/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
You are curious whether your SAP NetWeaver Application Server Java system is affected by security vulnerability for log4j
- Vulnerability CVE-2025-68161 for log4j
- How does this impact SAP Netweaver Application Server Java Core Components
- The AS Java Core Software Components are documented in KBA 1794179 Importing AS Java Core patches for NetWeaver 7.1 or higher
log4j is an apache library used commonly in java applications. This particular issue was identified in log4j2 and fixed in log4j 2.25.3.
The Vulnerable Plug-in is highlighted under in \usr\sap\<SID>\JXX\j2ee\cluster\bin\ext\scimono_server\lib\log4j-core-2.17.2.jar.
Read more...
Environment
- SAP NetWeaver Application Server Java all versions
- Library versions Log4j 2.x (below than 2.25.3) are affected (Apache Log4j 2.0-beta9 < 2.25.3)
Keywords
CVE-2025-68161,scimono_server,scim_ep_app,scim_vanilla_app,log4j , KBA , BC-JAS-SEC , Security, User Management , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)