Is Applications Manager vulnerable to CVE-2021-4104?
Release : 9.3x, 9.4x, 9.5x
Component : Applications Manager
Applications Manager does NOT use JMSAppender which means Applications Manager is NOT vulnerable to CVE-2021-4104
This issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.