This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Tenable vulnerability scanner identifies Log4j in the SEM agent

Curious is anyone has seen this or how people are dealing with it. My understanding is that the SEM agent doesn't actually use any of the vulnerable classes in Log4j but Tenable is flagging the files based on version number which right now is 1.x which is out of support so it's flagged as a vulnerability.  Whether or not it's exploitable doesn't really matter to our security team which wants us to somehow address this.