Recent vulnerability scans are showing Log4j v1.2x is vulnerable against CVE-2021-4104. Is Identity Manager exposed to the JMSAppender Vulnerability?
Release : 14.X
Component : Symantec Identity Manager
Sustaining Engineering has reviewed this vulnerability and determined that Identity Manager is not vulnerable to CVE-2021-4104. The JMSAppender is not configured in any OOTB log4j configuration files. The Log4j configuration file not accessible to remote hackers.