A Nessus scan flags a log4j file included with R15 as critically vulnerable:

C: ../idm-tools-15.0.0-401\BulkLoadClient\lib\log4j-1.2.15.jar      Installed version : 1.2.15      Fixed version     : 2.16.0

IGA release 15.x

For a short-term fix, delete log4j-1.2.15.jar after unzipping the idm-tools.zip, or request from your security team a vulnerability waiver.

The next release (after Nov. 21, 2025) of v15 will include a newer version of log4j.