Security Scanners are flagging:
C:\Program Files\CA\SC\Mdb\Windows\lib\log4j-1.2.13.jar
As a vulnerable file after installing RU16
Additional old log4j-1.x files are:
C:\Program Files (x86)\CA\Service Desk Manager\add-ons\mdb\mssql\lib\log4j-1.2.13.jar
C:\Program Files (x86)\CA\Service Desk Manager\add-ons\mdb\oracle\lib\log4j-1.2.13.jar
Release : 17.3
Component : SDM - Vulnerability
This is an old version of log4j that needs to be updated.
C:\Program Files\CA\SC\Mdb\Windows\lib\log4j-1.2.13.jar
C:\Program Files (x86)\CA\Service Desk Manager\add-ons\mdb\mssql\lib\log4j-1.2.13.jar
C:\Program Files (x86)\CA\Service Desk Manager\add-ons\mdb\oracle\lib\log4j-1.2.13.jar
are flagged as vulnerable by security scanners due to being old versions of Log4j.
Opened DE64413 to have L2 update this file.
RU16 updated the vast majority of the old log4j-1.x files, but the 3 files above remained.
L2 has advised that these files will be updated in the next RU patch (RU17)
In the mean time, the above files can be deleted/moved.