SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)

🗓️ 12 Jun 2026 00:00:00Reported by TenableType

SAP NetWeaver AS Java affected by Log4j hostname verification flaw enabling man-in-the-middle attacks.

Reporter	Title	Published	Views	Family All 208
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities affects IBM Data Studio Client 4.2.2	19 May 202606:38	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.	21 May 202614:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in log4j-core (CVE-2025-68161)	5 Mar 202607:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9	26 Mar 202611:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Eclipse Jersey Race Condition (CVE-2025-68161)	27 Apr 202612:24	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector	9 Mar 202621:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in log4j-core-2.17.1.jar	5 May 202622:28	–	ibm
IBM Security Bulletins	Security Bulletin: InfoSphere Data Architect (IDA) is affected by Multiple Vulnerabilities.	24 Apr 202617:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Apache Log4j Core shipped in Tivoli Netcool/OMNIbus	29 May 202612:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)	6 May 202613:53	–	ibm

Source	Link
me	www.me.sap.com/notes/3726899
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(320856);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/12");

  script_cve_id("CVE-2025-68161");
  script_xref(name:"IAVA", value:"2026-A-0556");

  script_name(english:"SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SAP NetWeaver AS Java server is affected by a vulnerability in Apache Log4j.");
  script_set_attribute(attribute:"description", value:
"The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a vulnerability in the
Apache Log4j library as referenced in SAP Security Note 3726899:

  - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS
    hostname verification of the peer certificate, even when the verifyHostName configuration attribute or
    the log4j2.sslVerifyHostName system property is set to true. This issue may allow a man-in-the-middle
    attacker to intercept or redirect log traffic under certain conditions. (CVE-2025-68161)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3726899");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-68161");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/12/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/12");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:netweaver_application_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sap_netweaver_as_web_detect.nbin");
  script_require_keys("installed_sw/SAP Netweaver Application Server (AS)", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80, 443, 8000, 50000);

  exit(0);
}

include('vcf_extras_sap.inc');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

var app_info = vcf::sap_netweaver_as::get_app_info();

var fix = 'See vendor advisory';
var constraints = [
  {'equal' : '7.50', 'fixed_display' : fix }
];

vcf::sap_netweaver_as::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_NOTE
);

12 Jun 2026 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.14.8

CVSS 46.3

EPSS0.00029

SSVC