I was able to download the link and upgrade the product, however it appears our scanner still finds the log4j vulnerable files on the server. Please advise.

Attached the vulnerablies that are pertaining to LOG4J on our server.
The specific file complaints are the following:

Path : C:\app\client\harvest\product\12.2.0\client_1\sqldeveloper\sqldeveloper\lib\log4j-1.2.13.jar
Installed version : 1.2.13

Path : C:\Users\harvestuser\.eclipse\com.ca.harvest.workbench.workbenchProduct_13.0.3.152_1820817221_win32_win32_x86_64\configuration\org.eclipse.osgi\4\0\.cp\log4j-1.2.12.jar
Installed version : 1.2.12

Path : C:\Users\harvestuser\.eclipse\com.ca.harvest.workbench.workbenchProduct_14.0.0.369_1820817221_win32_win32_x86_64\configuration\org.eclipse.osgi\4\0\.cp\log4j-1.2.12.jar
Installed version : 1.2.12

Release : 14.0

Component : CA HARVEST SCM GUI/Harweb

The first one is related to the Oracle client:

Path : C:\app\client\harvest\product\12.2.0\client_1\sqldeveloper\sqldeveloper\lib\log4j-1.2.13.jar
Installed version : 1.2.13

Consult Oracle documentation to resolve this one, or if you don’t use sqldeveloper at all it is safe to delete the “C:\app\client\harvest\product\12.2.0\client_1\sqldeveloper” folder.

The other two appear to be hold-overs from previous versions of Harvest on the machine.

Path : C:\Users\harvestuser\.eclipse\com.ca.harvest.workbench.workbenchProduct_13.0.3.152_1820817221_win32_win32_x86_64\configuration\org.eclipse.osgi\4\0\.cp\log4j-1.2.12.jar
Installed version : 1.2.12

Path : C:\Users\harvestuser\.eclipse\com.ca.harvest.workbench.workbenchProduct_14.0.0.369_1820817221_win32_win32_x86_64\configuration\org.eclipse.osgi\4\0\.cp\log4j-1.2.12.jar
Installed version : 1.2.12

 To eliminate these, close down Workbench and then delete the “C:\Users\harvestuser\.eclipse” folder.  Then restart Workbench.  It will create a new copy of that folder with only SCM v14.0.2 files in it.