Hi Team Concur,
Have there been any definitive statements from your organization around the Log4j vulnerability? As Concur / SAP may be already be aware, there is a critical vulnerability on the log4j library. How do we get a formal assessment from your technical teams to address the following:
- Is our version of Concur affected?
- If yes, do we have remediation planned and a target date to apply it?
CVE References
https://logging.apache.org/log4j/2.x/security.html.
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulne...
