Apache Log4j2 CVE-2025-68161 Vulnerability
search cancel

Apache Log4j2 CVE-2025-68161 Vulnerability

book

Article ID: 428817

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Apache Log4j2 NVD - CVE-2025-68161 Vulnerability in older versions of log4j.

https://nvd.nist.gov/vuln/detail/CVE-2025-68161

 

 

Environment

Identity Manager 14.5.1 Standalone

Resolution

Apply fix HF_LOG4J_FIX.zip (DE659138). Contact Support to obtain the fix.

The fix includes updated log4j versions,

log4j-core-2.25.3.jar and log4j-api-2.25.3.jar

 

Deployment Instaructions:

Deploy to App Server

  1. Stop IM server

  2. Take the backup of old log4j jars

  3. Deploy both log4j-core-2.25.3.jar and log4j-api-2.25.3.jar files accordingly in the following locations

../IAM_Suite/IdentityManager/tools/lib

../IAM_Suite/IdentityManager/tools/samples/Support/IMInfo

../IAM_Suite/IdentityManager/tools/SelectiveExportUtility

../iam_im.ear/library

../PatchDeployerTool/lib

../PatchDeployerTool/patch/iam_im.ear/library

  1. Update the referrences in

../IAM Suite/Identity Manager/tools/ImportExportUtility/ImportExportUtil.bat

../IAM Suite/Identity Manager/tools/ImportExportUtility/ImportExportUtil.sh

../IAM Suite/Identity Manager/tools/PasswordTool/pwdtools.bat

../IAM Suite/Identity Manager/tools/PasswordTool/pwdtools.sh

 

  1. Start IM server

Powered by Wolken Software