CVE-2019-17571 vulnerability included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data.
Release : 6.x
Component : DOLLAR UNIVERSE
CVE-2019-17571 is present in the log4j jar files we deliver.
But the product itself is not vulnerable to it, as we do not use this feature.
We do not listen at all to untrusted network traffic and we do not make usage of these code.
https://nvd.nist.gov/vuln/detail/CVE-2019-17571