Recent vulnerability scans are showing Log4j v1.2x is vulnerable against CVE-2021-4104. Is Identity Manager exposed to the JMSAppender Vulnerability? 

Release : 14.X

Component : Symantec Identity Manager

Sustaining Engineering has reviewed this vulnerability and determined that Identity Manager is not vulnerable to CVE-2021-4104. The JMSAppender is not configured in any OOTB log4j configuration files. The Log4j configuration file not accessible to remote hackers.