In Datagaps Products Log4j-1.2.17 is changed to Log4j-1.2.17.2 After Applying the below steps to mitigate the vulnerabilities.

Apache Log4j » 1.2.17

CVE-2021-4104,CVE-2020-9488,CVE-2022-23302,CVE-2022-23305,CVE-2022-23307,CVE-2019-17571,CVE-2023-26464

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26464


To address this issue we have removed the below classes from a jar log4j-1.2.17.jar  that is required to produce this vulnerability


log4j-1.2.17.jar/org/apache/log4j/net/SMTPAppender*.class
log4j-1.2.17.jar/org/apache/log4j/net/JMSAppender.class

log4j-1.2.17.jar/org/apache/log4j/net/JMSSink.class

log4j-1.2.17.jar/org/apache/log4j/jdbc/JDBCAppender.class

log4j-1.2.17.jar/org/apache/log4j/chainsaw/*  

log4j-1.2.17.jar/org/apache/log4j/net/SocketServer.class
log4j-1.2.17.jar/org/apache/log4j/net/SocketAppender.class

log4j-1.2.17.jar/org/apache/log4j/net/SocketServer.class
log4j-1.2.17.jar/org/apache/log4j/net/SocketAppender.class