We are running an earlier version of SmartConnect 21 and it is packaged with a vulnerable version of Apache Log4J (CVE-2018-1285). Have newer versions of SmartConnect been patched?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1285
https://issues.apache.org/jira/browse/LOG4NET-575
Yes! Older versions of SmartConnect 21 used log4net.dll v2.0.8 which is affected by the referenced notices.
Starting with SC 21.1.0.1523, the assembly has been updated to 2.0.17 which patches the vulnerability.