Log4j version 1.2 to 1.2.17 are deemed vulnerable with CVE number CVE-2019-17571
Release : All Clarity supported version
Component : CA PPM STUDIO
Clarity use log4j 1.2.15 and according to the CVE it's vulnerable. But this doesn't apply to clarity as we don't use the SocketServer functionality.
SocketServer needs to be started on a port in the system so that a remote log reading application can access log data, which is not the case with Clarity