SAP Basis Probe Vulnerability to Apache Log4j (CVE-2025-68161)
search cancel

SAP Basis Probe Vulnerability to Apache Log4j (CVE-2025-68161)

book

Article ID: 434377

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Sap basis probe has been scanned vulnerable for the apache log4j.

Plugin Name
Apache Log4j 2.0-beta9 < 2.25.3 MitM

 

Plugin Output:

Plugin Output: 
  Path              : D:\Program Files (x86)\Nimsoft\probes\application\sap_basis\sap_basis.jar
  Installed version : 2.20.0
  Fixed version     : 2.25.3

Upon checking the archives, the latest version sap probe is 2.23 

When the new probe addressing this vulnerability will be released?

CVE-2025-68161

 

The sap basis probe for 2.23 is using log4j 2.16. 

 

Environment

*   **Product:** DX Unified Infrastructure Management (Nimsoft / UIM)
*   **Probe:** sap_basis (v2.23 and earlier)
*   **UIM Version:** 23.4.x (specifically impacting systems on CU6 or earlier)

 

Resolution

Currently migrating the **sap_basis** probe to **Java 21**, which will include the updated Log4j libraries required to remediate this vulnerability.

Make sure to be on CU5 or above.

Powered by Wolken Software