Vulnerability file location: siteminder/adminui/modules/system/layers/base/org/jboss/log4j/logmanager/main/log4j-jboss-logmanager-1.2.0.Final.jar
  Installed version                      : 1.2.0
  Security End of Life                   : August 5, 2015
  Time since Security End of Life (Est.) : >= 9 years

Current Siteminder AdminUI version - R12.8 SP8.

Vulnerable jar file: log4j-jboss-logmanager-1.2.0.Final.jar

--[CVE ref:]-- 

  - There is no CVE reference generated in Security scan report. 

Siteminder release: 12.9 only
Component: AdminUI 
OS: ALL

This vulnerability is in Wildfly component which is coming as part of IAM framework upgrade,

Latest 12.9 AdminUI Fix Kit with upgraded log4j is available from Broadcom support to address the reported vulnerability with file 'siteminder/adminui/modules/system/layers/base/org/jboss/log4j/logmanager/main/log4j-jboss-logmanager-1.2.0.Final.jar" 
  
-Note: If security scan is reporting vulnerability with this file. Please proceed with opening a support Ticket and reference this KB (knowledge Base) article number and Broadcom support will provide a fix for this reported Vulnerability