We upgraded to DU to 6.10.101 and can still see from our scan that all the DU agent are referring to log4j $DUAS_INSTALL_DIR/bin/bin_java/log4j-core.jar version 2.17.0 which has vulnerability described in CVE-2021-44832.
Path : $DUAS_INSTALL_DIR/bin/bin_java/log4j-core.jar
Installed version : 2.17.0
Fixed version : 2.17.1
Vulnerability CVE-2021-44832 details mentioned that vulnerability is fixed in version 2.17.1
Release : 6.10.101
Component: DOLLAR UNIVERSE
The vulnerability mentioned with log4J version 2.17.0 is vulnerable with usage of JDBC appender. Broadcom Engineering has confirmed that Dollar Universe Java components are not vulnerable as they use log4j version 2.17.0 but NOT using any JDBC appenders.
Note The Dollar Universe versions 6.10.111 and 7.00.11, have upgraded to log4J 2.19.0.