Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled

All supported DX NetOps Spectrum releases

The Spectrum Data Publisher (used to integrate with DX Operational Intelligence DX OI) uses the log4j logging mechanism and is therefore vulnerable.

cd /usr/SpectrumDatapublisher/
# find . -name log4*jar
./SpectrumDataPublisher/lib/log4j-api-2.9.1.jar
./SpectrumDataPublisher/lib/log4j-core-2.9.1.jar
./lib/log4j-api-2.9.1.jar
./lib/log4j-core-2.9.1.jar

Remove the JndiLookup class as it is not needed

- Stop the SpectrumDataPublisher
     cd <SDPRoot>/
     ./run.sh stop  (run.bat stop if Windows)

- Change directory to the SpectrumDataPublisher lib directory (ex. /usr/SpectrumDataPublisher/lib/)

     cd <SDPRoot>/lib

- Remove the Jndi class as follows

     zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

- Start the SpectrumDataPublisher
      cd <SDPRoot>/
      ./run.sh start (run.bat start if Windows)

Windows:

Rename .jar to .zip
Double-click this file to navigate into it.  
Go to the org/apache/logging/log4j/core/lookup/ folder and locate and delete JNDILookup.class:
Once the file has been deleted, rename .zip back to .jar.