cost Center.

 

0 Kudos
KevinD
Community Manager
Community Manager
In response to fasteddiecamaro
‎Jan 24, 2022 11:17 AM
‎Jan 24, 2022 11:17 AM

@fasteddiecamaro could you provide a screenshot of where you need to change this information, please? There are a few places this information could be changed, so instead of listing the steps for all the different places, let's hone in on exactly where you need this changed. Thank you.


Thank you,
Kevin
SAP Concur Community Manager
Did this response answer your question? Be sure to select “Accept as Solution” so your fellow community members can be helped by it as well.
0 Kudos
dnguyenthc
Occasional Member - Level 1
‎Dec 15, 2021 01:29 PM
‎Dec 15, 2021 01:29 PM

Can you please provide a link to those pages?

0 Kudos
sapwill2021
Occasional Member - Level 1
‎Dec 21, 2021 02:58 PM
‎Dec 21, 2021 02:58 PM

Hi There I am unable to access this link ? https://concur.secure.force.com/CteSupport/servlet/fileField?retURL=%2FCteSupport%2Farticles%2Fen_US...

0 Kudos
SAP Concur Community
SAP Concur
SAP
Additional Resources
© Copyright 2024 Concur Technologies, Inc. All rights reserved.
Privacy Policy|Terms of Use|Do Not Share/Sell My Personal Information|