We have 21 enterprise managers, (10.7.0.252) and three remote agent hosts that had Log4J vulnerabilities 

A full description with CVS information is on the Tenable site at Nessus Plugin

Release : 10.7.0

The Log4J Advisory summary :

Security Advisory: CVE-2019-17571 and CVE-2021-4104 log4j 1.2 vulnerability and Broadcom CA APM

Broadcom Engineering has determined that core APM 9.7 thru APM 10.7.x servers (Collectors/MOMs/TESS/TIM/WebView) and APM 9.7 thru APM 10.7/11.x/SaaS/20.x/21.x java based agents (i.e. Weblogic, Websphere, Tomcat, EPAgent, UMA,...) are not affected by the above CVEs because APM is using a forked and customized version of Log4j 1.2 which has been optimized and modified from the original Log4j 1.2 and APM does not enable the SocketServer or JMSAppender classes.  This forked and customized version of Log4j 1.2 is maintained by Broadcom and does not rely on external support.