Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications

March 14, 2022

SAP & Onapsis Cyber Tech Talk Series


On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache Log4j, a widely used Java logging library, was made public. Some are calling it “the most significant vulnerability in the last decade.” 

The Onapsis Research Labs maintains a network of sensors that we call the Onapsis Threat Intelligence Cloud. Within 10 days of the initial Log4j attack, Onapsis Research Labs captured over 3,000 attack attempts and observed over 50 variants. With more than 30 SAP applications affected by this vulnerability, it’s important to understand your risk and your exposure points. 

During this session Richard Puckett, Chief Information Security Officer at SAP and Sadik Al-Abdulla, Chief Product Officer at Onapsis discussed:

  • Threat intelligence around the Log4j vulnerability captured by Onapsis Research Labs
  • Implications of the vulnerability on SAP applications
  • Considerations for building comprehensive vulnerability management for SAP and business critical applications


Richard Puckett


Sadik Al-Abdulla

CPO | Onapsis

Ready to eliminate your SAP cyber security blindspot?

Let us show you how simple it can be to protect your business applications.