I can see C:\jboss-4.2.3.GA\server\minimal\lib\log4j.jar file.
But, There is no guide about replace this file.
Isn't this file vulnerable?
Release : PIM 14.0
In technical documents we cannot see Endpoint Management
development states :
log4j.jar is not vulnerable and hence we have not given any steps to upgrade it.
The impact is there on log4j 2.x onwards. Please refer to the below article from apache.