Hi,

I see that Netflow Analyzer Enterprise 12.5 is using log4j 1.x (which is 6 years End of Life so you might want to think about updating?).

According to RedHat this might be suspectible to the same vulnerability as log4j <2.5 if the configuration uses JDNI (ref Redhat: https://access.redhat.com/security/cve/CVE-2021-4104 )

Does Netflow Analyzer use JNDI in log4j and if so, in a way that makes it suspectible to the same vulnerability as we're now seeing on log4j 2.x ?