SAP & Onapsis Cyber Tech Talk Series

Log4j Vulnerability: Threat Intelligence and Mitigation Strategies to Protect Your SAP Applications

On Thursday, December 9, a critical vulnerability (CVE-2021-44228) in Apache Log4j, a widely used Java logging library, was made public. Some are calling it “the most significant vulnerability in the last decade.” 

The Onapsis Research Labs maintains a network of sensors that we call the Onapsis Threat Intelligence Cloud. Within 10 days of the initial Log4j attack, Onapsis Research Labs captured over 3,000 attack attempts and observed over 50 variants. With more than 30 SAP applications affected by this vulnerability, it’s important to understand your risk and your exposure points. 

During this session Richard Puckett, Chief Information Security Officer at SAP and Sadik Al-Abdulla, Chief Product Officer at Onapsis discussed:

  • Threat intelligence around the Log4j vulnerability captured by Onapsis Research Labs
  • Implications of the vulnerability on SAP applications
  • Considerations for building comprehensive vulnerability management for SAP and business critical applications

Richard Puckett

Sadik Al-Abdulla


Want a more in-depth exploration? Start with these related pieces, then visit our Resources page for more.

All Resources