Software giant SAP has released January 2022 Security Patch Day that includes nine separate security advisories and patches, three of those were updates to previously released patches from December.
The SAP updates include one ‘Hot News Notes’ for the infamous “Log4Shell” Log4j Critical vulnerability (CVE-2021-44228), a “Central Security Note for Remote Code Execution vulnerability associated with Apache Log4j 2 component” for multiple SAP products.
Researchers had discovered the Critical 0-day vulnerability (CVE-2021-44228) in Apache Log4j “Log4Shell” logging utility that has been under active attack since last month.
This issue affects SAP ABAP Platform Kernel, Versions 7.77, 7.81, 7.85, and 7.86.
In addition, a High severity vulnerability (CVE-2022-22531) was also addressed in F0743 Create Single Payment application of SAP S/4HANA. The issue affects SAP S/4HANA (Versions 100, 101, 102, 103, 104, 105, and 106).
SAP also re-released one other High risk advisory for a code Injection vulnerability (CVE-2021-44235) in utility class for SAP NetWeaver AS ABAP that was patched in December.
Multiple other Moderate SAP vulnerabilities were also patched this month.