In Datagaps Products Log4j-1.2.17 is changed to Log4j-1.2.17.2 After Applying the below steps to mitigate the vulnerabilities.
Apache Log4j » 1.2.17
CVE-2021-4104,CVE-2020-9488,CVE-2022-23302,CVE-2022-23305,CVE-2022-23307,CVE-2019-17571,CVE-2023-26464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26464
To address this issue we have removed the below classes from a jar log4j-1.2.17.jar that is required to produce this vulnerability
log4j-1.2.17.jar/org/apache/log4j/net/SMTPAppender*.class
log4j-1.2.17.jar/org/apache/log4j/net/JMSAppender.class
log4j-1.2.17.jar/org/apache/log4j/net/JMSSink.class
log4j-1.2.17.jar/org/apache/log4j/jdbc/JDBCAppender.class
log4j-1.2.17.jar/org/apache/log4j/chainsaw/*
log4j-1.2.17.jar/org/apache/log4j/net/SocketServer.class
log4j-1.2.17.jar/org/apache/log4j/net/SocketAppender.class
log4j-1.2.17.jar/org/apache/log4j/net/SocketServer.class
log4j-1.2.17.jar/org/apache/log4j/net/SocketAppender.class