Our Nessus scanner is still showing log4j vulnerabilities with the latest spectrumgtw probe.

Plugin Plugin Name
156032 Apache Log4j Unsupported Version Detection
156103 Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)
156860 Apache Log4j 1.x Multiple Vulnerabilities

For "Plugin Output:
Path : C:\Program Files\Nimsoft\probes\gateway\spectrumgtw\lib\log4j-1.2.17.jar
Installed version : 1.2.17

Release : 20.3+

Component: spectrumgtw 8.69 HF4, 20.4

An evaluation was done and determined that the probe is not vulnerable with .jar in place, but your scanner will ultimately still find it until it is completely migrated.  The probe is not vulnerable as the JndiLookup.class has been removed from the .jar file.

The file will be upgraded and is expected to be released in the next version of the probe.