Product Status Active
Support Status Active | Support Schedule for Previous Versions
Latest Version 3.3.1 - Released Feb 28, 2024
SLA Target Tier Tier 2

Priority Release Type Acknowledgement Resolution Notification Frequency
Critical/Urgent Hot Fix 4 business hours 1 month 1 week
High Maintenance 8 business hours 6 months 2 months
Medium/Normal Scheduled 2 business day 18 months 6 months
Low Scheduled 4 business days None None
CVE-2021-44228 (Log4j) Impact to MET/TEAM
Incident Report for MET/TEAM®
Resolved
SAP has reported that the referenced issue does not impact Crystal Reports Runtime (https://answers.sap.com/answers/13548409/view.html). Therefore, MET/TEAM is not impacted by CVE-2021-44228.
Posted Dec 13, 2021 - 21:34 UTC
Update
SAP is aware of the issue and is working to resolve it. Once we have a resolution there, we will determine what needs to happen on our end to apply the fix.
Posted Dec 13, 2021 - 16:43 UTC
Investigating
Late last week, a security flaw was identified in Log4j, a widely-used logging library from Apache (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228). While the MET/TEAM application itself does not use this library, our reporting engine, SAP Crystal Reports, does. We are awaiting further information from SAP about how they have dealt with this issue. Once we have additional answers, we will update this incident.
Posted Dec 13, 2021 - 03:52 UTC