Vulnerability scans may show Service Management Files as vulnerable to CVE-2021-4104

Customers want to know if any Service Management Products are vulnerable.

Release : 17.3RU11 and up

Component : SDM - Vulnerability

Scanners can detect the presence of log4j files and their versions, but they can not tell if JMSAppender is used.

The engineering team has has confirmed that JMSAppender is not used in Service Management and therefore there is no vulnerability to CVE-2021-4104.