I am seeing an instance of log4j on my root server under the SA PlanEngine folder. Has there been any guidance on updating SA? The last update was in Sept if I remember correct. Did not find anything for SA on the Known BF Issues link.
Happy to help. If it’s useful at all you can find and reference this statement on the vulnerabilities from the Apache page at Log4j –
Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.