After updating to Harvest 14.0.2 in Windows the following file is detected as vulnerable to the following CVE:
CVE-2021-44832
Apache Log4j Core 2.17.0 (SCM\configuration\org.eclipse.osgi\4\0\.cp\log4j-core-2.17.0.jar)
The file is generated again after logging out of workbench and checking in a file.
Release : 14.0.2
SE team provided code fix which upgrades the version of log4j deployed.