Security Scanners are flagging:
C:\Program Files\CA\SC\Mdb\Windows\lib\log4j-1.2.13.jar
As a vulnerable file after installing RU16
Additional old log4j-1.x files are:
C:\Program Files (x86)\CA\Service Desk Manager\add-ons\mdb\mssql\lib\log4j-1.2.13.jar
C:\Program Files (x86)\CA\Service Desk Manager\add-ons\mdb\oracle\lib\log4j-1.2.13.jar
Release : 17.3
Component : SDM - Vulnerability
This is an old version of log4j that needs to be updated.
C:\Program Files\CA\SC\Mdb\Windows\lib\log4j-1.2.13.jar
C:\Program Files (x86)\CA\Service Desk Manager\add-ons\mdb\mssql\lib\log4j-1.2.13.jar
C:\Program Files (x86)\CA\Service Desk Manager\add-ons\mdb\oracle\lib\log4j-1.2.13.jar
are flagged as vulnerable by security scanners due to being old versions of Log4j.
RU16 updated the vast majority of the old log4j-1.x files, but the 3 files above remained.
SDM Engineering team has advised that these files will be updated in the next RU patch (RU17)
In the meantime, the above files can be deleted/moved.