ACS7.0.0-7.1.1 has Multiple Apache Log4j Vulnerabilities and should be patched!
**UPDATE** I upgraded to the latest Community 7.1.1 zip and I ran a Tenable scan agains my content-services-126.96.36.199. It still reports the following log4j vulnerability.
The logging library running inside ~/web-server/webapps/_vti_bin.war is version 1.2.17 from 2016. It has multiple log4j vulnerabilities that should be patched.
According to its self-reported version number(1.2.17), the installation of Apache Log4j in ACS 7.1.x is no longer supported. Log4j reached its end of life prior to 2016. Additionally, Log4j 1.x is affected by multiple vulnerabilities, including : ... ... ~EDITED~we dont need to describe how to compromise this version log4j here~EDITED~