Zero day vulnerability CVE-2021-44228 information for Symantec Data Loss Prevention (DLP).

CVE - CVE-2021-44228 (mitre.org)

Log4j 2x and above are vulnerable.

Broadcom development has reviewed all DLP versions. DLP is NOT vulnerable to this vector. 

Details:

CVE-2021-44228 impacts (log4j-core-2.x.jar) which is NOT shipped with DLP, nor consumed by DLP in indirect form. 

The official public statements are here:

DLP not vulnerable to zero-day vulnerability CVE-2021-44228

Symantec Security Advisory for Log4j Vulnerability

Update, as per previous statements from DLP Engineering, there is now a Hotfix available to remove log4j files from DLP server installations (broadcom.com).