Third-party software (Apache Solr) on Symantec Endpoint Protection Manager (SEPM) is using Log4j version 2.17.1.

During a Vulnerability Assessment (VA) scan, it is flagged as vulnerable to CVE-2025-68161 and you want to know the impact.

Not affected. The webswing-server.war in 14.3.x versions of the SESPM using log4j 2.17.1 is not used by the Symantec Endpoint Protection Manager.

If desired, webswing-server.war file can be removed.  Default path:

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\instances\sepm-api\webapps

An upgrade of the SEPM will replace this file.  But it can be removed again on any SEPM version of 14.3.x.