As you may have seen the security bulletins from past few days, a new vulnerability CVE-2021-44228 on log4j 2 has been a cause of concern particularly due to its usage across a wide range of products and solutions.

The purpose of this document is to provide you with further information about the impact of the log4j 2 vulnerability on SAP BusinessObjects BI Platform suite of products. The blog may also be useful for those users with no access to the support portal. Our security experts have analyzed the impact and confirmed that:

SAP BusinessObjects BI Platform is NOT impacted by the CVE-2021-44228.

This applies to the following products :*updated Dec16*

• SAP BusinessObjects Business Intelligence (BI) Platform 4.2, 4.3
• SAP BusinessObjects Business Intelligence (BI) Platform 4.0 / 4.1 * NO LONGER SUPPORTED
• SAP BusinessObjects Business Intelligence (BI), Edge edition 4.2, 4.3
• SAP BusinessObjects Business Intelligence (BI), Edge edition 4.0 / 4.1 * NO LONGER SUPPORTED
• SAP BusinessObjects BI Platform Client Tools 4.x [4.3, 4.2, 4.1/4.0*]
• SAP Crystal Server 2016, 2020
• SAP Crystal Reports 2016, 2020
• SAP Crystal Reports for Enterprise 4.2, 4.3
• BI Platform Support Tool (BIPST)
• Live Office
• Universe Design Tool (UDT)
• Analysis for Office (AO) and Analysis for Office Add-on for BI Platform
• Lumira Discovery, Lumira Server for BI Platform & Lumira Designer
• SAP Design Studio * NO LONGER SUPPORTED
• SAP BI Mobile server
• All dependent server tools like Upgrade Management Tool, Promotion Management Wizard, Wdeploy
• Applies to the above BI Suite of products On all supported Operating Systems

For further details, please refer to SAP knowledge base article 3129956 where this information is being tracked and updated.

Please feel free to post any questions related to this issue in the community answers section under SAP BusinessObjects Business Intelligence Platform