Product Lifecycle Management
Page tree
Skip to end of metadata
Go to start of metadata

SAP ECTR 5.1 | SAP ECTR for S/4HANA 1.0

This version does not contain components affected by this CVE.

SAP ECTR 5.2 | SAP ECTR for S/4HANA 1.1

This version does not contain components affected by this CVE.

SAP ECTR interface to AutoCAD

This integration does not contain components affected by this CVE.
See SAP Note 3131979 for details.

SAP ECTR interface to CATIA V5

This integration does not contain components affected by this CVE.

SAP ECTR interface to ECAD

This integration does contain a component affected by this CVE.
A new patch will be available as soon as possible. 

Immediate mitigation for Log4j vulnerability is:

  1. Close integration and connected tools, make sure connector's platform is not running (no icon in system tray)
  2. Go to affected jar files, change extension to .zip
    %PLM_HOME%    \addons\ecad\basis\sys\    win\bin\classes\ivs-*-main.jar
  3. Edit this zip: delete file org\apache\logging\log4j\core\lookup\JndiLookup.class
  4. Rename .zip to .jar

The critical lookup functionality can also be disabled in log4j by environment settings, but this workaround provided by Apache is not proven safe in all cases.

  1. Close integration and connected tools, make sure connector's platform is not running (no icon in system tray)
  2. Go to the directory <installdir>\applications\<x…>\customize\config\environments
  3. Edit the file bat and add SET LOG4J_FORMAT_MSG_NO_LOOKUPS=true.
  4. Save and close the file.
  5. Distribute the file to all clients using the integration.

Make sure the systems are restarted after the changes.

SAP ECTR interface to EPLAN

This integration does not contain components affected by this CVE.
See SAP Note 3131979 for details.

SAP ECTR interface to Inventor

This integration does not contain components affected by this CVE.
See SAP Note 3131979 for details.

SAP ECTR interface to NX

This integration does not contain components affected by this CVE.

SAP ECTR interface to PTC Creo

This integration does contain a component affected by this CVE.
A solution is available from SP04 PL08 of SAP ECTR Interface to PTC Creo.
See SAP Note 2112629 for details.
Also note SAP Wiki for additional informations: CVE-2021-44228, CVE-2021-45046 Apache Log4j 2 - Usage in SAP ECTR Interface to PTC Creo

SAP ECTR interface to Solid Edge

This integration does not contain components affected by this CVE.
See SAP Note 3131979 for details.

SAP ECTR interface to SOLIDWORKS

This integration does not contain components affected by this CVE.
See SAP Note 3131979 for details.

SAP ECTR interface to Zuken

This integration does not contain components affected by this CVE.

Content



  • No labels