Service Management Administration CVE-2025-68161
Article ID: 434810
Updated On:
Products
CA Service Management - Service Desk Manager
CA Service Desk Manager
Issue/Introduction
Is Service Management Administration affected by CVE-2025-68161 vulnerability?
Environment
Service Management 17.4 RU5 and previous releases
Resolution
Even though Service Management Administration ships the vulnerable version of log4j library, please be aware the product is not exploitable as we don't use Socket Appender.
The only appenders Service Management Administration uses are Console Appender and RollingFileAppender.
Additional Information
The Engineering team has confirmed that the log4j version for Service Management Administration will be updated in the next releases (17.4 RU6 and 17.5) where this vulnerability is not present.
Feedback
Yes
No
Powered by
