Nexus scan detect discovery_agent probe using log4j v1.2.17. They advise to upgrade to supported version. Does above version affected by zero day vulnerability?
Log4j Zero day vulnerability affects only log4j 2.x:
So log4j 1.2.17 is not affected by that.
We are also planning to migrate to log4j 2.x in future release.
However discovery_agent is also updated to log4j 2.17.1 in UIM 20.4 CU3