As we know that AA 8.x is not vulnerable to Log4j CVE-2021-44228, aka ‘Log4Shel vulnerability as AA 8.x versions uses Log4J 1.x version which is not vulnerable. Apache via NIST has indicated that 2.xx versions below Log4J version 2.17 are vulnerable.
Release : 8.1
Component : AuthMinder(Arcot WebFort)
Log4J 2.xx versions below Log4J version 2.17 are vulnerable. Log4J 2.17 is not hence the question is AA 8.x certified with Log 4J 2.xx.
Broadcom Product Management confirms that Advanced Authentication version 8.x has NOT been certified with Log4J versions 2.xx. You may want to refer to KB article #230301 for additional information ---