Do we know if Spectrum is vulnerable to this CVE-2021-4104? The log4j12-1.2.17 file is found in the location
CA Spectrum : 10.4.x, 21.x
Component :Spectrum Vulnerability
This flaw (CVE-2021-4104) ONLY affects applications which are specifically configured to use JMSAppender, which is not the default option. Spectrum does not use JMSAppender or SocketAppender in any way, therefore this vulnerability does not present any risk to Spectrum.
Spectrum 21.2.6 will not contain the log4j12-1.2.17.jar file as confirmed from Engineering.