When running Web Agent Option Pack, it can be noticed that this
uses log4j 1.2.8 which seems to be vulnerable to CVE-2019-17571 (1).
Web Agent Option Pack all versions
Affwebservices does not use SocketServer class from log4j jar file,
hence there won't be any security issue for affwebservices.
The Web Agent Option Pack is not vulnerable to the
CVE-2019-17571.
(1)
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when combined with a deserialization gadget
when listening to untrusted network traffic for log data. This
affects Log4j versions up to 1.2 up to 1.2.17.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571