We upgraded to DU to 6.10.101 and can still see from our scan that all the  DU agent are referring to log4j $DUAS_INSTALL_DIR/bin/bin_java/log4j-core.jar version 2.17.0 which has vulnerability described in CVE-2021-44832.

Plugin Output: 
  Path              : $DUAS_INSTALL_DIR/bin/bin_java/log4j-core.jar
  Installed version : 2.17.0
  Fixed version     : 2.17.1

Vulnerability CVE-2021-44832 details mentioned that vulnerability is fixed in version 2.17.1

Release : 6.10.101

Component: DOLLAR UNIVERSE

The vulnerability mentioned with log4J version 2.17.0 is vulnerable with usage of JDBC appender. Broadcom Engineering has confirmed that Dollar Universe Java components are not vulnerable as they use log4j version 2.17.0 but NOT using any JDBC appenders. 

Note The Dollar Universe versions 6.10.111 and 7.00.11, have upgraded to log4J 2.19.0.